1 |
Initially sent to gentoo-server, just remembered there are probably a |
2 |
few ACL users here too. |
3 |
|
4 |
-------- Original Message -------- |
5 |
|
6 |
I have a directory (drupal modules directory) where developers regularly |
7 |
untar (or cp) archives. The contents should be rwx for the 'developers' |
8 |
group, so that some other developer can update or remove the module later. |
9 |
|
10 |
I've set default ACLs on the parent directory, and the regular default |
11 |
ACLs are applied but the default mask is not. This is because tar/cp |
12 |
preserve the original group permission bits -- a strategy that doesn't |
13 |
make sense under a directory with default ACLs. |
14 |
|
15 |
For an example, I'll copy /etc/profile (mode: 0644) into a directory |
16 |
whose contents should be rwx to the 'apache' user via its default ACL. |
17 |
|
18 |
gantu acl $ getfacl . |
19 |
# file: . |
20 |
# owner: mjo |
21 |
# group: mjo |
22 |
user::rwx |
23 |
group::--- |
24 |
other::--- |
25 |
default:user::rwx |
26 |
default:user:apache:rwx |
27 |
default:group::--- |
28 |
default:mask::rwx |
29 |
default:other::--- |
30 |
|
31 |
gantu acl $ cp /etc/profile ./ |
32 |
gantu acl $ getfacl profile |
33 |
# file: profile |
34 |
# owner: mjo |
35 |
# group: mjo |
36 |
user::rw- |
37 |
user:apache:rwx #effective:r-- |
38 |
group::--- |
39 |
mask::r-- |
40 |
other::--- |
41 |
|
42 |
So, even though the directory has default:mask::rwx, newly-created files |
43 |
have mask::r--. I've been searching for a while and others have run into |
44 |
this problem; so far, I don't see any good solutions. Does anything come |
45 |
to mind? |
46 |
|
47 |
Initially I thought I could set developers' umasks appropriately; |
48 |
however, both tar and cp ignore the umask (even with |
49 |
--no-preserve=mode!) and use the source permission bits anyway. |