0

Problem: Whenever I write a new file/modify a file in my www folder, permissions and ownerships are being reset on that file, sometimes making the server unable to read the files I create. So I need to go to the terminal, set the ownerships etc. which is very tedious.

My www folder is accessible through Samba.
Whenever I write or modify anything to that folder I get the permissions and ownership of the file reset to jay:jay that can't be read by apache.

I looked up online and saw this question. So I tried: 

sudo setfacl -Rdm g:apache:rx www
sudo chmod g+s www

now the result is this:

drwxr-sr-x+ 14 jay apache  4096 Aug 15 21:09 www

But now whenever I try something like: 

touch somefile.txt

I get these settings:

-rw-r--r--+ 1 jay apache 0 Aug 15 23:07 somefile.txt

I thought the permissions would keep the folder's permission, no?

regarding the ownership it is ok, but the permissions are not kept!

  1. Say I wanted to make a 750 chmod automatic for jay's writing to the folder. How would I go about that?
  2. I assume the little 's' marks the setgid? Does this mean anything written inside of this folder would be given the folder's group's ownership?

  3. Why doesn't it affect my files? I thought the settings of a newly created file would be just like the containing folder's (www) which is rwxr-xr-x

  4. Is there a way to simply undo the setfacl? That is take out the little '+' in the permissions line?

I am running Ubuntu 12

Community
  • 1
Ted
  • 965

1 Answers1

2
  1. One way would be to set the umask value to 0022 for jay. What is "umask" and how does it work? You can also set the umask in Samba's configuration. See How to force group ownership on samba share? for an example.
  2. It does indeed stand for setgid. In a setgid folder, files and folders created inherit the group ownership, and folders inherit the setgid bit.
  3. Settings of newly created files are set using the umask of the user.
  4. To reset the ACL, the best way would be to use the original ACL as given by getfacl, since setfacl has --restore option. Failing that, you could try to remove all extended ACLs using setfacl -b.

Regarding sudo and umask: According to the Arch Wiki:

Sudo will union the user's umask value with its own umask (which defaults to 0022).

This should be fine (since the user's umask is 0022 as well).

Community
  • 1
muru
  • 197,895
  • 55
  • 485
  • 740
  • may be umask value is 027 for 750 and 640 file permission. – Lety Aug 15 '14 at 21:25
  • @Letizia indeed, I misread and thought OP needed group write. OP doesn't seem to have a problem with o+rx, so a umask of 022 seems good. – muru Aug 15 '14 at 21:27
  • is there a way to undo the setfacl? I am just unsure of this method as I don't know what I am doing. I also tried umask 027, and when I create a file, no matter what umask I give, it is created with the same permissions. – Ted Aug 15 '14 at 21:46
  • According to setacl manual: Removing a named group entry from a file's ACL 'setfacl -Rx g:apache www'. I can't test it so in order to verify 'setfacl -Rx g:apache www --test' should show the results acl. If you like it @muru, you can add to complete the answer. – Lety Aug 15 '14 at 21:46
  • 2
    @Letizia thanks. But there also the -b option ("Remove all extended ACL entries") - is that more appropriate for resetting? I am not sure, which is why I didn't touch on that question. – muru Aug 15 '14 at 21:52
  • @Letizia, The + doesn't go away. – Ted Aug 15 '14 at 21:52
  • yep, @muru, -b seems to work – Ted Aug 15 '14 at 21:54
  • I assume umask doesn't work for sudo commands, as I am scoping out of the user's context? – Ted Aug 15 '14 at 21:55
  • 1
    @Ted I'd think it would work, but using the target user's umask. No, it seems sudo can inherit the umask, or use the umask specified in sudoers. – muru Aug 15 '14 at 21:56