Reputation: 70
I am trying to set some default inherited permissions to a directory that will be propagated to all new files and folders that it will contain.
My attempts so far have been using setfacl but it seems to strip out the execute permissions from the file when I touch a new file into the directory, which considering this will be a scripts folder is somewhat required.
I could be going about this the completely wrong way but any help would be appreciated. Essentially what I am trying to achieve is that scripts will be rsync'ed, scp'ed from a central location to (while not this location) somewhere on the host which I need by default to have execute permissions when they are created
$ mkdir /tmp/scripts
$ cd /tmp/scripts
$ setfacl -Rm d:u::rwx,d:g::rwx,d:o:rx /tmp/scripts
$ getfacl /tmp/scripts/
getfacl: Removing leading '/' from absolute path names
# file: tmp/scripts/
# owner: chris
# group: chris
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:other::r-x
$ setfacl -Rm d:u:chris:rwx,d:g:chris:rwx,d:o:rx /tmp/scripts
$ getfacl /tmp/scripts/
getfacl: Removing leading '/' from absolute path names
# file: tmp/scripts/
# owner: chris
# group: chris
user::rwx
group::rwx
other::r-x
default:user::rwx
default:user:chris:rwx
default:group::rwx
default:group:chris:rwx
default:mask::rwx
default:other::r-x
$ setfacl -k /tmp/scripts
$ setfacl -nRm d:u:chris:rwx,d:g:chris:rwx,d:o:rx /tmp/scripts
$ getfacl /tmp/scripts/
getfacl: Removing leading '/' from absolute path names
# file: tmp/scripts/
# owner: chris
# group: chris
user::rwx
group::rwx
other::r-x
default:user::rwx
default:user:chris:rwx
default:group::rwx
default:group:chris:rwx
default:mask::rwx
default:other::r-x
$ touch this.py
$ getfacl this.py
# file: this.py
# owner: chris
# group: chris
user::rw-
user:chris:rwx #effective:rw-
group::rwx #effective:rw-
group:chris:rwx #effective:rw-
mask::rw-
other::r--
$ ls -la
total 20
drwxrwxr-x+ 2 chris chris 4096 Mar 28 12:00 .
drwxrwxrwt. 18 root root 4096 Mar 28 11:56 ..
-rw-rw-r--+ 1 chris chris 0 Mar 28 11:58 test.py
-rw-rw-r--+ 1 chris chris 0 Mar 28 12:00 this.py
$
Upvotes: 1
Views: 2570
Reputation: 53285
IIRC the basic unix permission bits also form the limit of permissions available for a file.
That is the permissions available will always be limited by the basic permissions. The basic permissions may be being limited by the umask
of the syncing process, or by the original permissions of the source files, so you should check them.
Alternatively you should correct the basic permissions after you've done the sync.
Upvotes: 2