How to Use setfacl to Recursively Set 775 Permissions and Default Owner/Group in Linux


3 views

When managing shared directories in Linux, you often need to ensure consistent permissions and ownership for both existing and future files. The standard chmod and chown commands don't handle future files, which is where ACLs (Access Control Lists) come into play.

Before proceeding, ensure:

  • Your filesystem is mounted with ACL support (add acl to mount options)
  • ACL utilities are installed (sudo apt-get install acl on Debian/Ubuntu)

For your members directory, run these commands:

# Set default ACLs for future files/dirs
sudo setfacl -Rdm u:nobody:rwx,g:admin:rwx,o:rx /path/to/members

# Apply to existing files/dirs
sudo setfacl -Rm u:nobody:rwx,g:admin:rwx,o:rx /path/to/members

# Set base permissions
sudo chmod -R 775 /path/to/members

Check the applied ACLs with:

getfacl /path/to/members

You should see output similar to:

# file: members
# owner: nobody
# group: admin
user::rwx
group::rwx
other::r-x
default:user::rwx
default:user:nobody:rwx
default:group::rwx
default:group:admin:rwx
default:mask::rwx
default:other::r-x

Create a test file to verify default permissions:

touch /path/to/members/testfile.txt
getfacl /path/to/members/testfile.txt

If permissions aren't applying correctly:

  • Verify filesystem is mounted with ACL support (mount | grep acl)
  • Check umask value isn't interfering (umask command)
  • Ensure parent directories have execute permission

To ensure these settings survive reboots:

  1. Add acl to filesystem mount options in /etc/fstab
  2. Consider adding the ACL commands to a startup script if needed

When managing shared directories in Linux, we often need to ensure consistent permissions and ownership for both existing files and future additions. The challenge involves three key aspects:

  • Recursive permission setting (775 in this case)
  • Persistent ownership (nobody:admin)
  • Inheritance for newly created items

Here's how to properly configure this using setfacl:


# First, set the default ACLs on the parent directory
sudo setfacl -Rdm u::rwx,g::rwx,o::rx,u:nobody:rwx,g:admin:rwx /path/to/members

# Then apply these settings to existing files
sudo setfacl -Rm u::rwx,g::rwx,o::rx,u:nobody:rwx,g:admin:rwx /path/to/members

# Set the owner and group
sudo chown -R nobody:admin /path/to/members

The setfacl options used here:

  • -R makes the changes recursive
  • -d sets default ACLs (for future files)
  • -m modifies the ACL entries

After running these commands, verify with:


getfacl /path/to/members

Common issues to watch for:

  • Filesystem must support ACLs (ext4, xfs, etc.)
  • Filesystem must be mounted with acl option
  • Parent directory must have +x permission for inheritance

For simpler permission requirements, you could combine umask with setgid:


chmod g+s /path/to/members
umask 002

However, this doesn't handle the ownership aspect as precisely as ACLs.

For permanent changes, consider adding to /etc/fstab:


UUID=your-uuid /path/to/members ext4 defaults,acl 0 2

Remember to remount after changes:


mount -o remount /path/to/members