I want to set up default permissions for a file share so that everyone can rwx
all of the directories and so that all newly created files are rw
.
Everyone who is accessing this share is in the same group, so this isn't a concern.
I have looked at doing this via ACLs without changing all of the users' umasks and such. Here are my current invocations:
setfacl -Rdm g:mygroup:rwx share_name
setfacl -Rm g:mygroup:rwx share_name
My problem is that while I want all of the newly created sub-directories to be rwx
, I only want newly created files to be rw
.
Does anyone have a better method to achieve my desired end-result? Is there some way to set ACLs on directories separately from files, in a similar vein to chmod +x
vs. chmod +X
?
Thanks
Best Answer
As Gilles points out,
setfacl
default permissions specify the maximum permissions, basically replacing theumask
. So newly created files will berw
unless the application that created the file asked specially for it to be executable.Note the effective perms above. (There are only a few programs that will ask to set the execute bit on files that it creates, e.g.
gcc
for executables andcp
if the file being copied was executable.)Or did you mean that the first setfacl command was working the way you wanted, but the second one wasn't? In other words, you're looking to fix up permissions on the old files, making sure that directories are traversable, without giving other regular files execute permissions?
My version of
setfacl
allowsX
exactly like you want, e.g.:setfacl g:mygroup:rwX
If your version of
setfacl
doesn't support that, why not usefind
?overwrite permissions, setting them to rw for files and rwx for dirs
set mygroup ACL permissions based on existing group permissions
You'll probably want to check that the group mask provides effective permissions. If not, you'll have to run this too: