How to set default file permissions for all folders/files in a directory?

I found it: Applying default permissions

From the article:

  1. Set the setgid bit, so that files/folder under <directory> will be created with the same group as <directory>

    chmod g+s <directory>
    
  2. Set the default ACLs for the group and other

    setfacl -d -m g::rwx /<directory>
    setfacl -d -m o::rx /<directory>
    

Next we can verify:

getfacl /<directory>

Output:

# file: ../<directory>/
# owner: <user>
# group: media
# flags: -s-
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:other::r-x

This is an addition to Chris' answer, it's based on my experience on my Arch Linux rig.

Using the default switch (-d) and the modify switch (-m) will only modify the the default permissions but leave the existing ones intact:

setfacl -d -m g::rwx /<directory>

If you want to change folder's entire permission structure including the existing ones (you'll have to do an extra line and make it recursive with -R):

setfacl -R -m g::rwx /<directory>

eg.

setfacl -R -m g::rwx /home/limited.users/<directory> // gives group read,write,exec permissions for currently existing files and folders, recursively
setfacl -R -m o::x /home/limited.users/<directory> //revokes read and write permission for everyone else in existing folder and subfolders 
setfacl -R -d -m g::rwx /home/limited.users/<directory> // gives group rwx permissions by default, recursively
setfacl -R -d -m o::--- /home/limited.users/<directory> //revokes read, write and execute permissions for everyone else. 

(CREDIT to markdwite in comments for the syntax of the revoke all privileges line)


Add yourself/logged user to www-data group, so we can work with files created by www-data server

sudo usermod -a -G www-data $USER

Needs to restart/relogin so the newly added group takes effect

cd /var/www

Add www-data as group member of html folder, and your user as owner, so we own it as well as a group member

sudo chown -R $USER:www-data html

Put your username in place of USER

Set read,write,execute permission as required, (ugo) u=user, g=group, o=others

sudo chmod 750 html

Set the GID of html, now, newly created files in html will inherit ownership permissions:

sudo chmod g+s html

This creates the default rules for newly created files/dirs within the html directory and sub directories.

sudo setfacl -R -d -m u::rwX -m g::rX -m o::000 html

Make SELinux if installed, ignore www-data context requirement so it lets allows write permissions

sudo setsebool -P httpd_unified 1

list directory to see new permissions applied

ls -ld html

Returns this

drwxrwsr-x+   3 html www-data

The trailing + signify that ACL, Access Control List, is set on the directory.

Reference: Link to forum