Re: [gentoo-user] Permissions, permissions
On Tuesday 16 October 2007, Alan McKinnon wrote: On Tuesday 16 October 2007, Mick wrote: Hi All, This is a simple question but I'm getting tired and can't think straight with this permissions problem: I am trying to create a directory within which two users will be able to save and delete documents. This directory is only meant to be accessible/readable by these two users. I created directory TEST, under /var/www/html. This contains subdirectories TEST1, TEST2, TEST3. Each subdirectory contains other files. I set the permissions recursively to apache:ftp. Both users are members of group ftp. I chmod -R g+w. When I create a new subdirectory and save a file in it I noticed that it is mick:wheel instead of mick:ftp. How do I set it up so that newly created directories/files inherit the parent group ownership? You want the setgid bit on for the directory. This causes all new files and directories in it to be owned by the same group that owns the top-most directory: chmod g+s TEST This won't change permissions on existing directories though, and you can't use chmod -R (that will sgid the files as well), so use find like so: find TEST -type d -exec chmod g+s {} \; You will also need to enable group write permission on these directories so that your users can delete stuff. Two ways: 1. Make sure both users use a umask like 775 (this is fragile as the user can change their umask any time they want) 2. Use an ACL on the directory. 'man setfacl' for more details Thank you both! sgid is what I was after. The users are trusted (the server owner and myself) so that'll do for now. I will also check acl, in case the need arises in the future for control of a finer granularity. -- Regards, Mick signature.asc Description: This is a digitally signed message part.
Re: [gentoo-user] Permissions, permissions
At Mon, 15 Oct 2007 23:24:15 +0100 Mick [EMAIL PROTECTED] wrote: Hi All, This is a simple question but I'm getting tired and can't think straight with this permissions problem: I am trying to create a directory within which two users will be able to save and delete documents. This directory is only meant to be accessible/readable by these two users. I created directory TEST, under /var/www/html. This contains subdirectories TEST1, TEST2, TEST3. Each subdirectory contains other files. I set the permissions recursively to apache:ftp. Both users are members of group ftp. I chmod -R g+w. When I create a new subdirectory and save a file in it I noticed that it is mick:wheel instead of mick:ftp. How do I set it up so that newly created directories/files inherit the parent group ownership? There are two possibilities for newly created subdirectories and files in this directory. 1. Same group as the creator. 2. Same group as the parent directory. If my memory is correct this is a bsd vs sysV distinction. Nowadays you get to choose the behavior you want. Since you want behavior 2 you want the set-group-ID bit set on the parent and then newly created subdirectories and files in this directory will inherit the group from the parent. So you want to chmod +2000 parent-directory The full story is in the info page Node: Directory Setuid and Setgid I just read it to check my memory and found out that apparently some systems use the set-user-ID bit so the page suggests chmod +6000 parent-directory which sets both. Also this is a gnu extension and not required by POSIX. allan gottlieb new york university -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Permissions, permissions
On Tuesday 16 October 2007, Mick wrote: Hi All, This is a simple question but I'm getting tired and can't think straight with this permissions problem: I am trying to create a directory within which two users will be able to save and delete documents. This directory is only meant to be accessible/readable by these two users. I created directory TEST, under /var/www/html. This contains subdirectories TEST1, TEST2, TEST3. Each subdirectory contains other files. I set the permissions recursively to apache:ftp. Both users are members of group ftp. I chmod -R g+w. When I create a new subdirectory and save a file in it I noticed that it is mick:wheel instead of mick:ftp. How do I set it up so that newly created directories/files inherit the parent group ownership? You want the setgid bit on for the directory. This causes all new files and directories in it to be owned by the same group that owns the top-most directory: chmod g+s TEST This won't change permissions on existing directories though, and you can't use chmod -R (that will sgid the files as well), so use find like so: find TEST -type d -exec chmod g+s {} \; You will also need to enable group write permission on these directories so that your users can delete stuff. Two ways: 1. Make sure both users use a umask like 775 (this is fragile as the user can change their umask any time they want) 2. Use an ACL on the directory. 'man setfacl' for more details alan -- Optimists say the glass is half full, Pessimists say the glass is half empty, Developers say wtf is the glass twice as big as it needs to be? Alan McKinnon alan at linuxholdings dot co dot za +27 82, double three seven, one nine three five -- [EMAIL PROTECTED] mailing list