| 1 |
I have a directory (drupal modules directory) where developers regularly |
| 2 |
untar (or cp) archives. The contents should be rwx for the 'developers' |
| 3 |
group, so that some other developer can update or remove the module later. |
| 4 |
|
| 5 |
I've set default ACLs on the parent directory, and the regular default |
| 6 |
ACLs are applied but the default mask is not. This is because tar/cp |
| 7 |
preserve the original group permission bits -- a strategy that doesn't |
| 8 |
make sense under a directory with default ACLs. |
| 9 |
|
| 10 |
For an example, I'll copy /etc/profile (mode: 0644) into a directory |
| 11 |
whose contents should be rwx to the 'apache' user via its default ACL. |
| 12 |
|
| 13 |
gantu acl $ getfacl . |
| 14 |
# file: . |
| 15 |
# owner: mjo |
| 16 |
# group: mjo |
| 17 |
user::rwx |
| 18 |
group::--- |
| 19 |
other::--- |
| 20 |
default:user::rwx |
| 21 |
default:user:apache:rwx |
| 22 |
default:group::--- |
| 23 |
default:mask::rwx |
| 24 |
default:other::--- |
| 25 |
|
| 26 |
gantu acl $ cp /etc/profile ./ |
| 27 |
gantu acl $ getfacl profile |
| 28 |
# file: profile |
| 29 |
# owner: mjo |
| 30 |
# group: mjo |
| 31 |
user::rw- |
| 32 |
user:apache:rwx #effective:r-- |
| 33 |
group::--- |
| 34 |
mask::r-- |
| 35 |
other::--- |
| 36 |
|
| 37 |
So, even though the directory has default:mask::rwx, newly-created files |
| 38 |
have mask::r--. I've been searching for a while and others have run into |
| 39 |
this problem; so far, I don't see any good solutions. Does anything come |
| 40 |
to mind? |
| 41 |
|
| 42 |
Initially I thought I could set developers' umasks appropriately; |
| 43 |
however, both tar and cp ignore the umask (even with |
| 44 |
--no-preserve=mode!) and use the source permission bits anyway. |
Archives