We used ubuntu linux on desktops with ldap authentication. Both on server and clients we have identical users and groups.
I've setup nfs server with public share, which should be available for all users with write permissions. E.g one user created file, other be able to remove this file by default.
I have the following requirements:
- I do not want to change default umask (0022) on clients machines.
- I do not want to use inotify for change permissions when files changed on server, because it slow down network access with a nfs share and works not stable.
How to reproduce:
I create initial folder with default acl's with following permissions for folder directory owned by group inoffice
$ setfacl -m default:g:inoffice:rwx directory/
$ setfacl -m g:inoffice:rwx directory/
$ getfacl directory/
# file: directory/
# owner: root
# group: root
user::rwx
group::r-x
group:inoffice:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:inoffice:rwx
default:mask::rwx
default:other::r-x
In theory:
1. This directory must be writeable for users in group inoffice.
2. All new files and dirs inherit group:inoffice:rwx
permissions
Suppose we have two users(clients):
user1 with primary group __USERS__ and supplementary group inoffice
user2 with primary group __USERS__ and supplementary group inoffice
Suppose user1 went into nfs folder directory on it's own machine and created folder named 'folder_user1'
getfacl folder_user1
# file: folder_user1
# owner: user1
# group: user1_group
user::rwx
group::r-x
group:inoffice:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:inoffice:rwx
default:mask::rwx
default:other::r-x
Then user2 can delete this folder because of default:group:inoffice:rwx
permissions
But if user1 copy directory (instead of create) to directory. Resulting permissions will be:
$ getfacl folder_copied_by_user1
# file: folder_copied_by_user1
# owner: user1
# group: user1_group
user::rwx
group::r-x
group:inoffice:rwx #effective:r-x
mask::r-x
other::r-x
default:user::rwx
default:group::r-x
default:group:inoffice:rwx
default:mask::rwx
default:other::r-x
I know about difference in calls of method open when we copy and create files in linux. Also I know about umask, which is applied after create file operation.
I can't find a solution for share files on the network with nfs protocol in my case.
Help me to find workaround.