What about setting an ACL on the directory via setfacl(1)?: ACL's override umasks, and may save you a bit of grief.
-- M. On Thu, 08 Jul 2004 11:38:00 -0700, Richard Crawford <[EMAIL PROTECTED]> wrote: > This is kind of a long story, so bear with me. > > On our production web server, one owner -- cfusion -- owns all files in > the web directories. cfusion belongs to the "webdev" group. The > permissions on all of these files are set to -rw-rw-r-- (umask is set to > 002); thus, cfusion can do anything to the files, and any user belonging > to the "webdev" group can, in theory read and write to those files. > > On our development web server, the different developers -- bob, hank, > etc. -- own their own respective files in the web directories. All of > the developers belong to the "webdev" group. Each developer has their > umask set to 002, so the permissions on all files created by the users > are -rw-rw-r--, so that any user in the "webdev" group can affect any > other file created by any other user. > > When users FTP files from the development server to the production > server, they log in as "cfusion" on production. Thus, for example, if > Hank moves his files from development to production, their ownership is > changed to cfusion. > > Recently, I thought it would be a good idea to retain information about > file creation on the production server as well. To that end, I created > user accounts for the developers on the production server, and assigned > them all to the "webdev" group, just like on the development server. > > Should have been simple, but now it's a mess. Developers can't seem to > write to files on the production server, even if the file entry in ls > looks like this: > > -rw-rw-r-- 2 cfusion webdev 512 Jul 8 2003 file.txt > > If I'm right about how ownership and permissions work, then any user who > belongs to the webdev group should be able to write to file.txt. > > Am I right? Have I missed something incredibly crucial? umask for each > user is set to 002 so there shouldn't be a problem there. > > Help! > > -- > Richard S. Crawford > Programmer III, > UC Davis Extension Distance Learning Group (http://unexdlc.ucdavis.edu) > (916)327-7793 / [EMAIL PROTECTED] > > _______________________________________________ > Solaris-Users mailing list > [EMAIL PROTECTED] > http://www.filibeto.org/mailman/listinfo/solaris-users > -- Michael-John Anthony <mjanthony at gmail dot com> _______________________________________________ Solaris-Users mailing list [EMAIL PROTECTED] http://www.filibeto.org/mailman/listinfo/solaris-users
