Permissions not inheriting to files and folders in linux mint

I am using linux mint with ext4 file system mounted with acl option, I want to set a folder such that anything created within it directories or files inherit default permissions and group = 777, I have applied setfacl with options (-R -d -m ugo:rwx) but still files being created as 644 can someone please help me with this thanks.
Yasir ArfatJunior System AdministratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
Linux inherits rights from the user, not from the settings on the folder that are limiters.
I.e. Usera saves a file in somefolder, the settings on the folder enforce restrictions, usera, group membership and umask is what will dictate the file settings.

777 means anyone can save a file here.
If userA member of groupa has a umas of 022, the created file will be readable by all 644
In case of userb member of groupb and a umask of 077. The created file will be readable only by the user and root, as ins with elevated rights.

Look at getfacl on a folder

You can and would need to use a cron job, that will reapply rights on the folder by running setfacl with rights you want to have on the folder and contents.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Yasir ArfatJunior System AdministratorAuthor Commented:
Thanks Arnold here at the results what I have done so far with the folder call DB-3-10, hourly backup are being saved in this folder by our sesame database with 644 permission which need to be changed to 777 please advise

manager@Sesame-mint ~/Desktop/Sesame2 $ umask
0002
manager@Sesame-mint ~/Desktop/Sesame2 $ getfacl DB-3-10
# file: DB-3-10
# owner: manager
# group: manager
# flags: -s-
user::rwx
user:manager:rwx
group::rwx
group:manager:rwx
mask::rwx
other::rwx
default:user::rwx
default:user:manager:rwx
default:group::rwx
default:group:manager:rwx
default:mask::rwx
default:other::rwx

after all above the files are still being created 644

-rw-r--r--+ 1 manager manager 1669067837 Feb 10 19:27 DB-3-101518308853.dat
-rw-r--r--+ 1 manager manager  240996800 Feb 10 20:27 DB-3-101518312462.db
-rw-r--r--+ 1 manager manager 1669072653 Feb 10 20:27 DB-3-101518312462.dat
-rw-r--r--+ 1 manager manager  240996800 Feb 10 21:27 DB-3-101518316071.db
-rw-r--r--+ 1 manager manager 1669072653 Feb 10 21:27 DB-3-101518316071.dat
Thanks
0
arnoldCommented:
777 permissions apply to directory and executeables
666 is the equivalent in files.

Usually, backups should not be readable, not sure what your backup process is.

What backs up? What are the umask setting for the user whose credentials or under whose credentials the backup runs, note umask 0002, means no world/other write rights.
0
Acronis True Image 2019 just released!

Create a reliable backup. Make sure you always have dependable copies of your data so you can restore your entire system or individual files.

Yasir ArfatJunior System AdministratorAuthor Commented:
We are actually copying live database copies to DB-3-10 folder for backup and execution purpose these copies need to be executed by few users whom access these files using smb shared folder from windows PC's, the sesame db application runs on Linux mint machine as user manager, user manager and other three users are also members of the group manager.
Thanks,
0
arnoldCommented:
Has consideration been given to using replication to setup a second system/instance that can be queried
Having read access provides the user access to the data without alteration right.

Based on the ACL, members of the manager group prinary (-g) or secondary (-G) will based on the ACL will have  full rights.

Using a cron to run setfacl to recursively apply the ACL to the folder is needed to reapply your settings on new files.

The + on the end of permissions in the listing indicates ACL,additional settings.

Getfacl on a db file does it reflect the same setting as the folder settings you posted?
0
Yasir ArfatJunior System AdministratorAuthor Commented:
Hmm files acl looks different
manager@Sesame-mint ~/Desktop/Sesame2/DB-3-10 $ getfacl DB-3-101518290818.db# file: DB-3-101518290818.db
# owner: manager
# group: manager
user::rw-
user:manager:rwx                #effective:r--
group::rwx                      #effective:r--
group:manager:rwx               #effective:r--
mask::r--
other::r--
0
arnoldCommented:
As noted, in Linux/unix the enhanced ACL does not inherit, you would need to rerun from cron a setfacl with your rights and applied recursively....
0
Yasir ArfatJunior System AdministratorAuthor Commented:
ok so should I apply setfacl -R -d -m on user, group or other, also should I apply it on folder or files inside the folder and how often should I run cron.
Thanks,
0
Yasir ArfatJunior System AdministratorAuthor Commented:
So I guess there isn't any default solution to  get this fixed except running a manual cron?
0
arnoldCommented:
Right.
I am still puzzled why you need write rights if these are just being queried/read.
0
Yasir ArfatJunior System AdministratorAuthor Commented:
We need rwx on all files being created in in this folder because we are using these files as a backup and they're being executed by few users for data alterations and upgrade as well.
0
arnoldCommented:
a db file can not be executed.  So not clear. commonly, the execute bit needs to be applied manually as well.

you would rerun the chmod -RH to apply the exec bit....
0
Yasir ArfatJunior System AdministratorAuthor Commented:
We open dat files not db and thank you so much for your valued time I will still dig more to find solution to make permission thing happen automatically if not then I will apply your crontab suggestion.
0
Yasir ArfatJunior System AdministratorAuthor Commented:
Couldn't get permission issue fixed so finally setup a cron to change permissions.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.