Remove ACLs in Linux permissions

Question

I have files that have a plus sign next to the permissions -rwxrwx---+ on a Linux samba server. I found the setfacl command to adjust the acl settings, I would like to remove the ACL completely, instead of having to adjust acl settings. How can I do this, so that users can access the files that they need, and the permissions would show -rwxrwx---, in Linux?

Answer 1

You should also have found this setfacl option:

-b, --remove-all        remove all extended ACL entries

So in order to remove ACLs just run setfacl -b -R on the directory, and chmod g=rwx afterwards. (Fixing group permissions might be needed, because currently your changes actually went to changing the ACL 'mask' instead.)

Note that Samba directly exposes POSIX permissions and ACLs to SMB clients (translating them to SMB/NTFS ACLs), so the same could be done from Windows by manually removing all except the 3 "Unix" access entries.

Answer 2

I know it's an old question but I had the same problem and the accepted answer did not solve it. That's because is not enough to remove the ACL permissions for user user/group but also

1. Default permission (mask)
2. Even if selinux is already disabled you have to remove it explicityly from where it was applied on the filesystem.

So the complete solution for me was:

1. #sudo setfacl -Rbk <parent_dir> Here -R recursively, -b remove all permissions for user/groups -k remove default acl (mask). By issuing this command it will remove the plus (+) sign seen on the ls output, but it will not remove the dot (.) sign from the ls output.
2. #setfattr -x security.selinux <file> This removes the selinux context from and it will remove the dot (.) sign from the ls output. This command is not recursively so to make it work on entire directory and its descendants you can use the find command like this: #sudo find <parent_dir> -exec setfattr -x security.selinux {} \;