From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Nuuqx-0006f2-98 for garchives@archives.gentoo.org; Thu, 25 Mar 2010 21:44:35 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C3E8CE084B; Thu, 25 Mar 2010 21:43:42 +0000 (UTC) Received: from out3.smtp.messagingengine.com (out3.smtp.messagingengine.com [66.111.4.27]) by pigeon.gentoo.org (Postfix) with ESMTP id A16A6E084B for ; Thu, 25 Mar 2010 21:43:42 +0000 (UTC) Received: from compute1.internal (compute1.internal [10.202.2.41]) by gateway1.messagingengine.com (Postfix) with ESMTP id 55905EAC9A; Thu, 25 Mar 2010 17:43:42 -0400 (EDT) Received: from heartbeat2.messagingengine.com ([10.202.2.161]) by compute1.internal (MEProxy); Thu, 25 Mar 2010 17:43:42 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=messagingengine.com; h=message-id:date:from:reply-to:mime-version:to:subject:references:in-reply-to:content-type; s=smtpout; bh=gO9WXaSpGMWRI7p+LqrSvJo9SRo=; b=pFaToPac9yVlCfg3P+5JZofQblYpVSOxyuAXqzl1+WG5uDn3xco38RLf3SwqETy39rM4Mp+SQwU7TsHIlFoU5vOYBFliVXe7MzTuvpRDHSh36cLgxRFL6+Aq1CSqsVlJGF0vlbpwCvgxRSN0a3YjB2ASNNCTKETPWzJcIvWDco0= X-Sasl-enc: YiasgvFdbvatP2X1+pTENU55Z7Xl5JlS9WzuWqDIW7U5 1269553421 Received: from [192.168.5.10] (lvps83-169-5-6.dedicated.hosteurope.de [83.169.5.6]) by mail.messagingengine.com (Postfix) with ESMTPSA id 09FF7495D3 for ; Thu, 25 Mar 2010 17:43:40 -0400 (EDT) Message-ID: <4BABD908.8050007@f_philipp.fastmail.net> Date: Thu, 25 Mar 2010 22:43:36 +0100 From: Florian Philipp User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.8) Gecko/20100313 Lightning/1.0b2pre Thunderbird/3.0.3 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] default user permissions References: <4BAB1E31.6090100@i-tech.si> <201003251050.59336.alan.mckinnon@gmail.com> In-Reply-To: <201003251050.59336.alan.mckinnon@gmail.com> X-Enigmail-Version: 1.0.1 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig289B5DDBC30A54A4270DD0BB" X-Archives-Salt: 194298e2-d53d-4619-b8f3-fa465ae084e6 X-Archives-Hash: a5deba67d23e2bb56726a96f656a84bf This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig289B5DDBC30A54A4270DD0BB Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Am 25.03.2010 09:50, schrieb Alan McKinnon: > On Thursday 25 March 2010 10:26:25 Hinko Kocevar wrote: >> Hi, >> >> Where is defined what permissions will the newly created folder/file >> have by default? >=20 > This is done by the umask of the user creating the folder. >=20 >=20 >> >> Eg. When creating a folder I would like it to have permissions right >> after it is created, to void use of chmod/chown afterwards: >> >> drwxrwxr-x 2 hinko users 4096 Mar 25 09:23 folder1 >> >> while now I get only: >> drwxr-xr-x 2 hinko users 4096 Mar 25 09:23 folder1 >> >> That is group should have 'w' set. >=20 >=20 > This is a common misunderstanding about permissions and the Unix philos= ophy=20 > about them, which is: >=20 > It's up to the user, not the system, to say what permissions he wants o= n new=20 > filesystem objects. >=20 > Modifing the user's umask is not advised, as this is global. *Every* ne= w file=20 > or dir then ends up with g+w and you probably don't want that. >=20 > You need to use Posix ACLs for this, and your file system and kernel mu= st=20 > support them; you configure it per directory. It's all in man pages and= on=20 > google - better start reading. >=20 > Be warned though: you *will* forget you set this, and *will* wonder in = future=20 > why g+w is set in various places. "ls" gives precious little clue that = an ACL=20 > is in place. >=20 > I find that in real life, a "find -exec chmod" in a cron is a better so= lution >=20 To avoid ACLs and still have group rw rights on some folders for specific groups, you can make use of the 'user private group' scheme and the setgid bit: [1]. Gentoo uses this scheme per default, although I think the umask setting is different (has to be 002 or 007). What Alan forgot to tell is where to set the umask: /etc/profile. Don't use too strict settings because these are also applied to system accounts. This can easily break your system. [1] http://www.redhat.com/docs/manuals/linux/RHL-7.3-Manual/ref-guide/s1-user= s-groups-private-groups.html Hope this helps, Florian Philipp --------------enig289B5DDBC30A54A4270DD0BB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkur2QwACgkQqs4uOUlOuU8Q/gCfYOI9WzI05l3X4q0YGWtllG5u IJgAn0W4cHFlSRiK2gmNcaII9GSwo7Bl =kWE7 -----END PGP SIGNATURE----- --------------enig289B5DDBC30A54A4270DD0BB--