# per directory umask

## honeymak

hi guys

i have a question about umask

scenario below

/home

/home/admin

rwxrws--- root admin /home/admin

i would like to have users in group admin can create files/dir under it having umask 2770

while those admin users create files/dir in other places follows system umask setting

is this possible?

thanks

 :Embarassed: 

----------

## Unne

One way apparently is to make /home/admin a separate mount point (if possible), and then you can set the umask when you mount it.

----------

## honeymak

i know

but it's not possible for me to make it another partition

>.^

----------

## faceman

Unfortunately, I don't have an answer, but I'm looking for the same answer.

I'm surprised there's not an easy way to do this - or at least not a commonly known way.

----------

## timeBandit

 *faceman wrote:*   

> I'm surprised there's not an easy way to do this - or at least not a commonly known way.

 

 :Wink:  Ah, but there is: ACLs.

Have a close look at the documentation for getfacl/setfacl, especially the former (for an explanation of terms). A directory ACL can specify default attributes for files created in the directory, with user, group and world granularity.

In the case at hand: setfacl -m default:group:admin:2770 /home/admin should do the trick. Note that the kernel and filesystem(s) must support ACLs and sys-apps/acl supplies the necessary libraries and tools.

----------

## faceman

Ok, I actually found this out last night and have been reading up on it and can't get it to work.  I can only make the simplest setfacl commands work like

```
setfacl -m group::000 bob
```

and if I do

```
setfacl -m group:users:000 bob
```

or

```
setfacl -m default:group::000 bob
```

I get

```
setfacl: bob: Operation not supported
```

Any clue?

(bob is my test directory, by the way)

EDIT:

Searching for "acl" on the wiki didn't produce anything, oddly, as I found the wiki page here that shows how to do it by accident in a Google search.

Anyway, I just had to mount my partition with the "acl" option.  Seems to work fine now!  Perfect solution!

----------

## Genone

 *Unne wrote:*   

> One way apparently is to make /home/admin a separate mount point (if possible), and then you can set the umask when you mount it.

 

Actually you can't. The umask option is only for filesystems that don't support normal unix permissions.

----------

## corsair

Hello,

I am currently trying to set up ACL for a directory. the goal is, that all files should become -rw-rw---- and directories drwxrws---.

Almost everything works: files get the correct group, and new files the correct permissions:

```
$ ls -l /var/media/audio/

total 64

drwxrws---+  6 markus media  4096 2007-11-07 15:02 ac3

drwxrws---+ 14 markus media  4096 2007-12-02 18:05 dts

drwxrws---+  2 markus media 20480 2007-12-02 18:38 flac

drwxrws---+ 10 markus media  4096 2007-11-07 15:03 mp3

drwxrws---+  2 markus media 12288 2007-08-26 01:44 ogg

$ touch /var/media/audio/file

$ ls -l /var/media/audio/

total 64

drwxrws---+  6 markus media  4096 2007-11-07 15:02 ac3

drwxrws---+ 14 markus media  4096 2007-12-02 18:05 dts

-rw-rw----   1 markus media     0 2007-12-02 20:44 file

drwxrws---+  2 markus media 20480 2007-12-02 18:38 flac

drwxrws---+ 10 markus media  4096 2007-11-07 15:03 mp3

drwxrws---+  2 markus media 12288 2007-08-26 01:44 ogg

```

what does not work: If I copy a file to the directory, which had 644 permissions before (the file, not the directory) its new permissions are 640 and not 660:

```
$ touch file

$ ls -l file

-rw-r--r-- 1 markus markus 0 2007-12-02 20:46 file

$ cp file /var/media/audio/

$ ls -l /var/media/audio/

total 64

drwxrws---+  6 markus media  4096 2007-11-07 15:02 ac3

drwxrws---+ 14 markus media  4096 2007-12-02 18:05 dts

-rw-r-----   1 markus media     0 2007-12-02 20:46 file

drwxrws---+  2 markus media 20480 2007-12-02 18:38 flac

drwxrws---+ 10 markus media  4096 2007-11-07 15:03 mp3

drwxrws---+  2 markus media 12288 2007-08-26 01:44 ogg

```

this are the ACL permissions of /var/media/audio/:

```
$ getfacl /var/media/audio/

getfacl: Removing leading '/' from absolute path names

# file: var/media/audio

# owner: root

# group: media

user::rwx

group::rwx

other::---

default:user::rwx

default:group::rwx

default:other::---

```

any hints?   :Rolling Eyes: 

regards,

-markus

EDIT: oh.. another information: if I set the permissions to 664 before I copy it, the new permissions are being set to 660 (as it should be).

----------

## xces

What does `umask` output in your shell?

----------

## corsair

thanks for the hint, but I don't want to touch the umask. it's currently 0022 and should stay that way. what I would want is to change the umask for just this directory (/var/media/{video,audio}), but that's impossible AFAIK. So I came up with idea to use ACLs. Like I said before. `touch`-ing a new file creates a file with the correct permissions. But I want that copied files also get the defined permissions.

----------

## desultory

Merged the above three posts.

----------

