From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 1114A1381F4 for ; Sat, 23 Apr 2016 15:13:13 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8ECE421C029; Sat, 23 Apr 2016 15:13:04 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 82520E0871 for ; Sat, 23 Apr 2016 15:13:03 +0000 (UTC) Received: from [192.168.1.100] (c-98-218-46-55.hsd1.md.comcast.net [98.218.46.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mjo) by smtp.gentoo.org (Postfix) with ESMTPSA id 31465340D15 for ; Sat, 23 Apr 2016 15:13:02 +0000 (UTC) Subject: Re: how to share a directory tree with files in it with multiple users (Re: [gentoo-user] local shared directory) To: gentoo-user@lists.gentoo.org References: <56EAE719.2040806@gc-24.de> <56EB1AA5.9000303@gmail.com> <20160317233407.343dfb9b@digimed.co.uk> <571B6DD0.2010801@gc-24.de> <571B89E5.7060108@gc-24.de> From: Michael Orlitzky X-Enigmail-Draft-Status: N1110 Message-ID: <571B90F8.6000301@gentoo.org> Date: Sat, 23 Apr 2016 11:12:56 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: <571B89E5.7060108@gc-24.de> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Archives-Salt: 2077135c-52b0-44ff-ab1d-a8ce1006cdee X-Archives-Hash: b98325b173e0dfb21b421f985a339c47 On 04/23/2016 10:42 AM, hw wrote: > > Has it become entirely impossible to share a directory tree and the > files in it with multiple users when Linux is involved? This should be > a very simple thing to accomplish. > It was never possible. It's ridiculous, but there it is. The UNIX permissions model is too simple. ACLs were bolted on top, but most tools retain legacy behavior with respect to group masks that breaks default ACLs. You're seeing that same problem with your Samba share. Filesystem permissions are one thing that Windows got right. There's ongoing work to bring that model to Linux, https://en.wikipedia.org/wiki/Richacls but they're going to make the same mistake again[0] and allow the group bits to act as a mask. That means mkdir, tar, cp, 7z -- anything that tries to mess with group bits -- isn't going to work. They'll be DOA just like POSIX ACLs were. I think you can manage this with incron and POSIX ACLs. Instead of running "chmod g+w", use sys-apps/apply-default-acl to reset the permissions to the defaults that you set. I wrote apply-default-acl to solve exactly this problem. You just need to figure out a way to run it whenever things get screwed up. Which means, whenever a file or directory is created. [0] http://www.bestbits.at/richacl/man/richacl.7.txt Changing the file mode permission bits: When changing the file mode permission bits with chmod(1), the owner, group, and other file permission bits are set to the permission bits in the new mode... In addition, the masked and write_through ACL flags are set. This has the effect of limiting the permissions granted by the ACL to the file mode permission bits...