I just checked, our umask is 0077 on our RHEL VMs (as required by IT). This is the problem. a umask or 0007 will give us what we want. The issue is to have read, write, execute by group. I was unaware that it was set to 0077 by default in RHEL 6. On RHEL5, it is set to 0022.
Most of our scripts here are Python (so the C rules apply), and most of the code we have is either C++ or Java. On Tue, Nov 25, 2014 at 6:49 PM, Derek Martin <[email protected]> wrote: > On Tue, Nov 25, 2014 at 09:38:52AM -0500, Jerry Feldman wrote: > > I have an auto mounted directory where I want to restrict access to only > > members of a specific group, lets call it foogroup for now. I didn't want > > to use netgroups for a number of reasons in that the NAS is run by a > > separate team, and they use a different LDAP server than we do. > > > > The way I set up the original top level directory is: > > chmod 2770: rwxrws--- foogroup > > But when I create a subdirectory I get: > > rwx--S--- > > How did you create the directory? If you're using mkdir on the > command line, the umask seems like the only possible culprit, > excepting some weird filesystem mount options possibly. The mkdir > command has a -m option to set the mode but one can assume you're not > using that, or else you would know. =8^) > > If you're doing this from within a program, the mkdir() system call > takes a mode argument (and is, I believe, still modified by your > umask). That's for C obviously but other languages should generally > have something similar, and in some of those languages it may be > optional, defaulting to something you don't want... > > -- > Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 > -=-=-=-=- > This message is posted from an invalid address. Replying to it will > result in > undeliverable mail due to spam prevention. Sorry for the inconvenience. > > -- -- Jerry Feldman <[email protected]> Boston Linux and Unix PGP key id: B7F14F2F Key fingerprint: D937 A424 4836 E052 2E1B 8DC6 24D7 000F B7F1 4F2F _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
