Group permissions bits interfering with default ACL mask

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Group permissions bits interfering with default ACL mask

Michael Orlitzky-2
I have a directory (drupal modules directory) where developers regularly
untar (or cp) archives. The contents should be rwx for the 'developers'
group, so that some other developer can update or remove the module later.

I've set default ACLs on the parent directory, and the regular default
ACLs are applied but the default mask is not. This is because tar/cp
preserve the original group permission bits -- a strategy that doesn't
make sense under a directory with default ACLs.

For an example, I'll copy /etc/profile (mode: 0644) into a directory
whose contents should be rwx to the 'apache' user via its default ACL.

  gantu acl $ getfacl .
  # file: .
  # owner: mjo
  # group: mjo
  user::rwx
  group::---
  other::---
  default:user::rwx
  default:user:apache:rwx
  default:group::---
  default:mask::rwx
  default:other::---

  gantu acl $ cp /etc/profile ./
  gantu acl $ getfacl profile
  # file: profile
  # owner: mjo
  # group: mjo
  user::rw-
  user:apache:rwx #effective:r--
  group::---
  mask::r--
  other::---

So, even though the directory has default:mask::rwx, newly-created files
have mask::r--. I've been searching for a while and others have run into
this problem; so far, I don't see any good solutions. Does anything come
to mind?

Initially I thought I could set developers' umasks appropriately;
however, both tar and cp ignore the umask (even with
--no-preserve=mode!) and use the source permission bits anyway.