Default permission for newly-created files/folders using ACLs not respected by commands like "unzip"
- by Ngoc Pham
I am having trouble with setting up a system for multiple users accessing the same set of files. I've read tuts and docs around and played with ACLs but haven't succeeded yet.
MY SCENARIO:
Have multiple users, for example, user1 and user2, which is belong to a group called sharedusers. They must have all WRITE permission to a same set of files and directories, say underlying in /userdata/sharing/.
I have the folder's group set to sharedusers and SGID to have all newly created files/dirs inside set to same group.
ubuntu@home:/userdata$ ll
drwxr-sr-x 2 ubuntu sharedusers 4096 Nov 24 03:51 sharing/
I set ACLs for this directory so I can have permission of sub dirs/files inheritted from its parents.
ubuntu@home:/userdata$ setfacl -m group:sharedusers:rwx sharing/
ubuntu@home:/userdata$ setfacl -d -m group:sharedusers:rwx sharing/
Here's what I've got:
ubuntu@home:/userdata$ getfacl sharing/
# file: sharing/
# owner: ubuntu
# group: sharedusers
# flags: -s-
user::rwx
group::r-x
group:sharedusers:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:sharedusers:rwx
default:mask::rwx
default:other::r-x
Seems okay as when I create new folder with new files inside and the permission is correct.
ubuntu@home:/userdata/sharing$ mkdir a && cd a
ubuntu@home:/userdata/sharing/a$ touch a_test
ubuntu@home:/userdata/sharing/a$ getfacl a_test
# file: a_test
# owner: ubuntu
# group: sharedusers
user::rw-
group::r-x #effective:r--
group:sharedusers:rwx #effective:rw-
mask::rw-
other::r--
As you can see, the sharedusers group has effective permission rw-.
HOWEVER, if I have a zip file, and use unzip -q command to unzip the file inside the folder sharing, the extracted folders don't have group write permisison. Therefore, the users from group sharedusers cannot modify files under those extracted folders.
ubuntu@home:/userdata/sharing$ unzip -q Joomla_3.0.2-Stable-Full_Package.zip
ubuntu@home:/userdata/sharing$ ll
drwxrwsr-x+ 2 ubuntu sharedusers 4096 Nov 24 04:00 a/
drwxr-xr-x+ 10 ubuntu sharedusers 4096 Nov 7 01:52 administrator/
drwxr-xr-x+ 13 ubuntu sharedusers 4096 Nov 7 01:52 components/
You an spot the difference in permissions between folder a (created before) and folder administrator extracted by unzip. And the ACLs of a files inside administrator:
ubuntu@home:/userdata/sharing$ getfacl administrator/index.php
# file: administrator/index.php
# owner: ubuntu
# group: ubuntu
user::rw-
group::r-x #effective:r--
group:sharedusers:rwx #effective:r--
mask::r--
other::r--
It also has ubuntu group, not sharedusers group as expected.
Could someone please explain the problem and give me advice? Thank you in advance!