On Sat, Dec 30, 2000 at 01:40:25PM -0500, Kenneth E. Lussier wrote:
> This is probably a dumb question, but here goes, anyway...
>
> There is a user that has a directory under their home directory that
> they want to to be owned/grouped nobody and mode 777, as well as
> everything under it. When they create a subdirectory, it is
> owned/grouped them and mode 755. Is there a way to set the umask and
> ownership an a single subdirectory?
Not exactly, but kinda.
You need to set the SGID bit on the parent directory, and then change
the user and group to what you want it to be. Only root can change
the ownership, though the owner can change the group ownership (but
only to a group they are in, IIRC). Some versions of Unix do let you
give away ownership to a file, but I'm pretty sure Linux isn't one of them.
The result of doing this is that new files created by random users
will have the same GROUP ownership as the directory, and the same
permissions (except that regular files will not be executable by
default, you will still need to set the execute bit on them by hand).
The owner of the new file will be the user that created it.
To set the SGID bit on the directory, you can use chmod with either
the numeric variation or the symbolic variation, i.e.:
chmod 2777 directory
chmod g+s directory
These are equivalent. The directory will now show these permissions
in the output of ls -l:
drwxrwsrwx
The problem with making directories 777 is that anyone can delete
files in them, which may or may not be what you want. If it isn't,
you can protect them a little bit by setting the sticky bit on the
directory, which will prevent anyone but the owner (of the file, not
the directory) from deleting files in that directory. This can be
accomplished thusly:
chmod 1777 directory # sticky only
chmod 3777 directory # sticky + SGID bit
chmod o+t directory # add sticky using symbolic notation
The first will yield these permissions:
drwxrwxrwt
The other two these:
drwxrwsrwt (in the symbolic case, assuming that it was already 777)
There is no way to force the owner of the file upon creation. It will
always be owned by the person who created it (the SUID bit on a
directory does NOT have the same effect as the SGID bit). There is
also no way to force a regular file to be created with the executable
bit set to on. These are security features of the filesystem.
--
We sometimes catch a window, a glimpse of what's beyond
Was it just imagination stringing us along?
---------------------------------------------------
Derek Martin | Unix/Linux geek
[EMAIL PROTECTED] | GnuPG Key ID: 0x81CFE75D
Retrieve my public key at http://pgp.mit.edu
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
