LINUX - ownership inheritance of parent dir not working, only group is applied

Question

Ownership inheritance of parent dir not working, only group 'apache' is applied

Owner should be 'apache' but is 'root'

OS: rocky linux 9, selinux - getenforce : Permissive

umask 002

umask:
-----
0002
-----

sudo mkdir /var/www/html/te && \
chown apache:apache -R /var/www/html/te && \
sudo chmod g+w /var/www/html/te && \
sudo chmod g+s /var/www/html/te && \
touch /var/www/html/te/testfile.txt

parent_directory: 
-------------------------
/var/www/html/te ownership- apache:apache / rwxrwsr-x '2775'
-------------------------

ls -al /var/www/html/te:
-------------------------
total 0
drwxrwsr-x. 2 apache apache 26 Jun  3 11:23 .
drwxrwsr-x. 3 apache apache 16 Jun  3 11:23 ..
-rw-rw-r--. 1 root   apache  0 Jun  3 11:23 testfile.txt
-------------------------

what could be wrong?

Thank you

Answer 1

The SetGID bit works as intended here, it applies group ownership of its parent directory. It is used for sharing directories amongs members of the same group. So when me and you are in the same group working and creating files in a directory with SetGID applied, we would be able to work with each others files because of the inherited group permissions. However files created by the both of us would still be owned by whoever created it.

I do not believe there is a mechanism that applies user ownership based on its parent directory. The setUID bit is used to execute executable files with the ownership of the file rather than whoever executed it.

So in short, there is nothing wrong. It actually works as intended, the apache daemon can still read AND write to your testfile.txt because of the group bits. If you want more fine grained control, you could dive into ACL's but from my experience as a linux sysadmin there is barely any scenario where you really need ACL's.