From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1KET5k-0006lr-Ty for garchives@archives.gentoo.org; Thu, 03 Jul 2008 17:59:37 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 59625E031D; Thu, 3 Jul 2008 17:59:35 +0000 (UTC) Received: from out4.smtp.messagingengine.com (out4.smtp.messagingengine.com [66.111.4.28]) by pigeon.gentoo.org (Postfix) with ESMTP id 35449E031D for ; Thu, 3 Jul 2008 17:59:35 +0000 (UTC) Received: from compute1.internal (compute1.internal [10.202.2.41]) by out1.messagingengine.com (Postfix) with ESMTP id BE23E134E7B; Thu, 3 Jul 2008 13:59:34 -0400 (EDT) Received: from heartbeat1.messagingengine.com ([10.202.2.160]) by compute1.internal (MEProxy); Thu, 03 Jul 2008 13:59:34 -0400 X-Sasl-enc: jKQQbPhDmO9opQKf5pt+oBW8BQ30nvMvJ/9lZpAYxbSW 1215107974 Received: from NOTE_GENTOO64.PHHEIMNETZ (dslb-088-072-151-183.pools.arcor-ip.net [88.72.151.183]) by mail.messagingengine.com (Postfix) with ESMTPSA id E3A8913FB for ; Thu, 3 Jul 2008 13:59:33 -0400 (EDT) Date: Thu, 3 Jul 2008 19:58:31 +0200 From: Florian Philipp To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] OT: Filesystem permissions Message-ID: <20080703195831.550c4909@NOTE_GENTOO64.PHHEIMNETZ> In-Reply-To: <200807031752.29786.alan.mckinnon@gmail.com> References: <20080703174001.7066e5e3@NOTE_GENTOO64.PHHEIMNETZ> <200807031752.29786.alan.mckinnon@gmail.com> Organization: German Aerospace Center X-Mailer: Claws Mail 3.4.0 (GTK+ 2.12.9; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/=76gE=CYgpbK+Weh68V28GW"; protocol="application/pgp-signature"; micalg=PGP-SHA1 X-Archives-Salt: bbe5329a-63dd-4019-98c1-d23489f2088a X-Archives-Hash: 3052ac6e2c357c52016c4abb8b11781c --Sig_/=76gE=CYgpbK+Weh68V28GW Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Thu, 3 Jul 2008 17:52:29 +0200 Alan McKinnon wrote: > On Thursday 03 July 2008, Florian Philipp wrote: > > Hi list! > > > > I'm a bit dissatisfied with the way umask and filesystem permissions > > work and I'd like to know if a) this is due to misunderstanding on > > my part and/or b) there is a clean workaround I'm unaware of. > > > > Let's say I have a system with various users working on some > > sensible data. Therefore I have to set up various security policies > > regarding file permissions and so forth. > > > > For example every $HOME-directory should be only readable to the > > user himself (e.g. for user phil_fl: chown phil_fl:phil:fl; umask > > 0077 or 0007). > > > > Then there might be a common folder for all users in a specific > > group as a simple way of sharing files. These shall be accessible > > by every user in the group but by none else, so for the user > > phil_fl and the group users: chown phil_fl:users; umask 0007. > > > > As we see, the umask itself isn't the problem (in this special case) > > but the group is it, however, there might be cases in which need to > > change both for special folders. How do I do this without needing > > any interaction from the users? >=20 > umask does nothing for you here, it is simply a default starting > point for the permissions of new files and directories and the user > is completely free to change it to anything they feel like. >=20 > Yes, this is by design. Yes, this is a very good thing :-) >=20 > You want to set the setgid bit on the containing directory and chgrp=20 > that directory to the group involved. Argh, of course! I even read this stuff up this morning but I overlooked the paragraph! Thanks! --Sig_/=76gE=CYgpbK+Weh68V28GW Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkhtE0sACgkQqs4uOUlOuU/2UgCeK5EaI9jMhRW7OR0+ys0ps7fp IU8Ani17w6IpStcHQmB30aRxP5l1IQ1j =IPV+ -----END PGP SIGNATURE----- --Sig_/=76gE=CYgpbK+Weh68V28GW-- -- gentoo-user@lists.gentoo.org mailing list