1

Further to this post, I found out that if the permissions for other should be ---, then I can use (it seems to work):

setfacl -R -m d:o::0 test

But when using SSHFS, permissions won't be retained. Both UID and GID are retained. I need a solution to handle the SSHFS situation.

AdminBee
  • 22,803
  • Note that sshfs is a network filesystem, it doesn't store any permissions. Permissions either come from the remote system or are modified by the sshfs mount itself. Trying to use commands like setfacl on the local system will be ineffective (unless they are transmitted to the remote system, in which case they probably don't do what you want.) The answer here shows the correct way to fix this. – user10489 Dec 20 '23 at 20:36

1 Answers1

1

You can use, when invoking sshfs, the option : -o umask=0007 : to ensure that the 'rwx' bits for others are all unset.

The defaults rights (not mask!) are:

octal: 0755 for a directory 0644 for files

binary: 000 111 101 101 for a directory 000 110 100 100 for a file

ie: --- rwx r-x r-x for a directory --- rw- r-- r-- for a file

(note: the first octal digit is for: 'setuid', 'setgid', and 'sticky' bits)

The umask will MASK some of those bits. umask 0007: 000 000 000 111

the original bits are ANDed one by one with the corresponding bit in the mask: | bitA | bitB | bitA AND bitB | | 0 | 0 | 0 | | 0 | 1 | 0 | | 1 | 0 | 0 | | 1 | 1 | 1 |

So with umask 0027, the defaults rights shown above will result in: binary: 000 111 101 000 for a directory 000 110 100 000 for a file

ie: --- rwx r-x --- for a directory --- rw- r-- --- for a file