1 |
I have a directory (drupal modules directory) where developers regularly |
2 |
untar (or cp) archives. The contents should be rwx for the 'developers' |
3 |
group, so that some other developer can update or remove the module later. |
4 |
|
5 |
I've set default ACLs on the parent directory, and the regular default |
6 |
ACLs are applied but the default mask is not. This is because tar/cp |
7 |
preserve the original group permission bits -- a strategy that doesn't |
8 |
make sense under a directory with default ACLs. |
9 |
|
10 |
For an example, I'll copy /etc/profile (mode: 0644) into a directory |
11 |
whose contents should be rwx to the 'apache' user via its default ACL. |
12 |
|
13 |
gantu acl $ getfacl . |
14 |
# file: . |
15 |
# owner: mjo |
16 |
# group: mjo |
17 |
user::rwx |
18 |
group::--- |
19 |
other::--- |
20 |
default:user::rwx |
21 |
default:user:apache:rwx |
22 |
default:group::--- |
23 |
default:mask::rwx |
24 |
default:other::--- |
25 |
|
26 |
gantu acl $ cp /etc/profile ./ |
27 |
gantu acl $ getfacl profile |
28 |
# file: profile |
29 |
# owner: mjo |
30 |
# group: mjo |
31 |
user::rw- |
32 |
user:apache:rwx #effective:r-- |
33 |
group::--- |
34 |
mask::r-- |
35 |
other::--- |
36 |
|
37 |
So, even though the directory has default:mask::rwx, newly-created files |
38 |
have mask::r--. I've been searching for a while and others have run into |
39 |
this problem; so far, I don't see any good solutions. Does anything come |
40 |
to mind? |
41 |
|
42 |
Initially I thought I could set developers' umasks appropriately; |
43 |
however, both tar and cp ignore the umask (even with |
44 |
--no-preserve=mode!) and use the source permission bits anyway. |