Setting default directory file permissions and ownership help
I'm trying to setup a directory structure for my staff which enables them full access to files in the directories with their name, and have access to anything in the shared directory. The directory structure looks like this:
Code:
root@www10 [/home/internal/employee]# ls -l
total 56
drwxr-xr-x 7 internal internal 4096 Jan 4 07:53 ./
drwx--x--x 12 internal internal 4096 Jan 4 07:13 ../
drwx--x--x 2 blake internal 4096 Jan 4 07:13 blake/
drwx--x--x 2 damien internal 4096 Jan 4 07:12 damien/
drwx--x--x 2 greg internal 4096 Jan 4 11:14 greg/
drwx--x--x 2 seth internal 4096 Jan 4 07:17 seth/
drwxrwx--x 6 internal internal 4096 Jan 4 08:04 shared/
I, and administrators need access to copy files into the employee folders but inherit the ownership and group permissions of the directory the files were created in so the employees have access to the files we put in there and not the file permissions of our user.
I believe this has something to do with the sticky bit or umask or something but I can't seem to figure it out. With my limited knowledge, and with browsing Google for a couple hours I haven't been able to solve the problem yet...
This is actually harder than it seems. Usually the only way to achieve this is via a front end in front of the filesystem. Once such frontend is something like Samba... and you can achieve something like what you are wanting using Samba. But there are likely other frontends (perhaps FUSE based??) that might help as well.
On the opposite end, some systems (filesystems) support some kind of extended ACL feature... it too, might allow you to do something like what you are looking for.
But in general, you can't do what you are wanting automatically by default on most *ix systems.
root@www10 [/home/internal/employee]# pwd
/home/internal/employee
root@www10 [/home/internal/employee]# ls -l
total 56
drwxr-xr-x 7 internal internal 4096 Jan 4 07:53 ./
drwx--x--x 12 internal internal 4096 Jan 4 07:13 ../
drwx--x--x 2 blake internal 4096 Jan 4 07:13 blake/
drwx--x--x 2 damien internal 4096 Jan 4 07:12 damien/
drwx--x--x 2 greg internal 4096 Jan 4 11:14 greg/
drwx--x--x 2 seth internal 4096 Jan 4 07:17 seth/
drwxrwx--x 6 internal internal 4096 Jan 4 08:04 shared/
root@www10 [/home/internal/employee]# cd seth
root@www10 [/home/internal/employee/seth]# touch testfile.txt
root@www10 [/home/internal/employee/seth]# ls -l
total 20
drwx--x--x 2 seth internal 4096 Jan 4 15:58 ./
drwxr-xr-x 7 internal internal 4096 Jan 4 07:53 ../
-rw-r--r-- 1 root root 0 Jan 4 15:58 testfile.txt
It's easy to su and chmod when using command line, but we're mounting our SSH connection to the server as a local drive. If I create a file in seth's directory, it is given the ownership of root rather than of Seth.
I've figured out group permissions and being able to make the group by putting turning the group sticky bit on, any files or directories created keep the group ID.
I would rather be able to inherit the ownership of the directory than give group r+w permissions.
---------- Post updated at 04:36 PM ---------- Previous update was at 04:32 PM ----------
Quote:
Originally Posted by cjcox
This is actually harder than it seems. Usually the only way to achieve this is via a front end in front of the filesystem. Once such frontend is something like Samba... and you can achieve something like what you are wanting using Samba. But there are likely other frontends (perhaps FUSE based??) that might help as well.
On the opposite end, some systems (filesystems) support some kind of extended ACL feature... it too, might allow you to do something like what you are looking for.
But in general, you can't do what you are wanting automatically by default on most *ix systems.
Thanks - I'll look into the FUSE based idea. We're using FUSE and Macfusion for mounting the SSH drive remotely already on OSX, so maybe I'll look into it further, maybe there's a tweak we can make there. Otherwise I guess it's just a matter of creating extra groups and allowing group read and write access and setting a umask and sticky bit for the GID.
Same as home directory , you can block other users to access your own home directory by change permission to 700 ( i don't understand why you need 711), but any limit setting can't stop root - the super user.
If you login as other account (except root), how can the account cd to your folder without read permission? Then no other accounts can create file/folder in your home folder.
For share folder, you can run a cronjob every hour to change the file/folder group to a share group, and give group rw permission. (in your case, the group name is "internal".)
Hi,
Any ideas to set multiple ownership permission on a file/directory on Solaris? I need a folder to have multiple ownership on the 2 nodes servers. The 2 nodes servers require to mount a SMBFS with different user ID. Please assist. Thanks. (6 Replies)
I'm working in a linux server where wrappers are executed by multiple users of different groups. The log and output files are created with 554 permissions by default. This is stopping other users to run the wrappers unless the log and output files are deleted or given 777 permission. Setting SUID... (1 Reply)
I've got a number of people sending files to me in different directory structures, and users on many different groups who need access to these incoming paths.
My problem is that umask assumes a default of 666 for files. No execute bit, meaning that my users can't even see the incoming folders.... (2 Replies)
Hi,
I'm in the process of writing a system (in Java) where a user can register to become a member of a website.
When they register, a collection of directories and files get created by the application.
For example if a user with the name 'fred' registered they would get the following
drwxr-xr-x... (0 Replies)
Hi all,
I am running OSX 10.4.11 on a G4 Sawtooth with 3 internal hard drives. Recently while setting up new user accounts for family members, I foolishly assigned 'No Access' to 2 drives other than the boot drive. Naturally, they now don't appear on the desktop. I tried to fix... (1 Reply)
hi
currently i am migrating some directories over to a new server. is there any command (rcp or ftp or anything) for me to use without changing the ownership and permission of the directory?
i am copying some directories from unix machine to linux machine. what is the exact command?
thanks... (2 Replies)
Hi,
I am setting up an area on a unix server where multiple people will be editing web pages. Can anyone tell me how to set it up the directory and subdirectories so that when a user creates a new file, it defaults to permissions of 664 or 775?
I've tried using umask but from what I can... (1 Reply)
