On Tue, Oct 23, 2001 at 12:39:15AM +0200, guy keren wrote: > > On Mon, 22 Oct 2001, Oded Arbel wrote: > > > Reading this again, I think I didn't made myself clear, so lets try again : > > I want that any user of the "users" group will be able to create files and > > directories under the public directory, and said files and directories will > > automaticly have read/write access to all members of the "users" group, and > > recursively - that files and directories in sub-directories will also be > > thus affected. > > as far as i know - you cannot do this with current kernels. your closest > bet would be to: > 1. make the directory owned by group 'users'. > 2. set the group sticky bit on the directory, so any files created in it, > will have group 'users' as their owning group. > 3. force all users who work there to have a umask of '002'.
SGID bit. Sticky bit is to disallow unlinking of files in the directory by non-owners. (stat(2) explains them all, cool manpage). > in any event, you just gave me another idea for what could be achived with > 'syscall parameter rewriting' - a good thing for syscalltrack ;) (once it > supports syscall paramerter rewriting). What for? This is policy in the kernel, overwriting explicit user choices in order to achieve ends that can be reached through other means. If a sysadmin has SGID directories, all they need to do is to to set the default umask to 002. If a user has explicitly set a different umask in his or her personal config files, then it should be respected. Sane distributions (you-know-which) already come with this umask and per-user groups by default. If we're talking about the deficiency of UNIX permission bits, then I'd say one big missing feature is the lack of an "append" permission. It could replace the sticky bit on directories and also be very useful for regular files. ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
