On Fri, 10 Oct 2014, Alan Stern wrote:
On Fri, 10 Oct 2014, Mike wrote:
On Fri, 10 Oct 2014, Alan Stern wrote:
Sorry if this question has been asked many times before.
On a new CentOS 7 system, when I create files they end up with strange permissions. For example, as root:
[root@server ~]# umask 0000 [root@server ~]# touch a [root@server ~]# ls -l a -r--r----- 1 root root 0 Oct 10 11:45 a
As a regular user:
[stern@server ~]$ umask 0000 [stern@server ~]$ touch b [stern@server ~]$ ls -l b -rw------- 1 stern stern 0 Oct 10 11:47 b
In both cases the permsissions should have been -rw-rw-rw-. What on earth is going on, and how can I fix it?
Thanks,
Alan Stern
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I'm sure I don't have an answer, but the last time I saw something like that the problem was related to a fat or vfat file system (I believe). What type of filesystem is "/"? What is the output from 'df -Th' ?
I appreciate any suggestions for places to look, since I am baffled.
The filesystem is ext4. "df -Th /" says as much, and also says that teh filesystem is 18% full.
But you're right that the filesystem is somehow involved. When I do exactly the same thing in the /run directory, which is tmpfs, it works as expected.
The output from "mount" doesn't help much:
/dev/md5 on / type ext4 (rw,relatime,seclabel,data=ordered)
Trying this on /boot (a separate ext4 filesystem in a different disk partition) gives yet a different result; the file ends up with -r--r--r-- permission.
I know that this isn't caused by selinux, because I get the same results after booting with selinux turned off.
I found the answer: There are bad default ACL's associated with these directories. For detailed information about default ACLs, check out "man 5 acl" as well as "man setfacl" and "man getfacl". In short, a directory's default ACLs affect the permissions of files created within that directory.
The filesystems on this computer were created by un-tarring archives created on another system, using tar's --acls option. I guess this option doesn't work right (a bug in tar!); the unpacked system contains ACLs that were not present on the source system.
Alan Stern