Default permission for newly-created files/folders using ACLs not respected by commands like "unzip"
Posted
by
Ngoc Pham
on Server Fault
See other posts from Server Fault
or by Ngoc Pham
Published on 2012-11-24T04:10:41Z
Indexed on
2012/11/24
5:07 UTC
Read the original article
Hit count: 263
I am having trouble with setting up a system for multiple users accessing the same set of files. I've read tuts and docs around and played with ACLs but haven't succeeded yet.
MY SCENARIO:
Have multiple users, for example, user1
and user2
, which is belong to a group called sharedusers
. They must have all WRITE permission to a same set of files and directories, say underlying in /userdata/sharing/
.
I have the folder's group set to sharedusers
and SGID to have all newly created files/dirs inside set to same group.
ubuntu@home:/userdata$ ll
drwxr-sr-x 2 ubuntu sharedusers 4096 Nov 24 03:51 sharing/
I set ACLs for this directory so I can have permission of sub dirs/files inheritted from its parents.
ubuntu@home:/userdata$ setfacl -m group:sharedusers:rwx sharing/
ubuntu@home:/userdata$ setfacl -d -m group:sharedusers:rwx sharing/
Here's what I've got:
ubuntu@home:/userdata$ getfacl sharing/
# file: sharing/
# owner: ubuntu
# group: sharedusers
# flags: -s-
user::rwx
group::r-x
group:sharedusers:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:sharedusers:rwx
default:mask::rwx
default:other::r-x
Seems okay as when I create new folder with new files inside and the permission is correct.
ubuntu@home:/userdata/sharing$ mkdir a && cd a
ubuntu@home:/userdata/sharing/a$ touch a_test
ubuntu@home:/userdata/sharing/a$ getfacl a_test
# file: a_test
# owner: ubuntu
# group: sharedusers
user::rw-
group::r-x #effective:r--
group:sharedusers:rwx #effective:rw-
mask::rw-
other::r--
As you can see, the sharedusers
group has effective permission rw-
.
HOWEVER, if I have a zip file, and use unzip -q
command to unzip the file inside the folder sharing
, the extracted folders don't have group write permisison. Therefore, the users from group sharedusers
cannot modify files under those extracted folders.
ubuntu@home:/userdata/sharing$ unzip -q Joomla_3.0.2-Stable-Full_Package.zip
ubuntu@home:/userdata/sharing$ ll
drwxrwsr-x+ 2 ubuntu sharedusers 4096 Nov 24 04:00 a/
drwxr-xr-x+ 10 ubuntu sharedusers 4096 Nov 7 01:52 administrator/
drwxr-xr-x+ 13 ubuntu sharedusers 4096 Nov 7 01:52 components/
You an spot the difference in permissions between folder a
(created before) and folder administrator
extracted by unzip
. And the ACLs of a files inside administrator
:
ubuntu@home:/userdata/sharing$ getfacl administrator/index.php
# file: administrator/index.php
# owner: ubuntu
# group: ubuntu
user::rw-
group::r-x #effective:r--
group:sharedusers:rwx #effective:r--
mask::r--
other::r--
It also has ubuntu
group, not sharedusers
group as expected.
Could someone please explain the problem and give me advice? Thank you in advance!
© Server Fault or respective owner