welcome: please sign in
location: LinuxFileACLs

Here's how kim creates a 'log' directory that apache can write to, but whose child files aren't visible on the web:

Set inherit permissions on all new child files (to view existing use - $getfacl directoryname)- http://www.vanemery.com/Linux/ACL/linux-acl.html#default

$chown sangwink:apache directoryname
$setfacl --set u::rwx,g::wx,o::- directoryname
$setfacl -d --set u::w,g::w,o::- directoryname (sets the 'default' ACL setting, which is what's important for inheritance. The umask has no effect if a default ACL exists. I think you can add x here too and it will only apply to child directories not child files)

LinuxFileACLs (last edited 2015-07-10 10:09:34 by meyersh)