Effective group permission of a directory - setgid ineffective

Question

I have this /srv directory that, for convenience, I would like members of the wheel group to have write access to, and for any files and directories created to transitively inherit the permissions.

After sudo chgrp wheel /srv && sudo chmod g+ws /srv, however, I still cannot create directories and files under /srv:

$ mkdir /srv/mantis
mkdir: cannot create directory `/srv/mantis': Permission denied

Examining the ACL on /srv shows that the effective group permission is only r-x, for some reason:

$ getfacl /srv
getfacl: Removing leading '/' from absolute path names
# file: srv
# owner: root
# group: wheel
# flags: -s-
user::rwx
user:webmaster:rwx
group::r-x
mask::rwx
other::r-x

Any reason why this happens? Could it be that somehow when I added the additional access for the webmaster user (long before the setgid attempt) I accidentally tampered with the group ACL?

Answer 1

Having a mask set by setfacl cause chgrp doesn't reflect the changes. You can run setfacl -m g::rwx /srv to set the group permission.

Otherwise, if you don't need advanced ACL at all, you can remove all rules by setfacl -b /srvand then re-run sudo chmod g+ws /srv.

Before edit

From the results of getfacl it seems that the command sudo chmod g+ws /srv was not working. Seemingly you are running sudo chgrp wheel /srv && sudo chmod g+ws /srv as a single command. If sudo chgrp wheel /srv failed (with a non-zero exit code for whatever reason), the && connector will simply ignore anything afterwards thus sudo chmod g+ws /srv will not be executed.

To illustrate, you can run cat NoSuchFile && echo "This message will be printed". The echo command is ignored in this example.

You may try running sudo chgrp wheel /srv and sudo chmod g+ws /srv separately and note any messages. Alternatively you may try sudo chmod 2775 /srv which should set the permission correctly.