I have a directory in which I am storing all my shell scripts and I would like new files to be made executable by default so that I don't have to go chmod u+x [file] everytime. Is there a way to make this happen. I tried chmod -R u+x [directory] but this only makes all the existing files executable not ones that I'm adding later. Is there a shell command or perhaps a shell script that you can suggest that can make this happen ? Thanks.
Asked
Active
Viewed 3,847 times
2
First User
- 263
1 Answers
2
To make permissions apply to new files, you need an ACL (access control list). The main tool to do this is setfacl.
You can set ACLs on directories so that new files created in them are always world-writable, or owned by a specific group. You are specifically interested in making new files executable.
That would be done with:
sudo setfactl -Rm d:u::rwx dir
That means, "recursively set default user permissions as rwx for new files". When I experiment I get this:
$ mkdir dir
$ getfacl dir
user::rwx
group::r-x
other::r-x
$ setfacl -Rm d:u::rwx dir
$ getfacl dir
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:other::r-x
Cool, We've added some default: lines which now say that new files in this directory will have these specific permissions applied. But when I touch the new file we see:
touch dir/file
ls -l dir
-rw-r--r-- 1 usr grp 0 Aug 19 10:57 file
It's not user-executable! The man page says:
The perms field is a combination of characters that indicate the read (r), write (w), execute (x) permissions. Dash characters in the perms field (-) are ignored. The character X stands for the execute permission if the file is a directory or already has execute permission for some user. Alternatively, the perms field can define the permissions numerically, as a bit-wise combination of read (4), write (2), and execute (1). Zero perms fields or perms fields that only consist of dashes indicate no permissions.
I've made the relevant part of that bold. We can set the x ACL so that new files are executable, BUT that will only apply if the file already has execute permissions for some user.
This is a limitation. I assume it's a security limitation so that malicious applications can't stick any file they like in a directory, have it automatically become executable, and then run it.
To demonstrate how ACLs could be used to do something similar, I'll show another example:
setfacl -Rm d:g::rw dir
touch dir/file1
ls -l dir/file1
-rw-rw-r-- 1 usr grp 0 Aug 19 11:00 dir/file1
You can see that I told the ACLs to add a default rule to make new files group-writable. When I made the new file, I confirmed that it was group writable (while new files are usually only group readable).
Stewart
- 13,677
-
1“I assume it's a security limitation so that malicious applications can't stick any file they like in a directory” — if a program can create a file in a directory, it can make it executable (during creation, and later on). – Stephen Kitt Aug 19 '20 at 09:09
-
-
I see ACLs as supplementing Unix permissions; they don’t provide any feature which can’t be expressed using Unix permissions already (with a different set of users). The ACL defaults are a purely ACL-related construct, in a similar fashion to certain inherited permissions (the sticky bit on directories). The inheritable
xis similar toXinchmod, and makes sense when considering ACLs as extending permissions. – Stephen Kitt Aug 19 '20 at 09:26
umaskto change the permission which files are created with - however, this affects all directories and will reset upon creating a new session. – Panki Aug 19 '20 at 08:41