Referring to
info ls, section
"What info is listed," I read:
Quote:
For a file with an extended access control list, a `+' character is listed. Basic access control lists are equivalent to the permissions listed, and are not considered an alternate access method.
|
Just as Microsoft Windows "outgrew" its MS-DOS underpinnings (where the only sense of "security" was a "Locked" flag...), Linux filesystems also "outgrew" the good ol'
-rwxr--r-- permissions mask. Both of them adopted the notion of
access control lists, as discussed (in the case of Linux) at
man acl.
The Linux ACL implementation was designed to be aware that "applications which are not aware of the existence of ACLs, or that have no particular
need to be so aware, must continue to work." This is why the
ls command continues to present you with "that familiar set of flags,"
but with the "
+" character to clue you that something
beyond that is really going on.
Start with the
getfacl command. (Thus suggests the all-knowing
apropos acl ...) You need to see the
entire set of access-controls that
really apply to this file, "not just the mask." The reason why you don't understand why you're getting the "permission denied" message is that
more than 'just the mask' is controlling the effective permissions to this file.
Now... the ACL feature was... shall we
diplomatically say... "designed by committee."
So, "I am going to be
very mean to you now,"
and invite you to read the
man acl page and tell me if
you understand a word of it. (If you
do, I have a leather-bound copy of
Robert's Rules of Order to give you.)