public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-user] permissions for a common folder
@ 2006-09-19 11:53 Stefán István
  2006-09-19 12:15 ` [gentoo-user] " Remy Blank
                   ` (2 more replies)
  0 siblings, 3 replies; 8+ messages in thread
From: Stefán István @ 2006-09-19 11:53 UTC (permalink / raw
  To: gentoo levlist

Hello!

We have a file server, and there are a common directory for a group of a 
users. I set this common folder's permission to 2775 and that results that a 
newly created file or directory will have the same goup owner as the common 
dir. But the problem is, that if someone creates a file or a directory in 
this common folder, the permissions will be 644 or 755, and so the other 
users in the same group can't write that file or directory, only if the 
creator of the entry sets it manually to 664 or 775. Is there any way to tell 
the Linux to automatically set the rights to 664 or 775 in this common 
directory (and only in this)?
This common dir is also shared with samba for the windows users, and in samba 
it is possible to set this.

Thanks for the help in advance,
Istvan

-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 8+ messages in thread

* [gentoo-user]  Re: permissions for a common folder
  2006-09-19 11:53 [gentoo-user] permissions for a common folder Stefán István
@ 2006-09-19 12:15 ` Remy Blank
  2006-09-20  8:01   ` Stefán István
  2006-09-19 12:23 ` [gentoo-user] " Alan McKinnon
  2006-09-19 12:31 ` Matteo Pillon
  2 siblings, 1 reply; 8+ messages in thread
From: Remy Blank @ 2006-09-19 12:15 UTC (permalink / raw
  To: gentoo-user

Stefán István wrote:
> Is there any way to tell 
> the Linux to automatically set the rights to 664 or 775 in this common 
> directory (and only in this)?

This is normally done by setting the umask to 002 instead of 022 for all
users (in /etc/profile), and creating a separate primary group for every
user with the same name as the user. Then all files and directories
created by users will have 664 resp. 775 permissions. When creating
files in "normal" directories, the files will have the "private" primary
group of the user, and will therefore only be writable by the user. When
creating files in directories with the SGID bit set, the group will be
the same as the directory, and the file will be writable by all members
of the group.

This is the default strategy in RedHat distributions (or at least it was
when I switched to Gentoo, around 9.0 or so).

You might be able to get the same effect locally (i.e. only in your
shared directory) by using POSIX ACLs. See 'man acl' for more info.

-- Remy


Remove underscore and suffix in reply address for a timely response.

-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [gentoo-user] permissions for a common folder
  2006-09-19 11:53 [gentoo-user] permissions for a common folder Stefán István
  2006-09-19 12:15 ` [gentoo-user] " Remy Blank
@ 2006-09-19 12:23 ` Alan McKinnon
  2006-09-19 12:31 ` Matteo Pillon
  2 siblings, 0 replies; 8+ messages in thread
From: Alan McKinnon @ 2006-09-19 12:23 UTC (permalink / raw
  To: gentoo-user

On Tuesday 19 September 2006 13:53, Stefán István wrote:
> We have a file server, and there are a common directory for a
> group of a users. I set this common folder's permission to
> 2775 and that results that a newly created file or directory
> will have the same goup owner as the common dir. But the
> problem is, that if someone creates a file or a directory in
> this common folder, the permissions will be 644 or 755, and
> so the other users in the same group can't write that file or
> directory, only if the creator of the entry sets it manually
> to 664 or 775. Is there any way to tell the Linux to
> automatically set the rights to 664 or 775 in this common
> directory (and only in this)?
> This common dir is also shared with samba for the windows
> users, and in samba it is possible to set this.

Sorry, but it's not possible to do this with conventional Linux 
permissions or NFS. The permissions of a newly created file 
depend only on the hard-coded MODE (666 for files, 777 for 
directories) and the user's umask. So, either the users have to 
remember to set their umask, or use a different account with a 
correct umask to access that dir (you could try two accounts 
for each user with the same uid - it might work but I haven't 
tried it out myself), or have the user chmod each new file they 
make.

Thsi question came up on another list recently, and some 
workarounds I thought up were variations on using cron, find 
and chmod. Maybe there's some way you can hook fam and call a 
script each time a file is newly created.

But the easiest way is to simply export the filesystem in a way 
that does do what you want - samba. As long as the total number 
of connectiosn through samba for Linux and windows clients 
stays below some sane amount (I find 5-10 is usually about the 
maximum) the file server will cope ok.

alan

-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [gentoo-user] permissions for a common folder
  2006-09-19 11:53 [gentoo-user] permissions for a common folder Stefán István
  2006-09-19 12:15 ` [gentoo-user] " Remy Blank
  2006-09-19 12:23 ` [gentoo-user] " Alan McKinnon
@ 2006-09-19 12:31 ` Matteo Pillon
  2 siblings, 0 replies; 8+ messages in thread
From: Matteo Pillon @ 2006-09-19 12:31 UTC (permalink / raw
  To: gentoo-user

Hi, 

On Tue, Sep 19, 2006 at 01:53:13PM +0200, Stefán István wrote:
> We have a file server, and there are a common directory for a group of a 
> users. I set this common folder's permission to 2775 and that results that a 
> newly created file or directory will have the same goup owner as the common 
> dir. But the problem is, that if someone creates a file or a directory in 
> this common folder, the permissions will be 644 or 755, and so the other 
> users in the same group can't write that file or directory, only if the 
> creator of the entry sets it manually to 664 or 775. Is there any way to tell 
> the Linux to automatically set the rights to 664 or 775 in this common 
> directory (and only in this)?

It depends on your setup, if you're using bash, you can subtitute cd
with a new function:

cd () {
 if ....; then
  umask 0002
 else
  umask 0022
 fi
 command cd $@
}

Bye.

-- 
 * Pillon Matteo
-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [gentoo-user]  Re: permissions for a common folder
  2006-09-19 12:15 ` [gentoo-user] " Remy Blank
@ 2006-09-20  8:01   ` Stefán István
  2006-09-20  9:00     ` Remy Blank
  0 siblings, 1 reply; 8+ messages in thread
From: Stefán István @ 2006-09-20  8:01 UTC (permalink / raw
  To: gentoo-user

kedd 19 szeptember 2006 14.15 dátummal Remy Blank ezt írta:
> Stefán István wrote:
> > Is there any way to tell 
> > the Linux to automatically set the rights to 664 or 775 in this common 
> > directory (and only in this)?
> 
> This is normally done by setting the umask to 002 instead of 022 for all
> users (in /etc/profile), and creating a separate primary group for every
> user with the same name as the user. Then all files and directories
> created by users will have 664 resp. 775 permissions. When creating
> files in "normal" directories, the files will have the "private" primary
> group of the user, and will therefore only be writable by the user. When
> creating files in directories with the SGID bit set, the group will be
> the same as the directory, and the file will be writable by all members
> of the group.
> 
> This is the default strategy in RedHat distributions (or at least it was
> when I switched to Gentoo, around 9.0 or so).
> 
> You might be able to get the same effect locally (i.e. only in your
> shared directory) by using POSIX ACLs. See 'man acl' for more info.

Okay, I think I have to use acl. I've read its documentation, and set up the 
following acl's:

setfacl -m d:u::rw /home/stefi/kepek/
setfacl -m d:g::rw /home/stefi/kepek/
setfacl -m d:o::r /home/stefi/kepek/

Now, if I create a file in this directory, it's permission will be 664 instead 
of the default 644. That's very good.
But if I create a directory it's permissons also will be 664. But I want it to 
be 775. How can I achive this?


Thanks,
Istvan

-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 8+ messages in thread

* [gentoo-user]  Re: permissions for a common folder
  2006-09-20  8:01   ` Stefán István
@ 2006-09-20  9:00     ` Remy Blank
  2006-09-20 11:51       ` Stefán István
  0 siblings, 1 reply; 8+ messages in thread
From: Remy Blank @ 2006-09-20  9:00 UTC (permalink / raw
  To: gentoo-user

Stefán István wrote:
> Okay, I think I have to use acl. I've read its documentation, and set up the 
> following acl's:
> 
> setfacl -m d:u::rw /home/stefi/kepek/
> setfacl -m d:g::rw /home/stefi/kepek/
> setfacl -m d:o::r /home/stefi/kepek/
> 
> Now, if I create a file in this directory, it's permission will be 664 instead 
> of the default 644. That's very good.
> But if I create a directory it's permissons also will be 664. But I want it to 
> be 775. How can I achive this?

Use the following:

setfacl -m d:u::rwx,d:g::rwx,d:o::rx /home/stefi/kepek/

i.e. also give it a default execute permission.

-- Remy


Remove underscore and suffix in reply address for a timely response.

-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [gentoo-user]  Re: permissions for a common folder
  2006-09-20  9:00     ` Remy Blank
@ 2006-09-20 11:51       ` Stefán István
  2006-09-20 12:52         ` Remy Blank
  0 siblings, 1 reply; 8+ messages in thread
From: Stefán István @ 2006-09-20 11:51 UTC (permalink / raw
  To: gentoo-user

szerda 20 szeptember 2006 11.00 dátummal Remy Blank ezt írta:
> Stefán István wrote:
> > Okay, I think I have to use acl. I've read its documentation, and set up 
the 
> > following acl's:
> > 
> > setfacl -m d:u::rw /home/stefi/kepek/
> > setfacl -m d:g::rw /home/stefi/kepek/
> > setfacl -m d:o::r /home/stefi/kepek/
> > 
> > Now, if I create a file in this directory, it's permission will be 664 
instead 
> > of the default 644. That's very good.
> > But if I create a directory it's permissons also will be 664. But I want 
it to 
> > be 775. How can I achive this?
> 
> Use the following:
> 
> setfacl -m d:u::rwx,d:g::rwx,d:o::rx /home/stefi/kepek/
> 
> i.e. also give it a default execute permission.

Thanks, it works know, though I don't understand it.

István

-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 8+ messages in thread

* [gentoo-user]  Re: permissions for a common folder
  2006-09-20 11:51       ` Stefán István
@ 2006-09-20 12:52         ` Remy Blank
  0 siblings, 0 replies; 8+ messages in thread
From: Remy Blank @ 2006-09-20 12:52 UTC (permalink / raw
  To: gentoo-user

>> Use the following:
>>
>> setfacl -m d:u::rwx,d:g::rwx,d:o::rx /home/stefi/kepek/
>>
>> i.e. also give it a default execute permission.
> 
> Thanks, it works know, though I don't understand it.

The default user, group and other ACLs of a directory are ANDed with the
mask passed to the open() or mkdir() call. For directories, the mode is
normally passed as 0777, so you end up with 0775 permission. For files,
the mode is usually passed as 0666, and so you get 664 permissions.

-- Remy


Remove underscore and suffix in reply address for a timely response.

-- 
gentoo-user@gentoo.org mailing list



^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2006-09-20 12:59 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-09-19 11:53 [gentoo-user] permissions for a common folder Stefán István
2006-09-19 12:15 ` [gentoo-user] " Remy Blank
2006-09-20  8:01   ` Stefán István
2006-09-20  9:00     ` Remy Blank
2006-09-20 11:51       ` Stefán István
2006-09-20 12:52         ` Remy Blank
2006-09-19 12:23 ` [gentoo-user] " Alan McKinnon
2006-09-19 12:31 ` Matteo Pillon

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox