Can I override my umask using ACLs to make all files created in a given directory world readable?

Yes, ACLs can do this.

  1. Ensure your filesystem is mounted with acl. To check this, type mount. You should see acl listed among other permissions, e.g.

    /dev/sda1 on / type ext4 (rw,errors=remount-ro,acl)

    If it’s not mounted with acl, open up /etc/fstab, and add acl to the list of options:

    # /etc/fstab: static file system information.
    # <file system> <mount point>   <type>   <options>       <dump>  <pass>
    /dev/sda1       /          ext3     noatime,errors=remount-ro,acl 0       1

    Now, re-mount the running filesystem with the new options:

    mount -v -o remount /
  2. Install the acl utilities. On ubuntu/debian, this is:

    sudo apt-get install acl
  3. Your new friends are setfacl and getfacl. Use setfacl to change the default acl for a directory:

    setfacl -d -m o:r foo

    -d sets default, -m modifies acl, and o:r grants “other” the right to read. Setting default on a directory is roughly equivalent to setting setgid on a directory, but instead of newly created files inheriting the group, they inherit the acl. Together, setgid and acl can be powerful, because you can grant default permissions to a group, and get newly created files to belong to that group, for an effective group-based per-directory umask.

  4. Check your work: ls -l should now show an extra “+” indicating the presence of acl in addition to the standard file permissions.

    % ls -la foo/

    You can get detailed info on the acl using getfacl.

    % getfacl foo
    # file: foo
    # owner: you
    # group: you

Leave a Comment