With Linux ACL, can you have multiple groups with default access to a folder? I want this for sharing code repositories between different coding groups + several processes. My thinking is, if a user from one group creates contents inside the shared repository, even though the owner is that user, the default permissions are propagated to that new file and the other users can still access the contents.
Here's what I tried as root:
mkdir /tmp/temp chmod 770 /tmp/temp setfacl -dm g:www-data:r-x,g:sambashare:r-x /tmp/temp getfacl /tmp/temp # file: temp # owner: root # group: root user::rwx group::rwx other::--- default:user::rwx default:group::rwx default:group:www-data:r-x default:group:sambashare:r-x default:mask::rwx default:other::---
As testuser
id uid=1004(testuser) gid=1007(testuser) groups=1007(testuser),110(sambashare) cd /tmp/temp bash: cd: temp: Permission denied
So clearly not working as I expected. Can anyone help me understand why it's not working and how I can fix this?
P.S.
I'm setting default group permissions instead of just the regular group permission because those are supposed to propagate to children.
setfacl -m g:sambashare:r-x /tmp/temp
seems to work to grant access.
Thanks.
Best Answer
Try running
setfacl -Rdm g:www-data:r-x,g:sambashare:r-x /tmp/tempandsetfacl -Rm g:www-data:r-x,g:sambashare:r-x /tmp/temp. Option d sets the defaults, for new files and directories, but does not change existing settings as seen that only root:root has access. -R will be handy to go recursively down existing directories making the required changes.