ACL settings works when using ssh but not with scp command

Question

I have setup an Arch Linux machine with a user 'archie' with a primary group 'users' as:

useradd -m -g users archie

Whenever archie creates a file in his ~/shared directory I want the group users to get write permissions so I add:

setfacl -dm u::rw,g::rw,o::r ~/shared

Now when I'm logged in as archie via ssh and create a file in ~/shared I can see that it works:

touch a.txt
ls -l
-rw-rw-r--+ 1 archie users 0 Dec  6 20:05 a.txt

However when I use scp from my client the 'w' permission is not set to users i.e.:

scp a.txt archie@192.168.0.1:/home/archie/shared
# now group users only got read permissions:
ls -l
-rw-r-r--+ 1 archie users 0 Dec  6 20:07 a.txt

I have no clue why I get this behaviour, shouldn't scp kind of works the same way as being logged in with ssh? How can I configure so I get the same behaviour with scp?

Reminds me of https://bugzilla.mindrot.org/show_bug.cgi?id=2678 — John Greene, May 03 '22 at 20:20

score 0 · Answer 1 · answered May 03 '22 at 20:24

0

This might fix your problem if you use rwx.

https://unix.stackexchange.com/questions/105831/how-do-i-allow-rwx-access-to-a-specific-group-with-acls

answered May 03 '22 at 20:24

John Greene

899
10
30

score 0 · Answer 2 · answered Feb 10 '23 at 09:27

I also could not get this to work with ACLs, but for me bindfs was the solution - it works no matter if you are logged in via SSH or use scp to copy files there.

sudo bindfs --create-for-group=users --create-with-perms=u+rwX,g+rwX,o+rX /home/archie/shared /home/archie/shared

Or in /etc/fstab this would look like:

/home/archie/shared /home/archie/shared fuse.bindfs create-for-group=users,create-with-perms=u+rwX,g+rwX,o+rX 0 0

See also Forcing user in both directions using bindfs

ACL settings works when using ssh but not with scp command

2 Answers2