RE: [SLE] permissions problem - Linux question
You want the directory to be setgid, so,
chmod 2777 .
This create any file in that directory to be created with the same groups perms. as the directory.
Is that sufficient?
Almost, except if one user creates a file, the second user can't modify it; although the second user can delete the file, which I think is odd. Example; -rwxrwsrwx 1 herman users 0 Oct 21 09:58 test-1.txt -rwxrwsrwx 1 herman users 0 Oct 21 09:57 test-2.txt -rwxrwsrwx 1 herman users 0 Oct 21 09:56 test-3.txt -rw-r--r-- 1 postgres users 0 Oct 21 11:43 new-file.txt -rw-r--r-- 1 herman users 0 Oct 21 11:46 herman-file.txt -rwxrwsrwx 1 postgres users 679 Oct 21 10:38 source_system.txt -rwxrwsrwx 1 herman users 0 Oct 21 09:54 test-postgres.txt #chmod -R 2777 dir-in-question #cd dir-in-question user 'herman' creates file herman-file.txt user 'postgres' can't modify the file, however user postgres can 'rm' file herman-file.txt. Any ideas? Thank you. ~James
1) When the owner of the file creates the file they can 'chmod 664 file' or 2) Change the default umask of the invoking shell or globally. It should be 0022 by system default. You can change it to 0002. umask 0002 Are those solutions sufficient? Thanks, LDB James D. Parra wrote:
You want the directory to be setgid, so,
chmod 2777 .
This create any file in that directory to be created with the same groups perms. as the directory.
Is that sufficient?
Almost, except if one user creates a file, the second user can't modify it; although the second user can delete the file, which I think is odd.
Example;
-rwxrwsrwx 1 herman users 0 Oct 21 09:58 test-1.txt -rwxrwsrwx 1 herman users 0 Oct 21 09:57 test-2.txt -rwxrwsrwx 1 herman users 0 Oct 21 09:56 test-3.txt -rw-r--r-- 1 postgres users 0 Oct 21 11:43 new-file.txt -rw-r--r-- 1 herman users 0 Oct 21 11:46 herman-file.txt -rwxrwsrwx 1 postgres users 679 Oct 21 10:38 source_system.txt -rwxrwsrwx 1 herman users 0 Oct 21 09:54 test-postgres.txt
#chmod -R 2777 dir-in-question #cd dir-in-question
user 'herman' creates file herman-file.txt user 'postgres' can't modify the file, however user postgres can 'rm' file herman-file.txt.
Any ideas?
Thank you.
~James
James D. Parra wrote:
You want the directory to be setgid, so,
chmod 2777 .
This create any file in that directory to be created with the same groups perms. as the directory.
Is that sufficient?
Almost, except if one user creates a file, the second user can't modify it; although the second user can delete the file, which I think is odd.
Example;
-rwxrwsrwx 1 herman users 0 Oct 21 09:58 test-1.txt -rwxrwsrwx 1 herman users 0 Oct 21 09:57 test-2.txt -rwxrwsrwx 1 herman users 0 Oct 21 09:56 test-3.txt -rw-r--r-- 1 postgres users 0 Oct 21 11:43 new-file.txt -rw-r--r-- 1 herman users 0 Oct 21 11:46 herman-file.txt -rwxrwsrwx 1 postgres users 679 Oct 21 10:38 source_system.txt -rwxrwsrwx 1 herman users 0 Oct 21 09:54 test-postgres.txt
#chmod -R 2777 dir-in-question #cd dir-in-question
user 'herman' creates file herman-file.txt user 'postgres' can't modify the file, however user postgres can 'rm' file herman-file.txt.
Any ideas?
Thank you.
~James
The umask controls permissions of newly created files. Yours is probably 0022. Setting it to 0002 will result in the files being created with -rw-rw-r-. All the sgid bit on a directory does is ensure the file has the same owning group as the directory. It doesn't affect the permissions. An alternative would be to use ACLs. # setfacl -m u::rwx,d:u::rwx,g:users:rwx,d:g:users:rwx,m::rwx,d:m:rwx,o::rwx,d:o:rwx dir-in-question will cause all files created in the dir-in-question directory to be readable and writeable by the owner, the group users and unreadable by everyone else.. Jason Joines ================================
Hi,
On Fri, 21 Oct 2005 11:55:11 -0700
"James D. Parra"
You want the directory to be setgid, so, chmod 2777 . [...] Is that sufficient?
Almost, except if one user creates a file, the second user can't modify it; although the second user can delete the file, which I think is odd.
No, of course it's not odd. "Deleting" is unlinking from that directory. This isn't controlled by the file's permissions but the directory's instead. And that is 0777+setgid - writable for everyone. Write permission on a directory allows you to change its contents as this is the case for an individual file. That other's can't modify those files is simply due to their umask. You might want to change it in their profiles. -hwh
participants (4)
-
Hans-Werner Hilse
-
James D. Parra
-
Jason Joines
-
Lawrence Bowie