How to set default file permissions for all folders/files in a directory?
I found it: Applying default permissions
From the article:
Set the
setgid
bit, so that files/folder under <directory> will be created with the same group as <directory>chmod g+s <directory>
Set the default ACLs for the group and other
setfacl -d -m g::rwx /<directory> setfacl -d -m o::rx /<directory>
Next we can verify:
getfacl /<directory>
Output:
# file: ../<directory>/
# owner: <user>
# group: media
# flags: -s-
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:other::r-x
This is an addition to Chris' answer, it's based on my experience on my Arch Linux rig.
Using the default switch (-d
) and the modify switch (-m
) will only modify the the default permissions but leave the existing ones intact:
setfacl -d -m g::rwx /<directory>
If you want to change folder's entire permission structure including the existing ones (you'll have to do an extra line and make it recursive with -R
):
setfacl -R -m g::rwx /<directory>
eg.
setfacl -R -m g::rwx /home/limited.users/<directory> // gives group read,write,exec permissions for currently existing files and folders, recursively
setfacl -R -m o::x /home/limited.users/<directory> //revokes read and write permission for everyone else in existing folder and subfolders
setfacl -R -d -m g::rwx /home/limited.users/<directory> // gives group rwx permissions by default, recursively
setfacl -R -d -m o::--- /home/limited.users/<directory> //revokes read, write and execute permissions for everyone else.
(CREDIT to markdwite in comments for the syntax of the revoke all privileges line)
Add yourself/logged user to www-data group, so we can work with files created by www-data server
sudo usermod -a -G www-data $USER
Needs to restart/relogin so the newly added group takes effect
cd /var/www
Add www-data as group member of html folder, and your user as owner, so we own it as well as a group member
sudo chown -R $USER:www-data html
Put your username in place of USER
Set read,write,execute permission as required, (ugo) u=user, g=group, o=others
sudo chmod 750 html
Set the GID of html, now, newly created files in html will inherit ownership permissions:
sudo chmod g+s html
This creates the default rules for newly created files/dirs within the html directory and sub directories.
sudo setfacl -R -d -m u::rwX -m g::rX -m o::000 html
Make SELinux if installed, ignore www-data context requirement so it lets allows write permissions
sudo setsebool -P httpd_unified 1
list directory to see new permissions applied
ls -ld html
Returns this
drwxrwsr-x+ 3 html www-data
The trailing + signify that ACL, Access Control List, is set on the directory.
Reference: Link to forum