I want both my users 'tobias' and 'www-data' to be able to read and write to a specific directory.
To that end I have chowned it to tobias:www-data, added tobias to the www-data group and added setguid to the directory. Files and subdirectories are correctly created with www-data group owning them.
The next step is, as I understand it, using ACL to have a certain umask for this specific directory. I want it to be 002, so that content are given rw-rw-r permission. So I added 'acl' to my mount in /etc/fstab and remounted the disk. So far so good.
Here is the ACL configuration for my directory:
$ getfacl app/cache/
# file: app/cache/
# owner: tobias
# group: www-data
# flags: -s-
user::rwx
user:www-data:rwx
user:tobias:rwx
group::rwx
mask::rwx
other::r-x
default:user::rwx
default:user:www-data:rwx
default:user:tobias:rwx
default:group::rwx
default:mask::rwx
default:other::r-x
But even with my ACL set up it still creates new files and subdirectories with rw-r--r-- permission. So either I have done something wrong or I have misunderstood the concept. Could anyone please help me figure out which and what I should do to make it work?
It seems to work here:
To be honest, I don't know much about Linux ACLs, but it seems to me that the
maskoption isn't what you need – it should be enough for thedefault:{user,group,other}options to be set as above.