Yes, ACLs can do this.
-
Ensure your filesystem is mounted with
acl. To check this, typemount. You should seeacllisted among other permissions, e.g./dev/sda1 on / type ext4 (rw,errors=remount-ro,acl)If it’s not mounted with acl, open up
/etc/fstab, and addaclto the list of options:# /etc/fstab: static file system information. # # <file system> <mount point> <type> <options> <dump> <pass> /dev/sda1 / ext3 noatime,errors=remount-ro,acl 0 1Now, re-mount the running filesystem with the new options:
mount -v -o remount / -
Install the acl utilities. On ubuntu/debian, this is:
sudo apt-get install acl -
Your new friends are
setfaclandgetfacl. Usesetfaclto change the default acl for a directory:setfacl -d -m o:r foo-dsets default,-mmodifies acl, ando:rgrants “other” the right to read. Setting default on a directory is roughly equivalent to setting setgid on a directory, but instead of newly created files inheriting the group, they inherit the acl. Together, setgid and acl can be powerful, because you can grant default permissions to a group, and get newly created files to belong to that group, for an effective group-based per-directory umask. -
Check your work:
ls -lshould now show an extra “+” indicating the presence of acl in addition to the standard file permissions.% ls -la foo/ drwxr--r--+You can get detailed info on the acl using
getfacl.% getfacl foo # file: foo # owner: you # group: you user::rwx group::r-- other::r-- default:user::rwx default:group::--- default:other::r--