I just shot myself in the foot using Access Control Lists.
# ls -l ./somefile.txt -rw-r-----+ 1 root www 893 Apr 4 00:44 ./somefile.txt # getfacl ./somefile.txt user::rw- user:www:--x # effective: --- group::r-x # effective: r-- mask::r-- other::---
In the above example, the file inherited the default ACL from the parent directory.
I’m not even going to tell you how long it took me to figure out why the web server couldn’t access the file…
If you can’t find it: check those ACL!
And if you want to drive your colleague crazy:
# setfacl -m u:george:--- /some/random/commonly/used/file