# Question about ACL rights



## Fireball (Aug 7, 2012)

Hello everybody!

I have learnt ACL rights in FreeBSD and I've encountered with troubles and lack of understanding. I have reviewed a lot of documentation and manuals ( FreeBSD, UNIX, Linux systems ), but I haven't find answer.

Problem. When I create directory and set ACL rights with setfacl(1) command for one user and then compare results of *ls -l* command and getfacl(1) command, then rights are actually different! What rights are actually applicable for file? and why?

Example.

```
# mkdir /data/newdir
setfacl -m u:user1:r-- newdir

/data # ls -l | grep newdir
drwxrwxr-x+   2 root        wheel           512  7 Aug 01:40 newdir

/data # getfacl newdir
# file: newdir
# owner: root
# group: wheel
user:: rwx
user:user1: rwx
group:: r-x
mask:: rwx
other:: r-x
```
In this listing I don't understand, why rights on group by *ls -l* is rwx, but by getfacl(1) is r-x? Mask cannot explain this difference, because effective rights is product of group and mask and equal r-x * rwx = r-x

After this I do this

```
# chmod 777 newdir
server /data # ls -l | grep newdir
drwxrwxrwx+   2 root        wheel           512  7 Aug 01:40 newdir

# getfacl newdir

# file: newdir
# owner: root
# group: wheel
user:: rwx
user:user1: rwx
group:: r-x
mask:: rwx
other:: rwx
```
In ls -l group have rwx rights, but getfacl(1) shows group: r-x rights!

Also I don't understand this http://bsdwiki.reedmedia.net/wiki/View_and_modify_ACLs.html
when they compare output of ls -l and getfacl(1) command for file.txt with ACLs (but outputs are not coincide and they don't explain why).

Can you clear up this situation? And where in documentation this are described?


----------

