Site icon Ryadel

Linux - Set default permissions when creating new Files with SSH/FTP

Linux - Come inviare E-Mail con sSMTP (con configurazioni-tipo per GMail, Aruba e Yahoo)

Yesterday we have published an article explaining how to set a default group when creating, uploading, or adding new files in Linux: in this post, we'll further expand on that topic by learning how we can do the same for permissions.

The Issue

The problem we want to fix is very similar to the one related to the default group: every time you upload some new files to a folder (such as var/www) that has specific group access (such as www-data) using your favorite SSH or FTP(s) client, those files are created with a default permission set (typically read-only) instead of having the read, write and/or execute permissions like we would like to.

The Fix

To set a default permission set we can use setfacl, a built-in command that can be used in most Linux distributions to set file access control lists.

Here's how we can use setfacl to set a default permission set for the existing group owner (such as www-data) for the /var/www folder:

and here's how we can use setfacl to set a default permission set for the same folder:

Once we do that, all existing and new files created in the /var/www directory will be automatically given the rwX (read, write, and execute for directories only) permission set for the www-data group. If we execute both of the above commands, we can effectively set up a permissions policy for that folder (and all the subfolders).

However, it's worth noting that the above commands will only change the behavior of the root /var/www folder - not the sub-folders within it. If we want to apply the same behavior for the whole directory tree - the /var/www folder and all subfolders - we need to execute a recursive approach using the -R switch in the following way:

That's it.

Using a script

If you have a lot of folders (or servers) which you want to apply this fix to, you might want to perform this task with the help of a bash script.

Here's the set_default_group.sh script we are using in our web servers, which combines the script that we have seen in our previous post and these new commands:

Feel free to use it!

Conclusions

We hope that this small piece of advice will help other system administrators to enforce a default permission set for their folders.

Exit mobile version