How do you set Linux ACL to default to a specific group with permissions?

So I have a directory: www\ which looks as so:

[eugene@server ~]$ ll
total 0
drwxrwx---. 2 eugene eugene 57 Dec 10 16:04 www

I want to make it so all new files created in this directory will belong to the group apache and have the permissions 770.

So I did:

[eugene@server ~]$ chgrp apache www/
[eugene@server ~]$ setfacl -Rm u:eugene:rwx,d:g:apache:rwx,d:o:--- www/
[eugene@server ~]$ ll
drwxrwx---+ 2 eugene apache 43 Dec 10 16:10 www
[eugene@server ~]$ echo 123 > www/test.txt
[eugene@server ~]$ ll www/
-rw-rw----+ 1 eugene eugene       4 Dec 10 16:11 test.txt
[eugene@server ~]$

As you an see test.txt was created without the expected group of apache. Nor was the x (execute) permission set...

What am I missing here?

eugene.parker

Posted 2015-12-11T00:16:57.937

Reputation: 11

Answers

In order files within your directory are created with apache group you'd better to set SETGUID bit:

chmod +2000 www

As for default rights to create files, you can not do it using ACL, because default Linux umask always win. Umask doesn't allow making files with any 7 digit (rwx) in the rights of created files.

Instead you can create a script mkfile with the following inside:

touch $1
chmod 770 $1

make it executable:

chmod 750 mkfile

and put it to /usr/local/bin folder. Now you can create files with 770 permissions everywhere:

mkfile my_file

Oleg Bolden

Posted 2015-12-11T00:16:57.937

Reputation: 1 507