I have a fairly restrictive umask setting (0077). This is fine, except I have one directory in which I'd like a more permissive setting (0002) to all files created anywhere under that directory. Is there a way to set a umask on a specific directory, so all files created beneath it inherit the same permissions?
Macos – set the umask on a specific directory
macosumaskunix
Related Solutions
You do not want to change your system's default umask, that is a security risk. The sticky bit option will work to some extent, but using ACL's is the best way to go. This is easier than you think. The problem with basic ACL's is that they are not recursive by default. If you set an ACL on a directory, only the files inside that directory inherit the ACL. If you create a subdirectory, it does not get the parent ACL unless the ACL is set to recurse.
First, make sure ACLs are enabled for the volume the directory is on. If you have tune2fs
, you can perform the following:
# tune2fs -l /dev/sda1 | grep acl
Default mount options: user_xattr acl
If you don't have tune2fs
, then examine fstabs
:
# cat /etc/fstab
/dev/system/root / ext3 defaults 1 1
/dev/system/home /home ext3 defaults 1 2
/dev/storage/data /data ext3 defaults 1 2
LABEL=/boot /boot ext3 defaults 1 2
The 4th column that says "defaults" means on my system (CentOS 5.5), ACL's are on. When in doubt, leave it as defaults. If you try to set the ACL and it errors out, go back and add the acl option to /etc/fstab right after defaults: defaults,acl
.
From what I understand, you want everyone in the users group to have write access to the data directory. That's accomplished by the following:
setfacl -Rm g:users:rwX,d:g:users:rwX data/
You can use an ACL (access control list) to set the default permissions for files in a directory.
From man 5 acl
:
If a default ACL is associated with a directory, the mode parameter to the functions creating file objects and the default ACL of the directory are used to determine the ACL of the new object:
The new object inherits the default ACL of the containing directory as its access ACL.
The access ACL entries corresponding to the file permission bits are modified so that they contain no permissions that are not contained in the permissions specified by the mode parameter.
To set it up (change device, directories, etc., accordingly):
Edit your /etc/fstab
file and add the acl
mount option.
/dev/mapper/star-home /home ext3 defaults,acl 0 2
Remount (Samba mount.cifs
man page) your filesystem by rebooting or use:
mount -o remount,acl /home
Make sure you have the setfacl
and getfacl
utilities.
Set the default ACL on the directory (you may also need to set the ACL on existing files):
$ setfacl -m d:user:george:rwx,d:group:sales-g:rwx,d:group:marketing-g:rwx projections
See the linked tutorial for more information.
Source: Tutorial Part 1 and Part 2
Reference: POSIX Access Control Lists on Linux
Best Answer
Use ACL's
setfacl -d -m mask:002 /your/dir/here/
http://man-wiki.net/index.php/1:setfacl
If wanting to have a default for a login, just add a "umask 002" to your .bashrc (or whatever shell you use). All new dirs will use this if logged in under that env.