File being sent by service with permission 600, can umask, setuid, setgid override this?

mtlhd · 01-23-2018, 09:56 AM

Hello Linux Power Users,

We have a service sending our server a file with a certain permission we would like to change.

Will setting a umask on a folder have any power over what the set permission of the files is coming in?
The service that drops the file in the directory with a set permission of 600.
We would like to change this to 655.

Can we set a umask, or even perhaps setgid on the directory in question to override this?

tested umask u+rwx,go+rx

Currently we are having no luck. Are we stuck and have to have the service change the permissions they are sending?

Thanks in advance.

Cheers!

rknichols · 01-23-2018, 12:11 PM

You can't do it with umask since that only removes permissions. Setting the SETGID flag on the directory would cause new files to inherit the GID of the directory, but won't affect the (lack of) group permissions.

The only solution that comes to mind is to set a "default" ACL on the directory that grants the needed permissions. That default ACL is inherited by new files. You can puzzle over the manpages for setfacl and getfacl for details, but you're going to need something like

Code:

setfacl --set d:u::rw /path/to/directory
setfacl -m d:g:{groupname}:rx /path/to/directory
setfacl -m d:other:rx /path/to/directory

Replace "{groupname}" with the appropriate group name or numeric GID. The word "other" is literal.