Hi,

I have been struggling with this problem for 4 days now.

I have folder named "import" owned by user "crcftp" belonging to group "users".

The permissions set on the import folder are - drwxrwxrwx+

The plus sign i presume is due to the fact that i have set acl for the users "crcftp" and "oracle" using the following commands.

setacl -m d:u: crcftp:rwx import
setacl -m d:u: oracle:rwx import

Next, I create flatfile through Oracle Procedures (UTL_FILE package) in the folder import

However, the newly created file does not seem to inherit the default ACL through inheritance.

When i perform a getacl on the newly created file (owner - oracle, group - dba), I get the following output:

# file: test5.txt
# owner: oracle
# group: dba
user::rw-
user: oracle:rwx #effective:---
user:crcftp:rwx #effective:---
group::---
class:---
other:---

The umask setting for this user (crcftp) is 022

My OS Version is HP-UX B.11.23

Would be really grateful if somebody can help me with this.

Thanks and regards,
Tabish

When you run the utl_file package, oracle overrides local settings, and you get the value of umask permissions of the user running the code.

This is oracle behavior. See the DIRECTORY OBJECT. Also read about the security model
for UTL_FILE_DIR:

UTL_FILE

Thanks Jim.

But shouldnt default ACL permissions (using setacl) override the umask permissions? Why am I getting effective permission of --- instead of rwx as per default ACL setting of the directory containing the file?

I have never set acl's on the UTL_FILE_DIR directory because oracle can override them.

This is because a file creator (oracle) has to have write access to the directory in order to create the file. Per POSIX rules: Any file owner with write access to the directory that file lives in can do anything the owner wants to permissions and ownership of the file.
Including mv it to another directory the owner has write access to.

I guess, that your expectation and what oracle does do not appear to match. It is nothing abnormal. I have had lots of problems in the past with oracle-created files and permissions.

So I guess the only way to achieve what i intend to, is by altering the umask setting for oracle user.

Hi Jim,

I have set the umask to 022 for oracle user. But it still doesnt resolve my issue. I am getting the permission string as -rw------- for a new file created in the same directory.

Is there anything else i need to do?

My Oracle Database version is: 11.1.0.7.0 - 64bit

Why are you using ACLs in the first place?
What were you trying to achieve?