You want the service account analytics to read existing files and also create new files inside /data/reports. The directory already exists with POSIX mode drwxrwx--- and ACL support is enabled. You run:
# setfacl -m u:analytics:rw /data/reports
getfacl shows the new ACL entry, yet the user still receives Permission denied when running touch /data/reports/test.csv.
Which corrective action will give the analytics account the minimum additional right required to create files, without granting extra access to other users?
Add execute permission for the analytics user on the directory (e.g., setfacl -m u:analytics:rwx /data/reports).
Create a default ACL for analytics with setfacl -d -m u:analytics:rw /data/reports.
Enable the sticky bit on /data/reports (chmod +t /data/reports).
Set the SGID bit on /data/reports so new files inherit the group (chmod g+s /data/reports).
Creating or deleting an entry in a directory requires both write and execute (search) permission on that directory. The ACL you applied gave the user only rw-, so the user can modify directory metadata if they were already able to traverse it-but without the execute bit the kernel blocks the operation.
Adding execute (or the conditional X) to the user's ACL, for example:
setfacl -m u:analytics:rwx /data/reports # or
setfacl -m u:analytics:rwX /data/reports
provides the needed search right while leaving group/other permissions unchanged.
Setting a default ACL (-d) would only affect objects created after the directory is fixed; it does not solve the immediate inability to enter the directory.
The setgid bit influences group inheritance, not a user's ability to create files.
The sticky bit restricts deletions in a shared directory but does nothing for missing execute permission.
Therefore, granting execute permission to analytics on the directory is the correct solution.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the 'execute' permission on a directory do?
Open an interactive chat with Bash
What is the difference between ACL and POSIX permissions?
Open an interactive chat with Bash
What is the function of the setgid bit on a directory?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Troubleshooting
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access