On my server, there are several directories where I want to ensure that every file under them has the same ACL.
My current approach is to use the
system.activationScripts option to call
setfacl on the desired directories every activation, and then create some systemd timers that will call
setfacl -R at regular intervals to keep the permissions consistent.
It works, but it feels pretty hacky. I’m curious if anyone out there has done something similar and what other approaches are possible, or perhaps if someone has made a module to do this already.
P.S. I’m using ZFS, so if there are any zfs-only solutions out there, I’m happy to hear them as well.