Force newly created directory and files to inherit permissions from parent directory
You will need to define "default ACLs" using setfacl
. This works not only for named user/group ACLs, but also for the basic unnamed permission bits:
setfacl -d -m "u::rwx,g::rwx,o::-" parentdir
Note that you cannot force new files to be executable; even if the ACL grants +rwx, the newly created file will still have a mask::
entry limiting it to just +rw, because this is usually what most people want, and because it is not possible to have different default ACLs for child files than child folders.
(Also note that once a file or folder has ACLs, trying to change its "group" rwx permissions via chmod will actually change the mask entry that affects all ACLs at once – not just the unnamed group entry. This is generally good, because it lets you clearly see in ls -l
if a file has write rights granted to anyone at all, but it also means that to change just the unnamed group access you'll now need setfacl -m g::???
.)
This does not affect the setgid bit, which can be changed using chmod g±s
as usual.
(Also note that unlike Windows or NFS4 "inheritable" ACLs, the POSIX "default" ACLs only take effect when the item is created, but the child item permissions are not recalculated when the parent's "default" ACLs change.)
For more information:
- POSIX Access Control Lists on Linux
- "ACL ENTRIES" in setfacl(1)