Access Control Lists <Solved>

[Alanm]

I have a folder to which several users have access. I have created ACLs to control access. What I want to achieve is, that when a user move a picture (e.g. from an SD card) into the folder, the file should automatically belong to the group named 'billeder' and this group should have read and write access. The permissions of the folder (and sub-folders) using getfacl show as:

# file: Billeder (delte)
# owner: alan
# group: billeder
# flags: -s-
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:other::r-x

and ls -l for the same folder shows:

drwxrwsr-x+ 24 alan billeder 4096 aug 4 18:50 Billeder (delte)

ls -l test* shows this
-rw-rw-r-- 1 alan billeder 0 aug 4 18:45 test
-rw-r--r-- 1 alan billeder 0 aug 4 18:46 test1
-rw-r--r-- 1 alan alan 0 aug 4 18:46 test2

'test' was created in the folder using *touch test'
'test1' was copied to the folder (using Nemo)
'test2' was cut and pasted to the folder (using Nemo)

Two things bother me:
1. When copying a file it inherits the group 'billeder' of the folder it is copied to as it should. However, when cutting and pasting the group does not change. Why this difference?
2. The files copied or cut-and-pasted does not inherit the write permissions of the folder it is copied/pasted into. If the files already have the right permissions/group, they retain these permissions when copied/moved to this folder.

I have searched the net and found dscriptions of how to invoke ACL, but I cannot figure out why I can't get it to work.

[altair4]

I shouldn't be posting in this topic because it's simply been too long since I've used ACL's so consider this a bump

I actually think it's working as designed. I've reproduced what I believe are the steps you used to create the test folder and here is my getfacl:

# file: DataLACL/ACLTest
# owner: root
# group: plugdev
# flags: -s-
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:other::r-x

I used plugdev as the group since it already exists and I'm already a member.

And here are my results which are the same as yours:

-rw-r--r-- 1 tester1 plugdev 0 Aug 4 16:28 copyfile.txt
-rw-r--r-- 1 tester1 tester1 0 Aug 4 16:29 movefile.txt
-rw-rw-r-- 1 tester1 plugdev 0 Aug 4 16:28 newfile.txt

A move is simply a change to the path location in the files attributes ( unless you use it to rename ) so the acl mask and sgid bit will be ignored.

The newly created file obeys all the rules so it's doing what everyone is forcing on it.

The real issue is the copy as it carries with it the ownership of who copied it, it does obey the sgid directive and changes to plugdev, but it's permissions are how it was before it was copied.

There is another issue here and that's the default umask. When you created the file that you copied in Mint it saved as 644 which is messing everything up here. But if you did the exact same thing in Ubuntu it would have saved as 664. Mint sorta kinda broke the umask mechanism and a bug report on it was submitted some time ago now,

Bindfs would be a solution since it creates a "view" of the folder with it's own set of permissions that you can't change so it will always save a file as 664 with a group of plugdev be it copied, moved, or created.

[Alanm]

Thanks for pointing out bindfs - that worked!