How to set file permissions so that new files inherit same permissions? [duplicate]
I have a folder in which new subfolders and files will be created automatically, by a script.
I want to maintain the user and group permissions recursively for all new folders and files placed in the parent directory. I know this involves setting a sticky bit, but I can't seem to find a command that shows exactly what I need.
This is what I have done so far:
sudo mkdir -p /path/to/parent
sudo chmod -R 660 myself:somegroup /path/to/parent
Thereafter, I want the 660 permissions to be set recursively to any folders and files placed in /path/to/parent
.
However, everything I have tried so far has failed. Can someone help please?
Actually the octal flag 660 is probably not even correct. The permissions I want are:
- Directories placed under
/path/to/parent
are eXecutable by users with permissions - files are read/writeable by user myself and members of somegroup
- Files and folders in
/path/to/parent
is NOT world readable
I am running on Ubuntu 10.0.4 LTS.
Can someone help please?
Solution 1:
Grawity gives an excellent answer but I suspect the edited question may have changed things slightly.
I would suggest leaving the directory owned by the apache user/group. This will probably be either apache or httpd depending on your distribution.
e.g.
chown -R apache:apache /path/to/parent
You can then do something like https://serverfault.com/questions/164078/is-adding-users-to-the-group-www-data-safe-on-debian or even add yourself to the apache group to ensure you have group access to the directory. (Something like usermod -aG apache username
)
I would not chmod -R
the entire directory because you don't want html scripts or jpg's or random other things executable. You should change permissions as required. (though resetting it to 660 may not be the worst of ideas.)
Something you may like to try is:
chmod o+w file
The 'o' means 'other' & 'w' means 'write'. You can also have 'u' for 'user' & 'g' for 'group', as well as 'r' & 'x' which are hopefully self explanatory. You can remove permissions using '-' rather than '+'.
Solution 2:
The permission bits you are looking for are 0770 and 0660.
-
rw-
permissions →110
binary →6
octal
The group ownership can be inherited by new files and folders created in your folder /path/to/parent by setting the setgid bit using chmod g+s
like this:
chmod g+s /path/to/parent
Now, all new files and folder created under /path/to/parent will have the same group assigned as is set on /path/to/parent.
POSIX file permissions are not inherited; they are given by the creating process and combined with its current umask value.
However, you can use POSIX ACLs to achieve this. Set the default ACL on a directory:
setfacl -d -m u::rwX,g::rwX,o::- /path/to/parent
This will apply setfacl
to the /path/to/parent directory, -m
odifying the -d
efault ACLs – those that will be applied to newly created items. (Uppercase X
means only directories will receive the +x
bit.)
(If needed, you can add a u:someuser:rwX
or g:someuser:rwX
– preferably a group – to the ACLs.)
Note: On older systems using ext3/ext4, you used to need to mount the filesystem with the acl
option, otherwise it would ignore all ACLs and disallow setting new ones.
mount -o remount,acl /
To set this permanently, use tune2fs -o acl <device>
or edit /etc/fstab
.