How to set default permissions for new created files linux

This post is about setting the access permissions to files and folders that get created by processes and applications installed in linux(files as .log files).

We can use here getfacl and setfacl commands to acheive this. Lets see how we can do this.

getfacl as the name suggests will firstly fetch for you the information related to current permissions set and other details on file or folder

getfacl /<directory

This command will fetch you the details for the current folder.

# file: ../<directory>/
# owner: <user>
# group: media
# flags: -s-
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:other::r-x

The above are the details about the folder including owner, group which has access to it and also its various users and their access rights. If you do getfacl to a file you also get one additional info about the umask applied on file.

Now below is command you can run to set default permissions.

chmod g+s <directory>  //set gid 
setfacl -d -m g::rwx /<directory>  //set group to rwx default 
setfacl -d -m o::rx /<directory>   //set other

To understand on available switches with ‘setfacl’ in linux, just run ‘setfacl –help’, you will get all options available with it to use.Also the most useful command to reverse back all changes if something goes wrong using it is: This command will remove all the extended ACL entries.

 setfacl -b /directory

Examples for setfacl usage:

Grant user techonicals read access to file.

 setfacl -m u:techonicals:r file

Revoke write access from all groups and all named users for file.

 setfacl -m m::rx file

Remove the group entry for the group techonicals from file file’s ACL.

 setfacl -x g:techonicals file

To grant all permissions to a group

 setfacl -m g:groupname:rwx /path/to/filename

To recursively set ACLs to all files inside a directory use the -R option

 setfacl -R -m u:username:rwx /path/to/directory

To delete an entry from the access list

 setfacl -x u:username /path/to/file
This entry was posted in Linux and tagged . Bookmark the permalink.