Re: [Dorset] How can I reproduce the properties of Windows Shared Documents directory in Linux
Hi John,
I got several permissions
shown as (big) S. According to one website this means setgid (s)
but WITHOUT searching (x).
That's correct. It's terrible GNU deprecate man pages for crufty old
info(1), but ls(1posix) from package manpages-posix, `man 1posix ls',
does say
S
If in owner permissions, the file is not executable and
set-user-ID mode is set. If in group permissions, the file is
not executable and set-group-ID mode is set.
I just had to add x to get them right.
Yep.
So I'm going to put 2 'find' commands into cron. The directory one
will be:
find /home/shareddocs -type d ! -perm -g=rwsx -ls -exec chmod g+rwsx {} +
I find it useful to have dr-x.. directories sometimes; for archived
material it lessens the risk of accidental corruption, or new material
being added. This find command would grant group more privileges than
user, but other than that, it's fine. It's probably more normal to
write rwsx as rwxs because rwx is so often seen.
and the file one:
find /home/shareddocs -type f ! -perm -22 -ls -exec chmod g=u {} +
Isn't that saying if one or more of group and other don't have write
permission, then copy user's permissions to group? Perhaps user doesn't
have write permission, so group still won't gain them. Even if it does,
other won't gain them, probably correctly, so the file will be found
again next time, and the next...
`-perm -200 ! -perm -20' tests if user has write permission but group
hasn't.
You can put these in your crontab to test them by omitting the `-exec
...', and before that by running them and altering the permissions on
test files and directories to see if the -ls triggers.
Cheers, Ralph.
--
Next meeting: Bournemouth, Tuesday, 2014-10-07 20:00
Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/
New thread on mailing list: mailto:dorset@mailman.lug.org.uk
How to Report Bugs Effectively: http://goo.gl/4Xue
Re: [Dorset] How can I reproduce the properties of Windows Shared Documents directory in Linux
To be honest, once the 'old' files are in place, and the above
criteria are met, you can just;
find /home/shared -exec chgrp users {} \;
as root and you shoulnd't need any cron jobs...
If the primary group isn't changed then files created outside of the g+s
hierarchy will be the non-users group and won't change to it on being
mv'd into the shared-directory area. Same for old files creat(2)'d
before the primary group is changed. So the cron'd find helps mop up
and, with the print, alerts the user by email to the kind of thing going
wrong.
Cheers, Ralph.
Neil Ralph,
While I'm getting the directory set up with all the old items I'm
finding that the g+s property isn't put into copied directories.
Although there wouldn't be much of this sort of copying when using the
arrangement normally, I do feel I need to routinely check and adjust the
permissions in case there is a directory copy.
I've encountered some strange and inconsistent permissions when copying
directories from Windows, i.e. from NTFS. I got several permissions
shown as (big) S. According to one website this means setgid (s)
but WITHOUT searching (x). I just had to add x to get them right.
Copying a directory from ext4 is more sane but doesn't give me what I need.
So I'm going to put 2 'find' commands into cron. The directory one will be:
find /home/shareddocs -type d ! -perm -g=rwsx -ls -exec chmod
g+rwsx {} +
and the file one:
find /home/shareddocs -type f ! -perm -22 -ls -exec chmod g=u {} +
Let me know if you think these are wrong.
Thanks,
John
--
Next meeting: Bournemouth, Tuesday, 2014-10-07 20:00
Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/
New thread on mailing list: mailto:dorset@mailman.lug.org.uk
How to Report Bugs Effectively: http://goo.gl/4Xue
Re: [Dorset] How can I reproduce the properties of Windows Shared Documents directory in Linux
Hi John, Firstly, do I have to edit /etc/passwd to change users' primary group? Yes, it's the third field; see passwd(5). $ grep ^$USER: /etc/passwd ralph:x:1000:1000:Ralph Corderoy,,,:/home/ralph:/bin/bash $ There's vipw(8) for editing that file. Or see usermod(8)'s -g option as another method. I now need to create the cron job. I'm not sure how to do it in a situation like this where I need to run the find command with sudo. I can't do su, presumably because root doesn't have a password. Use root's crontab file rather than a pleb's. `sudo crontab -e'. You can specify an editor if you don't like the system's default; `sudo VISUAL=/bin/ed crontab -e'. Cheers, Ralph. -- Next meeting: Bournemouth, Tuesday, 2014-09-02 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread on mailing list: mailto:dorset@mailman.lug.org.uk How to Report Bugs Effectively: http://goo.gl/4Xue
Re: [Dorset] How can I reproduce the properties of Windows Shared Documents directory in Linux
Hi Neil,
To be honest, once the 'old' files are in place, and the above
criteria are met, you can just;
find /home/shared -exec chgrp users {} \;
as root and you shoulnd't need any cron jobs...
If the primary group isn't changed then files created outside of the g+s
hierarchy will be the non-users group and won't change to it on being
mv'd into the shared-directory area. Same for old files creat(2)'d
before the primary group is changed. So the cron'd find helps mop up
and, with the print, alerts the user by email to the kind of thing going
wrong.
Cheers, Ralph.
--
Next meeting: Bournemouth, Tuesday, 2014-09-02 20:00
Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/
New thread on mailing list: mailto:dorset@mailman.lug.org.uk
How to Report Bugs Effectively: http://goo.gl/4Xue
Re: [Dorset] How can I reproduce the properties of Windows Shared Documents directory in Linux
Thanks Ralph and John, I've put those ideas into practice (manually) and
everything seems OK. Neil, I already had a new group for all (i.e. 2!)
users but it is not their primary group. Firstly, do I have to edit
/etc/passwd to change users' primary group? Secondly, would that change
and a new standard umask mean that all files are writeable to all users?
I now need to create the cron job. I'm not sure how to do it in a
situation like this where I need to run the find command with sudo. I
can't do su, presumably because root doesn't have a password.
Also, since I have an all-users group I guess I could change the find from:
find /home/shared -type f ! -perm -22 -ls -exec chmod go=u {} +
to:
find /home/shared -type f ! -perm -22 -ls -exec chmod g=u {} +
(I deleted an o!).
John C-C, thanks for the info on setuid bit on the directories. I
thought setuid was just for executables.
Regards,
John
--
Next meeting: Bournemouth, Tuesday, 2014-09-02 20:00
Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/
New thread on mailing list: mailto:dorset@mailman.lug.org.uk
How to Report Bugs Effectively: http://goo.gl/4Xue
Re: [Dorset] How can I reproduce the properties of Windows Shared Documents directory in Linux
On 08/30/14 12:54, JD wrote:
Thanks Ralph and John, I've put those ideas into practice (manually)
and everything seems OK. Neil, I already had a new group for all
(i.e. 2!) users but it is not their primary group. Firstly, do I have
to edit /etc/passwd to change users' primary group? Secondly, would
that change and a new standard umask mean that all files are writeable
to all users?
ok, providing the directory is g+ws, and group users, and the users are
members of the 'users' group (all of which seem to be fulfilled right?)
this system will work (tried it myself to prove it) and the users don't
need to have their primary group changed (huzzah)
I now need to create the cron job. I'm not sure how to do it in a
situation like this where I need to run the find command with sudo. I
can't do su, presumably because root doesn't have a password.
To be honest, once the 'old' files are in place, and the above criteria
are met, you can just;
find /home/shared -exec chgrp users {} \;
as root and you shoulnd't need any cron jobs...
Also, since I have an all-users group I guess I could change the find
from:
find /home/shared -type f ! -perm -22 -ls -exec chmod go=u {} +
to:
find /home/shared -type f ! -perm -22 -ls -exec chmod g=u {} +
(I deleted an o!).
John C-C, thanks for the info on setuid bit on the directories. I
thought setuid was just for executables.
set GID on directories does EXACTLY what you want here...
Regards,
John
--
Next meeting: Bournemouth, Tuesday, 2014-09-02 20:00
Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/
New thread on mailing list: mailto:dorset@mailman.lug.org.uk
How to Report Bugs Effectively: http://goo.gl/4Xue
[Dorset] How can I reproduce the properties of Windows Shared Documents directory in Linux?
I'm on Ubuntu 14.04. I want to convert my wife myself from Windows XP. I think I can do almost everything to reproduce our accounts but I can't create the equivalent of Shared Documents. This directory, in Windows, appears to contain objects that are owned by nobody but everybody has read/write/create/delete permission on all the files and directories in it. In Ubuntu I can't get rid of the ownership by an individual user and the consequent permissions. I've tried to use Ubuntu's Public directory in my account but I can't get it to retain the read/write permission for Others. In my wife's account sharing Public is prohibited even though I've made her an administrator and therefore a member of sudo and sambashare. I've created /home/shared and made it usable by all but, of course, items put in there retain their owners permissions. I guess that setting umask to an extreme value (is that 000 or 777?) would do it but with enormous overkill! Please help to get my wife away from Windows!!! - preferably without her noticing! Regards, John -- Next meeting: Bournemouth, Tuesday, 2014-09-02 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread on mailing list: mailto:dorset@mailman.lug.org.uk How to Report Bugs Effectively: http://goo.gl/4Xue
Re: [Dorset] How can I reproduce the properties of Windows Shared Documents directory in Linux?
Hi John,
I've created /home/shared and made it usable by all but, of course,
items put in there retain their owners permissions.
Yes, moving a file to /home/shared won't change it from 0600, say, to
0666.
I guess that setting umask to an extreme value (is that 000 or 777?)
would do it but with enormous overkill!
It's `permissions = ~umask', where `' is bitwise-AND and `~' is
bitwise-NOT, IOW it's the bits to clear, like a BIC instruction. That's
why
$ umask
0022
$
is the default value, clearing `w' for group and other from the default
permissions of 0666; rw-rw-rw- = ~w--w- is rw-r--r--. Note, since
it's an octal number, it's often shown with a leading 0 to make this
clear.
So to have rw-rw-rw- remain untouched, you'd have a umask of 0; yes,
not generally wanted.
How about having a cron job as root that runs every so often and fixes
up newly arrived files with the wrong permissions?
find /home/shared -type f ! -perm -22 -ls -exec chmod go=u {} +
You can try it manually, missing off the -exec... just to see what it
considers needs work. The -ls output will be emailed to you by cron, so
you can see what's newly arrived and fixed; remove it when boringly
content.
Be careful about doing this somewhere else; mucking up permissions on a
wide scale is an easy way to break an installation beyond simple repair!
Cheers, Ralph.
--
Next meeting: Bournemouth, Tuesday, 2014-09-02 20:00
Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/
New thread on mailing list: mailto:dorset@mailman.lug.org.uk
How to Report Bugs Effectively: http://goo.gl/4Xue
Re: [Dorset] How can I reproduce the properties of Windows Shared Documents directory in Linux?
On 08/25/14 14:32, JD wrote: I'm on Ubuntu 14.04. I want to convert my wife myself from Windows XP. I think I can do almost everything to reproduce our accounts but I can't create the equivalent of Shared Documents. This directory, in Windows, appears to contain objects that are owned by nobody but everybody has read/write/create/delete permission on all the files and directories in it. In Ubuntu I can't get rid of the ownership by an individual user and the consequent permissions. I've tried to use Ubuntu's Public directory in my account but I can't get it to retain the read/write permission for Others. In my wife's account sharing Public is prohibited even though I've made her an administrator and therefore a member of sudo and sambashare. I've created /home/shared and made it usable by all but, of course, items put in there retain their owners permissions. I guess that setting umask to an extreme value (is that 000 or 777?) would do it but with enormous overkill! Please help to get my wife away from Windows!!! - preferably without her noticing! Regards, John I would ensure that all users are primarily a member of the 'users' group and ensure that the umask set allows all 'users' members rw perms (umask 007) https://www.ibm.com/developerworks/community/blogs/brian/entry/every_possible_unix_linux_umask_mode_plus_scripts_to_generate_these_lists15?lang=en HTH Neil -- Next meeting: Bournemouth, Tuesday, 2014-09-02 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread on mailing list: mailto:dorset@mailman.lug.org.uk How to Report Bugs Effectively: http://goo.gl/4Xue
Re: [Dorset] How can I reproduce the properties of Windows Shared Documents directory in Linux?
Either of the previous suggestions sound good, but here's how I've always done it. (1) Ensure the users you want to share the directory have membership of an additional common group. One Debian systems like Ubuntu, each user e.g. john gets a group with the same name (john) as their primary group. Check the groups you're in already by typing groups at a shell. users would be a good option, assuming it exists. If you're not in this group, do this to add the user jd:- usermod -aG users jd (2) Change the default umask to 002 as Ralph described. (3) For the shared directory, do:- cd /shared chgrp -R users * chmod -R g+w * find -type d chmod g+s This makes all the files have the group users and be group writeable. It then sets the group setuid bit on the directories, which has a special meaning in this case. See http://en.wikipedia.org/wiki/Setuid#setuid_and_setgid_on_directories It means instead of files being created with the creating user's primary group (which is the normal behaviour), they will inherit the parent's group ID. So, the users group membership will apply to all files created there. Combined with the umask, this means all members of users can read and write all files there. To be honest, it's not a bad idea to put the step (3) commands in a cron job too as Ralph suggested, just to fix up any problems (usually caused by doing stuff in there as root via sudo). Belt and braces! On 25 August 2014 15:02, Neil Stone neil.st...@gmail.com wrote: On 08/25/14 14:32, JD wrote: I'm on Ubuntu 14.04. I want to convert my wife myself from Windows XP. I think I can do almost everything to reproduce our accounts but I can't create the equivalent of Shared Documents. This directory, in Windows, appears to contain objects that are owned by nobody but everybody has read/write/create/delete permission on all the files and directories in it. In Ubuntu I can't get rid of the ownership by an individual user and the consequent permissions. I've tried to use Ubuntu's Public directory in my account but I can't get it to retain the read/write permission for Others. In my wife's account sharing Public is prohibited even though I've made her an administrator and therefore a member of sudo and sambashare. I've created /home/shared and made it usable by all but, of course, items put in there retain their owners permissions. I guess that setting umask to an extreme value (is that 000 or 777?) would do it but with enormous overkill! Please help to get my wife away from Windows!!! - preferably without her noticing! Regards, John I would ensure that all users are primarily a member of the 'users' group and ensure that the umask set allows all 'users' members rw perms (umask 007) https://www.ibm.com/developerworks/community/blogs/brian/entry/every_possible_unix_linux_umask_mode_plus_scripts_to_generate_these_lists15?lang=en HTH Neil -- Next meeting: Bournemouth, Tuesday, 2014-09-02 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread on mailing list: mailto:dorset@mailman.lug.org.uk How to Report Bugs Effectively: http://goo.gl/4Xue -- Next meeting: Bournemouth, Tuesday, 2014-09-02 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread on mailing list: mailto:dorset@mailman.lug.org.uk How to Report Bugs Effectively: http://goo.gl/4Xue
