On Thu, 3 Jul 2008 17:52:29 +0200 Alan McKinnon <[EMAIL PROTECTED]> wrote:
> On Thursday 03 July 2008, Florian Philipp wrote: > > Hi list! > > > > I'm a bit dissatisfied with the way umask and filesystem permissions > > work and I'd like to know if a) this is due to misunderstanding on > > my part and/or b) there is a clean workaround I'm unaware of. > > > > Let's say I have a system with various users working on some > > sensible data. Therefore I have to set up various security policies > > regarding file permissions and so forth. > > > > For example every $HOME-directory should be only readable to the > > user himself (e.g. for user phil_fl: chown phil_fl:phil:fl; umask > > 0077 or 0007). > > > > Then there might be a common folder for all users in a specific > > group as a simple way of sharing files. These shall be accessible > > by every user in the group but by none else, so for the user > > phil_fl and the group users: chown phil_fl:users; umask 0007. > > > > As we see, the umask itself isn't the problem (in this special case) > > but the group is it, however, there might be cases in which need to > > change both for special folders. How do I do this without needing > > any interaction from the users? > > umask does nothing for you here, it is simply a default starting > point for the permissions of new files and directories and the user > is completely free to change it to anything they feel like. > > Yes, this is by design. Yes, this is a very good thing :-) > > You want to set the setgid bit on the containing directory and chgrp > that directory to the group involved. Argh, of course! I even read this stuff up this morning but I overlooked the paragraph! Thanks!
signature.asc
Description: PGP signature
