Hello,
I am struggling to set up permissions on a set of directories for my photos.
They've got a bit untidy and I'm trying to sort them out.
Here's what I think I want, but if someone has a better suggestion I'm all
ears.
First, I have a directory /home/data/photos which is on a huge volume. I
have more than one user who might take photos, but I want them all in one
place, rather than in each user's home directory. I have a group called
'photos' which normally no-one is a member of.
In the photos directory I want subdirectories based on dates, for example
20050819, which is the only level I want (i.e. no further subdirectories).
In these directories, any user can place their photos. If the directory
does not exist, I want a user to be able to create it, but for it to be
owned by root. In the directory any user can place their photos.
So, the directory structure is:
home
|
+-- data
|
+-- photos
|
+--- 20050819
+--- 20050820
+--- 20050901
+--- 20050902
I think the permissions on the directories (photos, and dates) should be:
owner: root rwx
group: photos rwx
other r x
This allows anyone (in other) to traverse the directories, and anyone in
the photos group to do anything with the files. I think the owner of the
directory should be root, since I think the directory should not be owned
by a specific user.
On each photo file, the permissions should be:
owner: <user> r
group: photos rwx
other: r
The purpose of this is that owners (the person who snapped the image)
should own the file, but that they have read-only access to prevent
accidental deletion. Others can look at the files. Members of the photos
group can do anything. Obviously, the owner can grant themselves
read/write access at any time.
There are several reasons I want this:
* All photos in one place (/home/data/photos). Easy to back up, and easy
to generate a slideshow of all images.
* Accidental deletion avoided (owners are read-only, and no-one is in the
photos group by default).
* Members of photos groups can do file operations (moving/deleting) as
themselves. They don't need to be root, but root needs to temporarily add
them to the photos group (and remove them when they are done).
Anyway, it seems to be working with this setup. Obviously when dated
directories are created they are owned by the creator, so root needs to
chown root:photos on these.
Now that I have written this all down, it seems dumb. Anyone got a better
suggestion?
Andrew
