Tuesday, 18 November 2014

How to make new files and directoris inherit group and permissions in GNU/Linux

~$ mkdir dir
~$ cd dir/
~/dir$ chmod -R 770 .  # gives full permissions to owner&group, none to others
~/dir$ chmod -R g+s .  # makes new files and dirs inherit group ownership
~/dir$ chgrp -R grp .  # changes group ownership to "grp"
~/dir$ ls -la
total 8
drwxrws--- 2 usr grp 4096 Nov 18 07:42 .
drwxr-xr-x 6 usr usr 4096 Nov 18 07:42 ..

Note that you need to execute the commands above with sudo if it is an existing directory and any of the files or directories within belong to other users.
Note the s permission. This tells you the group ownership will be inherited to files and subdirectories within this directory.
In order to make permissions inherit, we need to use ACL - Access Control Lists.
If the setfacl command below does not work, you can install it (on Debian/Ubuntu and compatible systems) using: sudo apt-get install acl
If you get Operation not supported when executing setfacl, the partition may not be mounted with ACL enabled, which is default due to performance reasons. Add acl to the option list in /etc/fstab for the file system, for example noauto,acl,errors=remount-ro followed by re-mounting the file system (or rebooting) -- see here for details.
If you get Operation not permitted on one or more files, most likely you're not the owner of the file. Execute the setfacl command with sudo.
To make it easy, make sure that the directory your're setting ACL on has the exact permissions you wish to be inherited prior to executing setfacl.

~/dir$ setfacl -Rdm g:grp:rwx .
~/dir$ ls -la
total 8
drwxrws---+ 2 usr grp 4096 Nov 18 07:42 .
drwxr-xr-x  6 usr usr 4096 Nov 18 07:42 ..

The + after the permissions indicates that ACL is in use.

~/dir$ mkdir subdir
~/dir$ touch subdir/file
~/dir$ ls -la subdir/
total 8
drwxrws---+ 2 usr grp 4096 Nov 18 07:43 .
drwxrws---+ 3 usr grp 4096 Nov 18 07:43 ..
-rw-rw----+ 1 usr grp    0 Nov 18 07:43 file

Everything you create under dir and any directory below receives the group and permission you defined.
In order to see the permissions in use, you can use getfacl:

~/dir$ getfacl .
# file: .
# owner: usr
# group: grp
# flags: -s-


  1. Your content seems quite good, but your presentation leaves much to be desired. Too much noise with the background. I would recommend a plain background, perhaps straight black. The flames were somewhat of a deterrent to reading your content.

    1. Mark John, you're absolutely right. The background is horrible, but way back when I made it I was playing around with css as I needed to figure out how to make text appear (sort of) readable against backgrounds of different brightness and colour, and it evolved into this, plus I thought the flames were cool (at the time).

      Again, totally agree with you. I will probably improve it some day, but as with the shoes of a shoemaker's son, my own stuff comes way back in line after client work.

  2. I was struggling with comprehending ACL and your explanation is the most cogent/easy to understand that I've encountered after a long string of overly didactic and yet not instructional explanations of setfacl. Thx!