This is with a freenas box (FreeNAS-9.3-STABLE-201506292130).
In debian-based linux generally there is a default permissions of 644/755 for files/directories (now 664/775?). As I understand it, this happens because the umask is set to 022 or 002 which governs the default permissions for the creation of new files. However in freenas (windows acl style permissions) default file creation simply inherits the permissions of the containing directory. I see from the setfacl man page
that there is an inheritance flag. However, I am looking more for a default rather than inheritance.
Is there a way to change this to have the creation behavior be closer to what is done in debian-based systems? That is, I want files to be 644 and directories 755. I DO NOT want newly created files to just pick up 755 permissions because the directory as these as permissions.
I have been racking my brain trying to get something to work. I currently am using NFSv4 ACLs and I get a 'branding mismatch' error when I try and use POSIX ACLs, so I've been sticking to using what I can with windows-style, freenas, freebsd, NFSv4, setfacl/getfacl commands, and I haven't been able to get the above behavior from anything I try.
$ mkdir test
$ cd test
$ ls -lat
drwxr-xr-x+ 2 user user 2 Aug 1 12:40 .
drwxr-xr-x+ 67 user user 67 Aug 1 12:40 ..
$ touch testfile
$ ls -lat
drwxr-xr-x+ 2 user user 3 Aug 1 12:40 .
-rwxr-xr-x+ 1 user user 0 Aug 1 12:40 testfile
drwxr-xr-x+ 67 user user 67 Aug 1 12:40 ..
# file: .
# owner: user
# group: user
owner@:rwxpDdaARWcCos:fd----:allow
group@:r-x---a-R-c--s:fd----:allow
everyone@:r-x---a-R-c--s:fd----:allow
$ getfacl testfile
# file: testfile
# owner: user
# group: user
owner@:rwxpDdaARWcCos:------:allow
group@:r-x---a-R-c--s:------:allow
everyone@:r-x---a-R-c--s:------:allow
Best Answer
There is no "default ACL" in NFSv4 ACLs. However, you have a precise control over what is inherited and by what. In particular, you can add ACEs to be inherited by files, and another set that can be inherited by directories. Like this - the first three will apply to directories, the following three - to files. Note that directories will inherit both, but the "file" entries will have the "i" (inherit_only) flag set, so they won't apply to the directory itself - they are there only to be inherited by files in the directories. So, this is the ACL on the parent directory:
This is what will be inherited by files (the 'I' flag means the entry was inherited; it didn't exist before FreeBSD 11-CURRENT):
This is what will be inherited by directories (the 'i' flag means 'inherit_only' - the ACE is there, but it doesn't affect the actual access permissions for it; it's only to be inherited down):