oddities in interference of linux extened ACLs and 'regular' permissions

Solution 1:

We've seen something like this in our experiments with Linux ACLs, especially via Samba. But in most cases, even though the regular permission/file mode bits are changed in strange ways, the system still performs overall as intended.

I remember reading somewhere (can't remember where, sorry) that when creating files (possibly via Samba) that the ACL permissions weren't properly reflected in the mode bits until data was written to the file. This would affect files created using, e.g., touch.

Something else to consider is whether you might want to set default ACLs.

We use something like this when creating new directory with ACL-protected files; the last command, with getfacl piped into setfacl, copies the currently-set ACLs to be used as default ACLs for new files created in this directory:

chown --recursive $username:$userrole /home/data/private/$datadir
chmod --recursive u=rwx,g=,o= /home/data/private/$datadir

# remove previous ACLs
setfacl --recursive --remove-all /home/data/private/$datadir

# User/group access for owner, group leader and web server
setfacl --recursive -m u:$username:rwx /home/data/private/$datadir
setfacl --recursive -m g:RGLeader:rx /home/data/private/$datadir
setfacl --recursive -m u:www-data:rwx /home/data/private/$datadir

# Copy access modes to default access modes
getfacl --access /home/data/private/$datadir | setfacl --recursive -d -M- /home/data/private/$datadir