Neil Bothwick schrieb:
On Thu, 17 Mar 2016 18:38:56 -0400, Rich Freeman wrote:
umask is just not viable either, as a) it's global and affects all
files a user creates and b) by definition umask is modifiable by the
user (it's a feature to help users out so they don't need to chmod
every file every time) and c) you can't stop them doing it (by
design).
Actually, this is completely viable. Just set the default umasks to
007, and create a new group for each user as their default group (and
don't have all their home directories be owned by some users group).
This is how this sort of situation was handled long before POSIX ACLs
became common, and I know that some distros behave this way by default
for this reason (this was the case in the distro I used right before I
switched to Gentoo).
If users chmod a file then tell them not to. If you must, set up some
cron job to clean up after them.
But, you can of course do this with ACLs as well. I haven't tried
setting those up personally.
I've done this with ACLs in the past, which is why I suggested it, but
it's a pain to set up if you haven't used them before. Alan's suggestion
of using inotify is probably simplest. Install incrond and put something
like this in a file in /etc/incron.d
/shared/dir IN_CREATE,IN_MODIFY chmod g+w $#
PS: How about subdirectories? The users sharing the directory can
create and delete them as well, and files within them; yet incron
ignores what happens in subdirectories.
Using 'chmod -R g+w $#' isn't very appealing, and how safely does it
handle file names?
