Default permission for newly-created files/folders using ACLs not respected by commands like "unzip"

Posted by Ngoc Pham on Server Fault See other posts from Server Fault or by Ngoc Pham
Published on 2012-11-24T04:10:41Z Indexed on 2012/11/24 5:07 UTC
Read the original article Hit count: 263

Filed under:
|
|
|
|

I am having trouble with setting up a system for multiple users accessing the same set of files. I've read tuts and docs around and played with ACLs but haven't succeeded yet.

MY SCENARIO:

Have multiple users, for example, user1 and user2, which is belong to a group called sharedusers. They must have all WRITE permission to a same set of files and directories, say underlying in /userdata/sharing/.

I have the folder's group set to sharedusers and SGID to have all newly created files/dirs inside set to same group.

ubuntu@home:/userdata$  ll
drwxr-sr-x  2 ubuntu sharedusers 4096 Nov 24 03:51 sharing/

I set ACLs for this directory so I can have permission of sub dirs/files inheritted from its parents.

ubuntu@home:/userdata$  setfacl -m group:sharedusers:rwx sharing/
ubuntu@home:/userdata$  setfacl -d -m group:sharedusers:rwx sharing/

Here's what I've got:

ubuntu@home:/userdata$   getfacl sharing/
# file: sharing/
# owner: ubuntu
# group: sharedusers
# flags: -s-
user::rwx
group::r-x
group:sharedusers:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:sharedusers:rwx
default:mask::rwx
default:other::r-x

Seems okay as when I create new folder with new files inside and the permission is correct.

ubuntu@home:/userdata/sharing$ mkdir a && cd a
ubuntu@home:/userdata/sharing/a$ touch a_test
ubuntu@home:/userdata/sharing/a$  getfacl a_test 
# file: a_test
# owner: ubuntu
# group: sharedusers
user::rw-
group::r-x                  #effective:r--
group:sharedusers:rwx       #effective:rw-
mask::rw-
other::r--

As you can see, the sharedusers group has effective permission rw-.

HOWEVER, if I have a zip file, and use unzip -q command to unzip the file inside the folder sharing, the extracted folders don't have group write permisison. Therefore, the users from group sharedusers cannot modify files under those extracted folders.

ubuntu@home:/userdata/sharing$  unzip -q Joomla_3.0.2-Stable-Full_Package.zip 
ubuntu@home:/userdata/sharing$  ll
drwxrwsr-x+  2 ubuntu sharedusers    4096 Nov 24 04:00 a/
drwxr-xr-x+ 10 ubuntu sharedusers    4096 Nov  7 01:52 administrator/
drwxr-xr-x+ 13 ubuntu sharedusers    4096 Nov  7 01:52 components/

You an spot the difference in permissions between folder a (created before) and folder administrator extracted by unzip. And the ACLs of a files inside administrator:

ubuntu@home:/userdata/sharing$  getfacl administrator/index.php 
# file: administrator/index.php
# owner: ubuntu
# group: ubuntu
user::rw-
group::r-x                #effective:r--
group:sharedusers:rwx     #effective:r--
mask::r--
other::r--

It also has ubuntu group, not sharedusers group as expected.

Could someone please explain the problem and give me advice? Thank you in advance!

© Server Fault or respective owner

Related posts about linux

Related posts about ubuntu