su -u www-data cat … not working as expected

Chemdream asked:

For a project I’m working on, I need the www-data user to be able to read /etc/openvpn/easy-rsa/pki/index.txt

The permissions see fine for this:

-rw-r-----+ 1 root www-data 1050 Dec  7 20:43 index.txt

That wasn’t working so I added ACL.

getfacl index.txt
# file: index.txt
# owner: root
# group: www-data

No matter what, it doesn’t work. There must be something I’m doing wrong here?

sudo -u www-data ls index.txt
ls: cannot access 'index.txt': Permission denied

My answer:

You also need to check the permissions of the containing directory and all parent directories, which must at least allow the x search permission for that user in order to access files or directories within that directory (and r permission if reading the directory listing is desired).

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.