3

I have a directory:

/usr/local/test/

And I have changed the group of the test dir to bfx:

 $ sudo chgrp bfx /usr/local/test/

And used a stickybit to make the group remain the same in all files/subdirs. I have also taken execute permission off other:

 $ sudo chmod -R g+ws,o-x /usr/local/test/

I then used setfacl to change the default group and other permissions to this:

 $ sudo setfacl -d -m group:bfx:rwx,other::r-- /usr/local/test/

So my dir permissions are:

$ ls -la /usr/local | grep test

drwxrwsr--+  3 root bfx  4096 Nov  8 14:10 TEST

When i clone a git repo into /usr/local/test it works like i want it (group rws, other r--):

drwxrwsr--+  4 username bfx  4096 Nov  8 14:17 git-repos

However when i simply use nano to create a test python script, this is the output:

-rw-rw-r--   1 username bfx    12 Nov  8 14:09 test.py

However, I can still execute this script? I am very confused as the permissions dont match up.

I would like all subdirs/files in /usr/local/test/ to have drwxrwsr--+ permissions and the group bfx. I know the stickybit sorts the group being the default for subdirs and files, but I want to give other=r-- permissions for ALL subdirs/files - where have i gone wrong?

trouselife
  • 153
  • 5
  • Note: not the sticky bit, it is the set-uid bit. – ctrl-alt-delor Nov 08 '18 at 19:45
  • Note: no need (and is **dangerous**), to use `sudo` for `chmod` and `setfacl`. – ctrl-alt-delor Nov 08 '18 at 19:47
  • 1
    I have tried to reproduce. However I get the ACLs remaining. I do loose the group permission (as if set-guid is not active), but this is not needed. You don't need the set-guid. Can you document the exact process to reproduce (you don't need `sudo` so don't use it. (it is only needed to set group, and with ACLs you don't need to do this.) – ctrl-alt-delor Nov 08 '18 at 19:55

0 Answers0