Top Posting intentionally because much of the context was lost in the
back and forth:
The request is for a shared directory that multiple users can put docs
in and they are automatically given r/w access to the users, but only
those users.
This seems like a common need that we as a community should write-up a
standard solution for. I'm willing to help, but I have not yet used
the wiki, so I don't know where to put it. Also, I would like to get
some consensus on the recommended Suse methodology for having a shared
dir.
FYI:
I took the Redhat admins bootcamp a few years ago and they document a
process similar to what the OP described, but it depends on a umask of
022, whereas opensuse is defaulting to 002, so this really is opensuse
issue, not totally a generic linux issue.
Joachim has posted what appears to be a good starting point of a wiki
entry that does not require a dangerous universal umask change.
Do people agree that using ACLs is the best approach.
Greg
On 5/23/07, Joachim Schrod
Fajar Priyanto wrote:
However, I don't think setting up the umask globally would be "as safe as" in RH, because Suse doesn't use the concept of UPG (user private group). So, if I set the umask globally, then it means every user can access those files and directory in the "test" directory.
Yes, that's right. This setting is only sensible if you don't use "users" as the group for these accounts, but a specific (different) group.
You mean ACL as in "extended ACL" from setfacl?
Yep. As an example, I use the following ACL setting on a SVN repository directory to ensure that www-data has always read access and group texcatal has write access, on newly created files in that directory tree:
comedy:~ # getfacl /home/ctan/texcatalogue_svn getfacl: Removing leading '/' from absolute path names # file: home/ctan/texcatalogue_svn # owner: ftpmaint # group: server user::rwx user:www-data:r-x group::r-x group:texcatal:rwx mask::rwx other::--- default:user::rwx default:user:www-data:r-x default:group::r-x default:group:texcatal:rwx default:mask::rwx default:other::---
(Btw, this is the SVN repository that drives the TeX-Catalogue, at http://www.ctan.org/tex-archive/help/Catalogue/catalogue.html.)
<snip>
Joachim
-- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod Email: jschrod@acm.org Roedermark, Germany
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-- Greg Freemyer The Norcross Group Forensics for the 21st Century -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org