When a sub-folder is created, the permission of the new sub-folder is defined by:
The properties of the user created the directory:
a. user-id
b. group id's
The defined umask
- The parents folder
default ACL
(if exists)
Note: More info can be found in acl man
OBJECT CREATION AND DEFAULT ACLs
The access ACL of a file object is initialized when the object is
created with any of the creat(), mkdir(), mknod(), mkfifo(), or open()
functions. If a default ACL is associated with a directory, the mode
parameter to the functions creating file objects and the default ACL
of the directory are used to determine the ACL of the new object:
1. The new object inherits the default ACL of the containing directory as its access ACL.
2. The access ACL entries corresponding to the file permission bits are modified so that they contain no permissions that are not
contained in the permissions specified by the mode parameter.
If no default ACL is associated with a directory, the mode parameter to the functions creating file objects and the file creation mask (see
umask(2)) are used to determine the ACL of the new object:
The new object is assigned an access ACL containing entries of tag types ACL_USER_OBJ, ACL_GROUP_OBJ, and ACL_OTHER. The permissions of
these entries are set to the permissions specified by the file
creation mask.
The access ACL entries corresponding to the file permission bits are modified so that they contain no permissions that are not
contained in the permissions specified by the mode parameter.
Instructions how to set a default ACL were copied from this Q&A
chmod g+s <directory> //set gid
setfacl -d -m g::rwx /<directory> //set group to rwx default
setfacl -d -m o::rx /<directory> //set other
Next we can verify:
getfacl /<directory>
Output:
# file: ../<directory>/
# owner: <user>
# group: media
# flags: -s-
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:other::r-x
More info about umask
can be found in umask man
umask() sets the calling process's file mode creation mask (umask) to
mask & 0777 (i.e., only the file permission bits of mask are used),
and returns the previous value of the mask.
The umask is used by open(2), mkdir(2), and other system calls that
create files to modify the permissions placed on newly created files
or directories. Specifically, permissions in the umask are turned
off from the mode argument to open(2) and mkdir(2).
Alternatively, if the parent directory has a default ACL (see
acl(5)), the umask is ignored, the default ACL is inherited, the
permission bits are set based on the inherited ACL, and permission
bits absent in the mode argument are turned off. For example, the
following default ACL is equivalent to a umask of 022:
u::rwx,g::r-x,o::r-x
Combining the effect of this default ACL with a mode argument of 0666
(rw-rw-rw-), the resulting file permissions would be 0644 (rw-
r--r--).
The constants that should be used to specify mask are described under