I am struggling with the following problem. I have read the following guide: Getting new files to inherit group permissions on Linux Yet, this has not helped me.
(pgcluu is a postgresql cluster monitoring program)
I am using Debian server
I have a folder /var/www/pgcluu
Inside that folder i have stats reports folders. I have changed stats folder permission and ownership over to postgres. chmod -R postgres:postgres /var/www/pgcluu (so the full folder is owner by postgres)
pgCluu on the other hand is collecting data and is generating files inside stats folder. Looking something like. /var/www/pgcluu/stat/2018/04/04/09 basically /year/month/day/hour/ Inside the hour folder i have files like
-rw-r-----+ 1 postgres postgres 44 Apr 4 10:20 pg_stat_connections.csv
-rw-r-----+ 1 postgres postgres 940 Apr 4 10:20 pg_stat_database_conflicts.csv
-rw-r-----+ 1 postgres postgres 2479 Apr 4 10:20 pg_stat_database.csv
-rw-r-----+ 1 postgres postgres 1 Apr 4 10:20 pg_stat_replication.csv
-rw-r-----+ 1 postgres postgres 0 Apr 4 10:20 pg_stat_statements.csv
-rw-r-----+ 1 postgres postgres 88 Apr 4 10:20 postgresql.auto.conf
-rw-r-----+ 1 postgres postgres 21425 Apr 4 10:20 postgresql.conf
-rw-r-----+ 1 postgres postgres 70009 Apr 4 10:20 sysinfo.txt
This is just an example, there are alot of more files.
The files are generated by pgcluu_collectd every minute (u can change it) But they need to be rewritten, therefor it needs to have rw- rw- --- permissions to do it. (Owner and group must have read and write on the files) Each time i change it myself, pgcluu_collectd makes the files with rw- r-- --- permissions again.
Therefor, is there a away that the files would inherit permissions from the folder /var/www/pgcluu/stats
root@p12: getfacl /var/www/pgcluu/stats/
# file: var/www/pgcluu/stats/
# owner: postgres
# group: postgres
# flags: -s-
user::rwx
group::rwx
other::---
default:user::rwx
default:group::r-x
default:group:postgres:r-x
default:mask::r-x
default:other::---
and on the file
root@p12:getfacl /var/www/pgcluu/stats/2018/04/04/10/pg_hba.conf
# file: var/www/pgcluu/stats/2018/04/04/10/pg_hba.conf
# owner: postgres
# group: postgres
user::rw-
group::r-x #effective:r--
group:postgres:r-x #effective:r--
mask::r--
other::---
The getfacl output for the directory explains it. The fourth line:
# flags: -s-
indicates the directory has the setgid bit set, so all files generated within it will get the same group this directory has. New sub-directories will inherit both the group and the setgid bit. This is not related to ACLs at all; this is just a basic chmod 2755.
At the end of the listing, there are several lines marked with the default keyword:
default:user::rwx
default:group::r-x
default:group:postgres:r-x
default:mask::r-x
default:other::---
These specify with more detail the permissions any new files or sub-directories will get. In this case, it enforces r-x group permissions to the standard POSIX group owner, and adds explicit r-x permissions for the postgres group whether the creator belongs to that group or not. If you need the files to have group write access, these need to be changed.
Try this:
setfacl -m g::rwX,d:g::rwX,d:g:postgres:rwX /var/www/pgcluu/stats
With Linux setfacl, the mask part of the ACL should be automatically updated to include write access. (With a more strict-POSIX system you would have to add d:m:rwx to the ACL specification to explicitly adjust the ACL mask.)
The upper-case X indicates "execute permission, but only for directories, and also for files that already have an execute permission for someone."
If the directory (and any new files you create in it) has the permissions you want after this modification, you might consider adding the -R option to make the change recursively to all files and directories under /var/www/pgcluu/stats.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments