Setting default permissions for newly created files and sub-directories under a directory in Linux

Question

I have a bunch of long-running scripts and applications that are storing output results in a directory shared amongst a few users  I would like a way to make sure that every file and directory created under this shared directory automatically had u rwxg rwxo r permissions   I know that I could use umask 006 at the head off my various scripts  but I don t like that approach as many users write their own scripts and may forget to set the umask themselves   I really just want the filesystem to set newly created files and directories with a certain permission if it is in a certain folder  Is this at all possible    Update  I think it can be done with POSIX ACLs  using the Default ACL functionality  but it s all a bit over my head at the moment  If anybody can explain how to use Default ACLs it would probably answer this question nicely

User · Answer

in your shell script  or  bashrc  you may use somthing like   umask 022  umask is a command that determines the settings of a mask that controls how file permissions are set for newly created files

User · Answer

Here s how to do it using default ACLs  at least under Linux   First  you might need to enable ACL support on your filesystem  If you are using ext4 then it is already enabled  Other filesystems  e g   ext3  need to be mounted with the acl option  In that case  add the option to your  etc fstab  For example  if the directory is located on your root filesystem    dev mapper qz-root        ext3    errors remount-ro acl   0  1   Then remount it   mount -oremount     Now  use the following command to set the default ACL   setfacl -dm u  rwx g  rwx o  r  shared directory   All new files in  shared directory should now get the desired permissions  Of course  it also depends on the application creating the file  For example  most files won t be executable by anyone from the start  depending on the mode argument to the open 2  or creat 2  call   just like when using umask  Some utilities like cp  tar  and rsync will try to preserve the permissions of the source file s  which will mask out your default ACL if the source file was not group-writable   Hope this helps

User · Answer

To get the right ownership  you can set the group  setuid bit on the directory with   chmod g rwxs dirname   This will ensure that files created in the directory are owned by the group   You should then make sure everyone runs with umask 002 or 007 or something of that nature---this is why Debian and many other linux systems are configured with per-user groups by default   I don t know of a way to force the permissions you want if the user s umask is too strong

User · Answer

It s ugly  but you can use the setfacl command to achieve exactly what you want    On a Solaris machine  I have a file that contains the acls for users and groups  Unfortunately  you have to list all of the users  at least I couldn t find a way to make this work otherwise    user  rwx user user a rwx user user b rwx     group  rwx mask rwx other r-x default user user a rwx default user user b rwx      default group  rwx default user  rwx default mask rwx default other r-x   Name the file acl lst and fill in your real user names instead of user X    You can now set those acls on your directory by issuing the following command   setfacl -f acl lst  your dir here

[linux] Setting default permissions for newly created files and sub-directories under a directory in Linux?

Examples related to linux

Examples related to permissions

Examples related to acl

Examples related to umask