(Systems: CFEngine community 3.10.3; RHEL7).
We have some historical files promises that applied ACLs to particular directories and files (in addition to a usual "perms => mog(...)" clause):
We now wish to promise to remove those detailed ACLs, so that the file/dir permissions are solely traditional "user/group/other rwxrwxrwx" (via the "perms => mog(...)").
It's not clear from the documentation how to adjust this to achieve the "only the 'mog(...)'" result. Given that even the "setfacl(1)" command has a separate, explicit "--remove" flag, I suspect that CFEngine currently lacks this capability.