So this is situation:
got server for web-developers. There are many developers. All developers
+ PHP
+ Apache
belongs to www
group. There is a development directory – development
.
The goal is that every file in development
directory has 755
permissions and whenever a any developer creates, modifies a file in development
directory, files will still have 755
.
So I have read a number of acl
tutorials, guides and howto's but I still can not get the result I want.
- my disk is mounted with
acl
- I got
chown -R www:www development
- added
chmod g+s development
-
I set a number of
acl
rules ondevelopment
directory and got this:$ getfacl development # file: development # owner: www # group: www # flags: -s- user::rwx user:www:rwx group::rwx group:www:rwx mask::rwx other::r-x default:user::rwx default:user:www:rwx default:group::rwx default:group:www:rwx default:mask::rwx default:other::r-x p.s. I know its messy, was doing a number of tests
-
According to my idea of
ACL
, if directory had such rules, my task should be achieved, but when I try to create a file indevelopment
dir, I get:-rw-rw-r--+ 1 www www 0 Nov 21 09:14 newfile
I can not seem to understand why it creates rw-
instead rwx
.
It is probably something simple that I missed or some general concept that I don't understand.
Best Answer
Your default ACLs replace the umask, which specifies not default permissions, but maximum permissions for creating new files. In this case
rwxrwxr-x
.Then your application calls
open
orcreat
with the permissions it wants. Just about all applications will ask forrw-rw-rw-
for files.You can see this by running
strace
, e.g.(
0666
is the same asrw-rw-rw-
.)The two permissions are combined using bitwise AND to give
rw-rw-r--
.For another explanation, see POSIX Access Control Lists — “Default ACL Example”.
So the real question is: why do you need the files to be executable?