So this is situation:
got server for web-developers. There are many developers. All developers + PHP + Apache belongs to www group. There is a development directory – development.
The goal is that every file in development directory has 755 permissions and whenever a any developer creates, modifies a file in development directory, files will still have 755.
So I have read a number of acl tutorials, guides and howto's but I still can not get the result I want.
- my disk is mounted with
acl - I got
chown -R www:www development - added
chmod g+s development -
I set a number of
aclrules ondevelopmentdirectory and got this:$ getfacl development # file: development # owner: www # group: www # flags: -s- user::rwx user:www:rwx group::rwx group:www:rwx mask::rwx other::r-x default:user::rwx default:user:www:rwx default:group::rwx default:group:www:rwx default:mask::rwx default:other::r-x p.s. I know its messy, was doing a number of tests -
According to my idea of
ACL, if directory had such rules, my task should be achieved, but when I try to create a file indevelopmentdir, I get:-rw-rw-r--+ 1 www www 0 Nov 21 09:14 newfile
I can not seem to understand why it creates rw- instead rwx.
It is probably something simple that I missed or some general concept that I don't understand.
Best Answer
Your default ACLs replace the umask, which specifies not default permissions, but maximum permissions for creating new files. In this case
rwxrwxr-x.Then your application calls
openorcreatwith the permissions it wants. Just about all applications will ask forrw-rw-rw-for files.You can see this by running
strace, e.g.(
0666is the same asrw-rw-rw-.)The two permissions are combined using bitwise AND to give
rw-rw-r--.For another explanation, see POSIX Access Control Lists — “Default ACL Example”.
So the real question is: why do you need the files to be executable?