Hi.
Im currently trying to get my head around using setfacl to set default permissions on a directory. I'm happy with most of it except for the fact that I cant get the execute permission to be inherited to files. I think I know why this is happening, but I would like to circumvent it.
i have created a directory 'parent' and set a default ACL on it as follows:
linux:/tmp # mkdir parent
linux:/tmp # setfacl -d -m user:mike:rwx parent
This gives the result:
linux:/tmp # getfacl parent
# file: parent
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
default:user::rwx
default:user:mike:rwx
default:group::r-x
default:mask::rwx
default
ther::r-x
So far, so good. If I create a subdirectory, all the default ACLs are inherited as expected. My question arises from the permissions granted on creation of a file in the directory 'parent':
linux:/tmp # cd parent
linux:/tmp/parent # touch script1
As far as I understand it, the umask value for the rest of the system (0022 on my box) is ignored because of the ACL inheritance from 'parent', and the new file (script1) is created with a mode of 0666. Permissions not contained in this mode value (ie 'x') are removed from the mask for the file. This means that the new mask for the file is set to rw-, leaving the following result:
linux:/tmp/parent # getfacl script1
# file: script1
# owner: root
# group: root
user::rw-
user:mike:rwx #effective:rw-
group::r-x #effective:r--
mask::rw-
other::r--
Because of this removal of the 'x' permission in the mask, mike now only has rw- to script1.
As the directory 'parent' will contain scripts that mike will be running, I would like mike to have 'x' permissions to all files in it.
Which brings me to my question:
Is there a way I can set the default ACL on 'parent' to give mike (and not members of 'users') 'rwx' to all files created in 'parent'?
I think that the right result could be achieved by setting the SUID or GUID bits, and removing all rights for 'other'. However, as I'm on a mission to understand the use of setfacl, I would like to know if it's possible to inherit the 'x' permission to files.
It may be that I can't see the wood for the trees, as I've been on this for a while now and my head is mashed!!
Mike.