Why does the ACL of a file created under a directory differ from the default ACL
I would like to have all files created within a directory to contain an ACL based on the default defined for the directory. However each file I creat is assigned an ACL that is different (has effective rights lower than directory and has other's rights set differently than default).
What causes this difference?
Is there something I can do to ensure the files get exactly what I have as the default ACL?
Why are effective reights different than the defined ACL rights until I run a setfacl -m command again?
Here is what I have done:
I just did:
I think the second setfacl on mydir/ is what is messing it up. Also you should use --
I tried you suggestion and I am still not getting the expected value for the other's rights. I expected other to have r-x but am only getting r.
Here is how I tried you idea (not running the 2nd setfacl command):
Wait - I see now - Most likely has to do with umask. - When a new files is created it takes 666 instead of 777 -- if you make a directory and it comes out correct then it most likely is a bug with setfacl - which after testing it looks like it is case.
Well -- technically not a bug seeing as that is how it is intended for new files.
Thanks, I now see why it is not possible to have the execute permission part of a file's default. Here is a little more information showing why.
Permissions and their bits
If we have a umask value for other of 2 then the following will occur.
010 2 mask
101 5 complement of mask
110 6 system file access (directories use 7)
100 4 resulting and of the complement mask and system value (read only)
Looking at the above chart, we can see it is never possible to default permission to include x (execute). Since system value of 6 (110) contains a 0 in the bit position of the permissions for execute (001,011,111). It is impossible to "and" a 0 to anything to get a 1 (execute bit).
So in the end, if you create a file for execution, you must always run the chmod or setfacl command to force the execute permission bit to be on.
Please feel free to correct me on anything I missed, I am still a Linux newbie.
Sorry - yea when a new file is created umask is subtracted from 666 so you can have anything 6 or less - which is slightly frustrating. They do it for security purposes, but it would sure be nice to create a script in a script folder and have it run without having to change permissions.
|All times are GMT -5. The time now is 12:43 AM.|