Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Setting default permissions for newly created files and sub-directories under a directory in Linux?

I have a bunch of long-running scripts and applications that are storing output results in a directory shared amongst a few users. I would like a way to make sure that every file and directory created under this shared directory automatically had u=rwxg=rwxo=r permissions.

I know that I could use umask 006 at the head off my various scripts, but I don't like that approach as many users write their own scripts and may forget to set the umask themselves.

I really just want the filesystem to set newly created files and directories with a certain permission if it is in a certain folder. Is this at all possible?

Update: I think it can be done with POSIX ACLs, using the Default ACL functionality, but it's all a bit over my head at the moment. If anybody can explain how to use Default ACLs it would probably answer this question nicely.

like image 732
David Dean Avatar asked Feb 24 '09 05:02

David Dean


People also ask

What are the default permissions set for a new created file or a directory in Linux?

On Linux, by default, when we create new files, they are given rw-rw-r– permissions. The r, w, and x signify the read, write, and execute permissions, respectively.

What is the default permission of a file and directory respectively?

The most common umask is 022 which means that when you create a new directory the permissions are not the default of 777 ( drwxrwxrwx) but rather 777 – 022 which is 755 ( drwxr-xr-x). And when you create a new file, the permissions are not the default 666 ( -rw-rw-rw-) but rather 666 – 022 which is 644 ( -rw-r–r–).


2 Answers

To get the right ownership, you can set the group setuid bit on the directory with

chmod g+rwxs dirname 

This will ensure that files created in the directory are owned by the group. You should then make sure everyone runs with umask 002 or 007 or something of that nature---this is why Debian and many other linux systems are configured with per-user groups by default.

I don't know of a way to force the permissions you want if the user's umask is too strong.

like image 131
Norman Ramsey Avatar answered Sep 21 '22 03:09

Norman Ramsey


Here's how to do it using default ACLs, at least under Linux.

First, you might need to enable ACL support on your filesystem. If you are using ext4 then it is already enabled. Other filesystems (e.g., ext3) need to be mounted with the acl option. In that case, add the option to your /etc/fstab. For example, if the directory is located on your root filesystem:

/dev/mapper/qz-root   /    ext3    errors=remount-ro,acl   0  1 

Then remount it:

mount -oremount / 

Now, use the following command to set the default ACL:

setfacl -dm u::rwx,g::rwx,o::r /shared/directory 

All new files in /shared/directory should now get the desired permissions. Of course, it also depends on the application creating the file. For example, most files won't be executable by anyone from the start (depending on the mode argument to the open(2) or creat(2) call), just like when using umask. Some utilities like cp, tar, and rsync will try to preserve the permissions of the source file(s) which will mask out your default ACL if the source file was not group-writable.

Hope this helps!

like image 30
pelle Avatar answered Sep 20 '22 03:09

pelle