Quando uma subpasta é criada, a permissão da nova subpasta é definida por:
-
As propriedades do usuário criaram o diretório:
a. user-id
b. id do grupo
-
O
umaskdefinido - A pasta de pais
default ACL(se existir)
Nota: Mais informações podem ser encontradas em acl man
OBJECT CREATION AND DEFAULT ACLs
The access ACL of a file object is initialized when the object is created with any of the creat(), mkdir(), mknod(), mkfifo(), or open() functions. If a default ACL is associated with a directory, the mode parameter to the functions creating file objects and the default ACL of the directory are used to determine the ACL of the new object:
1. The new object inherits the default ACL of the containing directory as its access ACL.
2. The access ACL entries corresponding to the file permission bits are modified so that they contain no permissions that are not contained in the permissions specified by the mode parameter.
If no default ACL is associated with a directory, the mode parameter to the functions creating file objects and the file creation mask (see umask(2)) are used to determine the ACL of the new object:
The new object is assigned an access ACL containing entries of tag types ACL_USER_OBJ, ACL_GROUP_OBJ, and ACL_OTHER. The permissions of these entries are set to the permissions specified by the file creation mask.
The access ACL entries corresponding to the file permission bits are modified so that they contain no permissions that are not contained in the permissions specified by the mode parameter.
Instruções sobre como definir uma ACL padrão foram copiados deste Q & A
chmod g+s <directory> //set gid setfacl -d -m g::rwx /<directory> //set group to rwx default setfacl -d -m o::rx /<directory> //set otherNext we can verify:
getfacl /<directory>Output:
# file: ../<directory>/ # owner: <user> # group: media # flags: -s- user::rwx group::rwx other::r-x default:user::rwx default:group::rwx default:other::r-x
Mais informações sobre umask podem ser encontradas em umask man
umask() sets the calling process's file mode creation mask (umask) to mask & 0777 (i.e., only the file permission bits of mask are used), and returns the previous value of the mask. The umask is used by open(2), mkdir(2), and other system calls that create files to modify the permissions placed on newly created files or directories. Specifically, permissions in the umask are turned off from the mode argument to open(2) and mkdir(2). Alternatively, if the parent directory has a default ACL (see acl(5)), the umask is ignored, the default ACL is inherited, the permission bits are set based on the inherited ACL, and permission bits absent in the mode argument are turned off. For example, the following default ACL is equivalent to a umask of 022: u::rwx,g::r-x,o::r-x Combining the effect of this default ACL with a mode argument of 0666 (rw-rw-rw-), the resulting file permissions would be 0644 (rw- r--r--). The constants that should be used to specify mask are described under