I'm making a script to add and remove ACL for third party unix account.
Adding ACL works like a charm.
Removing works but make a file created by sub-users executable. See:
~/test$ mkdir directory
~/test$ setfacl -Rm u:www-data:rwX directory
~/test$ setfacl -Rdm u:www-data:rwX directory
~/test$ getfacl directory
# file: directory
# owner: sullivan
# group: sullivan
user::rwx
user:www-data:rwx
group::rwx
mask::rwx
other::r-x
default:user::rwx
default:user:www-data:rwx
default:group::rwx
default:mask::rwx
default:other::r-x
~/test$ sudo su www-data -s /bin/bash
www-data@sweetnexy:/home/sullivan/test$ touch directory/file
www-data@sweetnexy:/home/sullivan/test$ exit
exit
~/test$ ls -l directory/
total 0
-rw-rw-r--+ 1 www-data www-data 0 juin 2 16:10 file
~/test$ sudo setfacl -Rx u:www-data directory
~/test$ sudo setfacl -Rdx u:www-data directory
~/test$ ls -l directory/
total 0
-rw-rwxr--+ 1 www-data www-data 0 juin 2 16:10 file
As you can see, toto/file has now executable permission for group.
Why permissions is changed? How to avoid it?
Thanks.
