How to set default file permissions for all folders/files in a directory?

I want to set a folder such that anything created within it (directories, files) inherit default permissions and group.

Lets call the group “media”. And also, the folders/files created within the directory should have g+rw automatically.

Asked By: Chris

||

I found it: Applying default permissions

From the article:

  1. Set the setgid bit, so that files/folder under <directory> will be created with the same group as <directory>

    chmod g+s <directory>
    
  2. Set the default ACLs for the group and other

    setfacl -d -m g::rwx /<directory>
    setfacl -d -m o::rx /<directory>
    

Next we can verify:

getfacl /<directory>

Output:

# file: ../<directory>/
# owner: <user>
# group: media
# flags: -s-
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:other::r-x
Answered By: Chris

This is an addition to Chris’ answer, it’s based on my experience on my Arch Linux rig.

Using the default switch (-d) and the modify switch (-m) will only modify the default permissions but leave the existing ones intact:

setfacl -d -m g::rwx /<directory>

If you want to change folder’s entire permission structure including the existing ones (you’ll have to do an extra line and make it recursive with -R):

setfacl -R -m g::rwx /<directory>

Examples:

# Gives group read,write,exec permissions for currently existing files and
# folders, recursively.
setfacl -R -m g::rwx /home/limited.users/directory 

# Revokes read and write permission for everyone else in existing folder and
# subfolders.
setfacl -R -m o::x /home/limited.users/directory  

# Gives group rwx permissions by default, recursively.
setfacl -R -d -m g::rwx /home/limited.users/directory

# Revokes read, write and execute permissions for everyone else. 
setfacl -R -d -m o::--- /home/limited.users/directory

(CREDIT to markdwite in comments for the syntax of the revoke all privileges line)

Answered By: thebunnyrules

Using the following command you can set default permission to a file:

chacl -R filename
Answered By: user240513

Add yourself/logged user to www-data group, so we can work with files created by www-data server

sudo usermod -a -G www-data $USER

Needs to restart/relogin so the newly added group takes effect

cd /var/www

Add www-data as group member of html folder, and your user as owner, so we own it as well as a group member

sudo chown -R $USER:www-data html

Put your username in place of USER

Set read,write,execute permission as required, (ugo) u=user, g=group, o=others

sudo chmod 750 html

Set the GID of html, now, newly created files in html will inherit ownership permissions:

sudo chmod g+s html

This creates the default rules for newly created files/dirs within the html directory and sub directories.

sudo setfacl -R -d -m u::rwX -m g::rX -m o::000 html

Make SELinux if installed, ignore www-data context requirement so it lets allows write permissions

sudo setsebool -P httpd_unified 1

list directory to see new permissions applied

ls -ld html

Returns this

drwxrwsr-x+   3 html www-data

The trailing + signify that ACL, Access Control List, is set on the directory.

Reference: Link to forum

Answered By: Abdul Rehman

Above answer doesn’t updates executable permissions, though they show so. Use
chacl -r u::rwx,g::r-x,o::r-- ./

Answered By: Prashant K
Categories: Answers Tags: , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.