[CentOS] Wrong file permissions in CentOS 7

Fri Oct 10 21:06:37 UTC 2014
Alan Stern <stern at rowland.harvard.edu>

On Fri, 10 Oct 2014, Alan Stern wrote:

> On Fri, 10 Oct 2014, Mike wrote:
> 
> > On Fri, 10 Oct 2014, Alan Stern wrote:
> > 
> > > Sorry if this question has been asked many times before.
> > >
> > > On a new CentOS 7 system, when I create files they end up with strange
> > > permissions.  For example, as root:
> > >
> > > [root at server ~]# umask
> > > 0000
> > > [root at server ~]# touch a
> > > [root at server ~]# ls -l a
> > > -r--r----- 1 root root 0 Oct 10 11:45 a
> > >
> > > As a regular user:
> > >
> > > [stern at server ~]$ umask
> > > 0000
> > > [stern at server ~]$ touch b
> > > [stern at server ~]$ ls -l b
> > > -rw------- 1 stern stern 0 Oct 10 11:47 b
> > >
> > > In both cases the permsissions should have been -rw-rw-rw-.  What on
> > > earth is going on, and how can I fix it?
> > >
> > > Thanks,
> > >
> > > Alan Stern
> > >
> > > _______________________________________________
> > > CentOS mailing list
> > > CentOS at centos.org
> > > http://lists.centos.org/mailman/listinfo/centos
> > >
> > 
> > I'm sure I don't have an answer, but the last time I saw something like 
> > that the problem was related to a fat or vfat file system (I believe). 
> > What type of filesystem is "/"?  What is the output from 'df -Th' ?
> 
> I appreciate any suggestions for places to look, since I am baffled.
> 
> The filesystem is ext4.  "df -Th /" says as much, and also says that 
> teh filesystem is 18% full.
> 
> But you're right that the filesystem is somehow involved.  When I do 
> exactly the same thing in the /run directory, which is tmpfs, it works 
> as expected.
> 
> The output from "mount" doesn't help much:
> 
> /dev/md5 on / type ext4 (rw,relatime,seclabel,data=ordered)
> 
> Trying this on /boot (a separate ext4 filesystem in a different disk
> partition) gives yet a different result; the file ends up with
> -r--r--r-- permission.
> 
> I know that this isn't caused by selinux, because I get the same 
> results after booting with selinux turned off.

I found the answer: There are bad default ACL's associated with these
directories.  For detailed information about default ACLs, check out
"man 5 acl" as well as "man setfacl" and "man getfacl".  In short, a
directory's default ACLs affect the permissions of files created within
that directory.

The filesystems on this computer were created by un-tarring archives
created on another system, using tar's --acls option.  I guess this
option doesn't work right (a bug in tar!); the unpacked system contains
ACLs that were not present on the source system.

Alan Stern