4

I am trying to enforce file perms of 777 across a specific set of dirs. I used "setfacl -m d:o::rwx" and got what appears to be the right permissions 

$ getfacl .
# file: .
# owner: blah
# group: blah
# flags: -s-
user::rwx
group::rwx
other::rwx
default:user::rwx
default:group::rwx
default:other::rwx

When I run mkdir I get a dir with the right perms.

$ mkdir test
$ ll -d test
drwxrwsrwx+ 2 blah blah 4096 Oct 28 10:26 test

When I run "mkdir -p" I get perms that match the umask, not the acl.

$ mkdir -p test1
$ ll -d test1
drwxrwsr-x+ 2 blah blah 4096 Oct 28 10:27 test1

Is there something I'm missing?

Kevin
  • 41
  • 1

1 Answers1

4

I believe this is the correct behaviour. Looking at info mkdir:

`-p'
`--parents'
     Make any missing parent directories for each argument, setting
     their file permission bits to the umask modified by `u+wx'.  Ignore
     existing parent directories, and do not change their file
     permission bits.

     To set the file permission bits of any newly-created parent
     directories to a value that includes `u+wx', you can set the umask
     before invoking `mkdir'.  For example, if the shell command
     `(umask u=rwx,go=rx; mkdir -p P/Q)' creates the parent `P' it sets
     the parent's permission bits to `u=rwx,go=rx'.  To set a parent's
     special mode bits as well, you can invoke `chmod' after `mkdir'.
     *Note Directory Setuid and Setgid::, for how the set-user-ID and
     set-group-ID bits of newly-created parent directories are
     inherited.

So mkdir -p will take the umask value (modified by u+rw) to create any directories not in the tree, which kind of makes sense if you consider the problem of how you would you address the permissions on parent directories that already exist?

As the excerpt states, you can change the umask before running the command, although it would probably be a lot easier to run a recursive chmod on the parent directory after everything is created.

Brett Levene
  • 776
  • 6
  • 9