Re: [gentoo-user] Permissions, permissions

2007-10-16 Thread Mick 
On Tuesday 16 October 2007, Alan McKinnon wrote:
 On Tuesday 16 October 2007, Mick wrote:
  Hi All,
 
  This is a simple question but I'm getting tired and can't think
  straight with this permissions problem:
 
  I am trying to create a directory within which two users will be able
  to save and delete documents.  This directory is only meant to be
  accessible/readable by these two users.
 
  I created directory TEST, under /var/www/html.  This contains
  subdirectories TEST1, TEST2, TEST3.  Each subdirectory contains other
  files.  I set the permissions recursively to apache:ftp.  Both users
  are members of group ftp. I chmod -R g+w.
 
  When I create a new subdirectory and save a file in it I noticed that
  it is mick:wheel instead of mick:ftp.  How do I set it up so that
  newly created directories/files inherit the parent group ownership?

 You want the setgid bit on for the directory. This causes all new files
 and directories in it to be owned by the same group that owns the
 top-most directory:

 chmod g+s TEST

 This won't change permissions on existing directories though, and you
 can't use chmod -R (that will sgid the files as well), so use find like
 so:

 find TEST -type d -exec chmod g+s {} \;

 You will also need to enable group write permission on these directories
 so that your users can delete stuff. Two ways:

 1. Make sure both users use a umask like 775 (this is fragile as the
 user can change their umask any time they want)
 2. Use an ACL on the directory. 'man setfacl' for more details

Thank you both!  sgid is what I was after.  The users are trusted (the server 
owner and myself) so that'll do for now.  I will also check acl, in case the 
need arises in the future for control of a finer granularity.
-- 
Regards,
Mick


signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] Permissions, permissions

2007-10-15 Thread Allan Gottlieb 
At Mon, 15 Oct 2007 23:24:15 +0100 Mick [EMAIL PROTECTED] wrote:

 Hi All,

 This is a simple question but I'm getting tired and can't think straight with 
 this permissions problem:

 I am trying to create a directory within which two users will be able to save 
 and delete documents.  This directory is only meant to be accessible/readable 
  
 by these two users.

 I created directory TEST, under /var/www/html.  This contains subdirectories 
 TEST1, TEST2, TEST3.  Each subdirectory contains other files.  I set the 
 permissions recursively to apache:ftp.  Both users are members of group ftp.  
 I chmod -R g+w.

 When I create a new subdirectory and save a file in it I noticed that it is 
 mick:wheel instead of mick:ftp.  How do I set it up so that newly created 
 directories/files inherit the parent group ownership?

There are two possibilities for newly created subdirectories and
files in this directory.

1.  Same group as the creator.

2.  Same group as the parent directory.

If my memory is correct this is a bsd vs sysV distinction.

Nowadays you get to choose the behavior you want.

Since you want behavior 2 you want the set-group-ID bit set on the
parent and then newly created subdirectories and files in this
directory will inherit the group from the parent.

So you want to 

chmod +2000 parent-directory

The full story is in the info page Node: Directory Setuid and Setgid

I just read it to check my memory and found out that apparently some
systems use the set-user-ID bit so the page suggests

chmod +6000 parent-directory

which sets both.

Also this is a gnu extension and not required by POSIX.

allan gottlieb
new york university
-- 
[EMAIL PROTECTED] mailing list

Re: [gentoo-user] Permissions, permissions

2007-10-15 Thread Alan McKinnon 
On Tuesday 16 October 2007, Mick wrote:
 Hi All,

 This is a simple question but I'm getting tired and can't think
 straight with this permissions problem:

 I am trying to create a directory within which two users will be able
 to save and delete documents.  This directory is only meant to be
 accessible/readable by these two users.

 I created directory TEST, under /var/www/html.  This contains
 subdirectories TEST1, TEST2, TEST3.  Each subdirectory contains other
 files.  I set the permissions recursively to apache:ftp.  Both users
 are members of group ftp. I chmod -R g+w.

 When I create a new subdirectory and save a file in it I noticed that
 it is mick:wheel instead of mick:ftp.  How do I set it up so that
 newly created directories/files inherit the parent group ownership?

You want the setgid bit on for the directory. This causes all new files 
and directories in it to be owned by the same group that owns the 
top-most directory:

chmod g+s TEST

This won't change permissions on existing directories though, and you 
can't use chmod -R (that will sgid the files as well), so use find like 
so:

find TEST -type d -exec chmod g+s {} \;

You will also need to enable group write permission on these directories 
so that your users can delete stuff. Two ways:

1. Make sure both users use a umask like 775 (this is fragile as the 
user can change their umask any time they want)
2. Use an ACL on the directory. 'man setfacl' for more details

alan



-- 
Optimists say the glass is half full,
Pessimists say the glass is half empty,
Developers say wtf is the glass twice as big as it needs to be?

Alan McKinnon
alan at linuxholdings dot co dot za
+27 82, double three seven, one nine three five
-- 
[EMAIL PROTECTED] mailing list