1. Overview
In this tutorial, we’ll look at setting default permissions for newly created files and sub-directories on a directory or a filesystem. First, we’ll start with a brief introduction to ACL and how we can enable it on our filesystem. Then, we’ll work our way up to setting up the permissions for newly created files on a home directory.
2. Setting the Default Permission
File permissions are privileges for carrying out specific operations on files. We can grant these permissions to a certain user or a group of users. The operations that a user can carry out on files can either be read, written, execute or a combination of these operations.
On Linux, by default, when we create new files, they are given rw-rw-r– permissions (depending on the umask). The r, w, and x signify the read, write, and execute permissions, respectively.
Let’s break down the rw-rw-r– permission for files:
- The first rw- signifies read-write permissions for the user or the owner of the file
- The second rw- indicates read-write permissions for the group the file belongs to
- The final r– read permission is for all other users
Similarly, for newly created directories, the default permission is rwxrwxr-x.
2.1. What Is ACL?
Access Control List (ACL) is a mechanism that allows us to set complex permissions to a filesystem. Not only that, but we can also use ACL to apply permissions to a specific file or a directory. With ACL, we can modify the default permissions for newly created files and directories.
On ext4, the ACL support is already enabled. However, we can enable it on other filesystem types as well, which we’ll cover in the next section.
2.2. Enabling ACL on the Filesystem
We can easily enable the ACL support on other filesystem types, such as ext3 and fat, by adding the acl option to the partition entry in the fstab file. The fstab file is located in the /etc directory and contains the configuration for our partitions.
Let’s open up the fstab file and add the acl option for the required partitions’ entries:
# <file system> <dir> <type> <options> <dump> <pass>
/dev/sda4 /home ext3 rw,relatime,acl 0 1
.
.
.
In this case, we’ve added the acl option to our /dev/sda partition, which is mounted on the /home directory. Once we’ve added the option, we can simply remount the partition with mount for our changes to take effect:
$ mount -oremount /dev/sda4
Now, the ACL support should be enabled, and we can apply our desired permissions for newly created files and directories on the /dev/sda4 partition.
2.3. Setting the Permissions With setfacl
On Linux, the setfacl utility is used to manage the ACLs of directories and files. This utility comes with the acl package, which should already be installed on our machine by default. However, we can install it from our distribution’s official repository if, for some reason, it’s not installed on our machine.
We can apply default permissions for files and directories with setfacl using the following command syntax:
$ setfacl [OPTIONS] [PERMISSIONS] [FILE|DIRECTORY]
Now, let’s apply default permissions for files and directories under /dev/sda4 partition, which happens to be mounted on /home:
$ setfacl -PRdm u::rwx,g::rw,o::r /home
Let’s break it down:
- -d sets the default permission for the /home directory
- -m signifies that we want to make changes to the ACL
- -R will apply the permission to all the files and subdirectories in the /home folder recursively
- -P will prevent the operation from following symbolic links — to avoid the risk of compromising security
- The pattern afterward specifies the default permissions for the /home directory
The permissions for each class of users are separated by commas. For example, the u::rwx specifies default permissions for the user or the owner of the /home directory. In this case, the owner can read, write, and execute newly created files and directories in the /home directory. Similarly, the owning group receives read-write permissions, while others receive only the read permission.
Now, let’s create a file under the /home directory to test our new permissions:
$ touch /home/hey/test
$ ls -l /home/hey/test
.rwxrw-r-- hey hey 0 B Fri Jan 21 22:42:01 2022 test
Since we’ve used the -R option, any new files and folders under the /home hierarchy will receive the appropriate default permissions.
2.4. Setting Default Permission for Different User or a Group
We can also put a uid (user ID) or a gid (group ID) between the colons. So, we should use this approach if we want to assign permissions for a user who is not the file or directory owner. As an example, if we want to set permission for the user doe, with uid 1001, we can simply specify the permissions as:
$ setfacl -PRdm u:1001:rw /home
2.5. Tools That Preserve Permissions
There are tools like cp, tar, unzip, and rsync that will try to preserve the permissions of the source files when creating new files and directories. In other words, these tools will mask the permission of our default ACL. Therefore, when using these tools, we should apply our required permissions to the resulting new files and directories manually with chmod.
3. Conclusion
In this article, we saw how we could set default permission for newly created files and directories on a Linux partition or a directory. We covered what ACL is and how to use the setfacl helper utility to set default permissions for newly created files and directories.