Re: setuid directories - or other option?
In the last episode (Feb 04), Modulok said: > I have a media project directory shared with windows users via samba. > Every authenticated samba user that accesses the directory is forced to > the same FreeBSD user, 'foo', regardless. The group also has > write-access: > > drwxrwxr-x 47 foofoo 2.5K Feb 4 05:42 foo/ > > Local shell users, however, are a problem. Ideally, I want a simliar > behavior for them too i.e. Any files they create in the directory are > also owned by the user 'foo'. How do I do that? (See below about > setuid.) > > I wouldn't even care who owns the files, so long as file permission bits > in this directory defaulted to 664 so every member of the group 'foo' > could edit them. Can I do this without changing every user's default > umask? (I want to avoid that.) Is there some kind of 'umask for this > directory is blah' feature? > > I looked at setuid bit on directories. Sounds perfect! BUT I'll be moving > to ZFS soon and from what I gather, it won't work there. I guess I could > have a cron job run every minute and change offending permission bits, but > that feels hacky. I think you mean the setgid bit (so that all files in the subdirectory will have group="foo"), and that should work on ZFS as well. Another option might be to use ACLs to grant access to the "foo" group outside of the standard unix mode system: setfacl -m group:foo:rwx:df:allow /path That will grant the "foo" group read/write/execute access on all files under "/path" , regardless of the regular owner/group/umask settings. Also, make sure that the zfs aclmode and aclinherit properities on the filessytem are set to something other than "discard". -- Dan Nelson dnel...@allantgroup.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: setuid directories - or other option?
In the last episode (Feb 04), Modulok said: > I have a media project directory shared with windows users via samba. > Every authenticated samba user that accesses the directory is forced to > the same FreeBSD user, 'foo', regardless. The group also has > write-access: > > drwxrwxr-x 47 foofoo 2.5K Feb 4 05:42 foo/ > > Local shell users, however, are a problem. Ideally, I want a simliar > behavior for them too i.e. Any files they create in the directory are > also owned by the user 'foo'. How do I do that? (See below about > setuid.) > > I wouldn't even care who owns the files, so long as file permission bits > in this directory defaulted to 664 so every member of the group 'foo' > could edit them. Can I do this without changing every user's default > umask? (I want to avoid that.) Is there some kind of 'umask for this > directory is blah' feature? > > I looked at setuid bit on directories. Sounds perfect! BUT I'll be moving > to ZFS soon and from what I gather, it won't work there. I guess I could > have a cron job run every minute and change offending permission bits, but > that feels hacky. I think you mean the setgid bit (so that all files in the subdirectory will have group="foo"), and that should work on ZFS as well. Another option might be to use ACLs to grant access to the "foo" group outside of the standard unix mode system: setfacl -m group:foo:rwx:df:allow /path That will grant the "foo" group read/write/execute access on all files under "/path" , regardless of the regular owner/group/umask settings. Also, make sure that the zfs aclmode and aclinherit properities on the filessytem are set to something other than "discard". -- Dan Nelson dnel...@allantgroup.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
setuid directories - or other option?
List, I have a media project directory shared with windows users via samba. Every authenticated samba user that accesses the directory is forced to the same FreeBSD user, 'foo', regardless. The group also has write-access: drwxrwxr-x 47 foofoo 2.5K Feb 4 05:42 foo/ Local shell users, however, are a problem. Ideally, I want a simliar behavior for them too i.e. Any files they create in the directory are also owned by the user 'foo'. How do I do that? (See below about setuid.) I wouldn't even care who owns the files, so long as file permission bits in this directory defaulted to 664 so every member of the group 'foo' could edit them. Can I do this without changing every user's default umask? (I want to avoid that.) Is there some kind of 'umask for this directory is blah' feature? I looked at setuid bit on directories. Sounds perfect! BUT I'll be moving to ZFS soon and from what I gather, it won't work there. I guess I could have a cron job run every minute and change offending permission bits, but that feels hacky. Any other ideas? -Modulok- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"