I’m using Linux and SMB.
When I copy / create files on an smb share using either POSIX or NFSv4 permission, all files are created as executable and setgid is not respected.
What I want to do:
I’m using rsync for backup from truenas and sometimes Linux. If I set permissions to NFSv4 I get permission warning when trying to rsync -av as root
So I went with simpler POSIX permissions on dataset. I can also go NTFSv4 if I can rsync as root and if I can create files with 640 by default (or what I pick 644 in some cases) as share user.
When I copy or create files on shares I don’t want all created files to be executable by default. I vrote a script to set permissions and ACLs just right:
i=/mnt/volume1/testshare1
sharename=${testshare1}
groupname=${sharename}
chown -R alyx:${groupname} "${i}"
# strip permissions before applying
chmod -R 0000 "${i}"
setfacl -R -bn "${i}"
# apply permissions
chmod -R u=rwX,g=rX,o=--- "${i}"
# set sticky group only on top
chmod g+s "${i}"
# set default acl
setfacl -m d:u::rwx "${i}"
setfacl -m d:g::r-x "${i}"
setfacl -d -x o:: "${i}"
setfacl -d -m u:gordon:rX "${i}"
setfacl -d -m u:alyx:rwX "${i}"
setfacl -d -m u:root:rwX "${i}"
# set recursive acls
setfacl -R -m u:gordon:rX "${i}"
setfacl -R -m u:alyx:rwX "${i}"
setfacl -R -m u:root:rwX "${i}"
setfacl -m d:m:rw "${i}"
Alyx should be able to write to share, while Gordon may be compromised by the Combine so he should have readonly.
When I do this and create a file the file is owned by alyx:alyx despite sticky bit set and is group executable.
How can I make files written to shares not be executable by default?