We have a setup with two web servers, using csync2 to propagated user-uploaded files between them - nothing groundbreaking here. We have a single "action" in the config, which sets ownership of the synced file.
One thing I guess is less common, is that we use Linux filesystem ACLs. The directories being synced have the required default ACL permissions and mask, and files created on each host 'normally' (i.e. the initial uploaded file, or a test file created using e.g. touch) correctly inherit the correct ACL permissions and mask, and the file is usable.
For some reason, files copied by csync2 are created on the destination host with the correct inherited filesystem ACL permissions, but an empty ACL mask.
I'll try to setup a minimally reproducible setup for this tomorrow.
We have a setup with two web servers, using csync2 to propagated user-uploaded files between them - nothing groundbreaking here. We have a single "action" in the config, which sets ownership of the synced file.
One thing I guess is less common, is that we use Linux filesystem ACLs. The directories being synced have the required default ACL permissions and mask, and files created on each host 'normally' (i.e. the initial uploaded file, or a test file created using e.g.
touch) correctly inherit the correct ACL permissions and mask, and the file is usable.For some reason, files copied by csync2 are created on the destination host with the correct inherited filesystem ACL permissions, but an empty ACL mask.
I'll try to setup a minimally reproducible setup for this tomorrow.