I would like to know if is possible to create a default acl rule to a directory.
in this directory all files created should have executable permissions by the group IT.
i tried setfacl -m d:g:it:rwx /files
tried to change the mask
setfacl -m m::rwx /files
but i still can't get the files to be created by the group IT with execution permissions.
only if i apply the acl individual for each file.
I know this is not a good practice to have file with execution permissions by default but i want it for academic purposes.
Maybe I do not understand - but you seem to want default ACL settings for a directory to propagate to files (not necessarily as they are created I assume).
Oh. Try this an an experiment to show you what is going on.
What is you umask? Fix it. And are you in the IT group:
#become root if you are in IT group.
cd /tmp
echo 'echo "test"' >/tmp/t.shl
# -- you now have a file that needs execute to run.
chmod 660 t.shl
# -- be sure it does not have x
chgrp IT t.shl
# make SURE there are no ACLs on the file.
getfacl t.shl
cp t.shl /files
# check ACLs on the file.
getfacl /files/t.shl
/files.t.shl
# does it run?
If this fails please show everything you did. It should be okay i.e., does it run? Answer:yes
You can have no ACL on the file before you place it in the /files directory. So this means you have to make sure IT group users - programmers I guess - understand. They can mess it up.