File permissions on session

HI all,

I’m setting up a system that will be shared by multiple users.
(Ubuntu 19.10)

I have, using acl’s. etc. configured a shared directory such that when files or directories are created the group has rw privilege by default.

If I create a file or folder from a file browser, command line etc. it gets created with rw permissions for the group.

If I open a new session from ardour5 in the same directory, the ardour folders and files get the correct group, but get read only.

Ideas?

try to open ardour from terminal within the shared folder to see if that changes something.
I would also try to change permissions in /opt/Ardourxxx installation folder from root to usergroup

Starting from command line made no difference, still gets the group right, but read only.

My /opt directory is empty…

So you’ve enabled set-group-ID (02000 S_ISGID) on the parent folder? chmod 2775 /path/to/ardour-sessions/ ?

What is the umask when starting Ardour?
In a Terminal Window, does

umask 0002
Ardour5

help?

umask returns:

0022

Then starting ardour5 with a new session still gets the group on the new files right, but group only has read access.

getfacl on the directory shows:

getfacl ./Sessions
# file: Sessions
# owner: root
# group: session
# flags: -s-
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:other::r-x

And the contents:

ls -lan
total 24
drwxrwsr-x+ 6 0 1002 4096 Feb 9 15:45 .
drwxrwxrwx 5 0 0 4096 Feb 9 10:49 …
drwxr-sr-x+ 9 1000 1002 4096 Feb 9 15:46 Comline
drwxrwsr-x+ 2 1001 1002 4096 Feb 9 11:18 junk
drwxr-sr-x+ 9 1000 1002 4096 Feb 9 11:05 Mac1
drwxrwsr-x+ 9 1001 1002 4096 Feb 9 12:46 Octa1

Group 1002 being the shared group “session” between user 1000 and 1001
Mac1 and Octa1 are sessions saved from Ardour
junk was created by hand (i.e. create folder from file manager)
Comline is a session saved from Ardour launched from commandline

OK. so Ardour (really libxml2) will never create files that are group-writable. The group and other write flags are masked.

I’m confused…

The man page for umask says:

“Alternatively, if the parent directory has a default ACL (see acl(5)), the umask is ignored, the default ACL is inherited,…”

Further messing around…

When I login open a terminal umask is 022, if I then su umask is 002.

Everything I’ve tried to set default umask to 002 result in the above situation.

Usually when I have permission issues I always try the chmod 777 -R to the directory of interest. 8 out of 10 times it works

That fixes it for that particular, already existing, directory.

But, the goal is to have new directories automagically created with the desired access rights…by users who have no clue what the command line is. As far as they know chmod is something from a Harry Potter movie. :joy:

After reading a few places on the web, I re-did the entire ACL setup on my directories.

I have confirmed:

  • user umask after login is 022
  • ACL’s seem to be set correctly on the directory
  • Multiple users can create directories and files with various programs (like scite, libreoffice write, audacity) and the folders/files are created with rw for the group
  • Ardour still creates the folders/files with the correct group, but only r for the group.

What am I missing? Is Ardout doing something that those other programs aren’t? Is Ardour not handling the ACL correctly?

I’ve deleted the last 3 messages to avoid incorrect and/or confusing stuff being left here.

If someone has concrete steps for the OP to take, please feel free to continue.

After a bunch more research and experimentation:

I figured out how to get the user to have umask 0002 by default. Ardour still creates the correct group on files and directories, but only gives the group access rights for read. Other programs correctly create files/directories with group read/write as specified by the ACL

In addition, for folders using basic access control (i.e. no ACL’s, and setguid bit set) Ardour produces the same results, while other programs do it correctly.

I’m assuming my use case is special, so this would not be considered an Ardour bug. But, shouldn’t Ardour be handling directory/file creation as other programs do?