How to set different file and directory default permissions with or without ACL within a shared directory with `setgid` and `sticky bit` set?

Question

I have searched over on multiple SE sites, though there doesn't seem to be an answer to this question. Using setgid bit, it allows to retain parent group and sticky bit for ownership, though this doesn't help with permissions. ACL on the other hand sets same permissions for both files and directories created within a given shared directory.

Assume a shared dir (/path/to/shared) with permissions 3775 and ownership root:shared-group.

How do I set default permissions on this shared dir, such that newly created files have permissions set to 644, whereas newly created directories have permissions set to 775?

In a nutshell, newly created files should be group readable but directories be group writable.

Using ACL with group permissions set to rwX makes even files group writable.

There are answers that are similar, but not quite; (ACL defaults: files vs directories, Getting new files to inherit group permissions on Linux, https://stackoverflow.com/questions/580584/setting-default-permissions-for-newly-created-files-and-sub-directories-under-a, Using setfacl to allow group members to write to any file in a directory )

Is this even feasible?

Answer 1

No, you can not do that with POSIX ACLs: default permissions can only be set for files/dirs/etc together.

Out of curiosity: what kind of use case/workflow do you try to accomplish?

In the setup you describe a user could just backup (read) the file, delete the original and recreate it with the same name. These operations only need write permissions in the containing directory, which the user has. The file owner effectively changed to the new user, now they can do with it as they wish (changing permissions included).