Ok, well not cleared up. Affected user thought it may have been. So, there is still an issue.
I'll describe it a bit more.
They connect with winscp. They can read the file. They can apparently execute it with whatever program. But to do so, it sounds like the file has to be pulled off its location, modified, then put back. It is the put back part, or writing the file to the directory, that is the issue.
There is another user that does the same thing with the same file, works fine. Both are in the same groups. However, the user in question, shows a gid=206, but there is no group with that id. Could that cause this issue?
And to try and answer Martin's question, the permissions change when going further into the directory tree. The acl do not appear to be set by person, but possibly by group. I didn't set this up, myself, and came into it with no notation on the set up. However, the user that does work and the new user, are part of the same 2 groups. So their IDs look like:
current user 201 620 622
new user 206 620 622
Technically, the 201/206 group does exist in /etc/group.
I will list the perms, starting with the 1st directory.
/1:
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
/1/apps:
# owner: 602
# group: 601
user::rwx
group::r-x
other::r-x
/1/apps/primary:
# owner: 503
# group: 503
user::rwx
user:oracle:rwx
group::rwx
group:program:rwx
mask::rwx
other::r-x
/1/apps/primary/load:
# owner: 503
# group: 503
user::rwx
user:602:rwx
user:605:rwx
user:ff_user:rwx
group::rwx
group:banner:rwx
group:program:rwx
mask::rwx
other::rwx
default:user::rwx
default:user:602:rwx
default:user:605:rwx
default:group::rwx
default:group:503:rwx
default:group:program:rwx
default
:rwx
default:other::rwx
/1/apps/primary/load/data:
# owner: 503
# group: 503
user::rwx
user:602:rwx
user:605:rwx
user:ff_user:rwx
group::rwx
group:banner:rwx
group:program:rwx
mask::rwx
other::rwx
default:user::rwx
default:user:602:rwx
default:user:605:rwx
default:group::rwx
default:group:503:rwx
default:group:program:rwx
default
:rwx
default:other::rwx
The last directory is where the files are that the current user can do whatever with, while the new user and read and execute, but not write.
So, things seem to look ok, to me, but I must be missing something, somewhere.