Hi list! I'm a bit dissatisfied with the way umask and filesystem permissions work and I'd like to know if a) this is due to misunderstanding on my part and/or b) there is a clean workaround I'm unaware of.
Let's say I have a system with various users working on some sensible data. Therefore I have to set up various security policies regarding file permissions and so forth. For example every $HOME-directory should be only readable to the user himself (e.g. for user phil_fl: chown phil_fl:phil:fl; umask 0077 or 0007). Then there might be a common folder for all users in a specific group as a simple way of sharing files. These shall be accessible by every user in the group but by none else, so for the user phil_fl and the group users: chown phil_fl:users; umask 0007. As we see, the umask itself isn't the problem (in this special case) but the group is it, however, there might be cases in which need to change both for special folders. How do I do this without needing any interaction from the users? Thanks in advance! Florian Philipp
signature.asc
Description: PGP signature
