[opensuse] Re: Wanna umask inhereted from parent directory
Fajar Priyanto wrote:
I do the same in Opensuse. But, the file created in the directory have the permission: -rw-r--r-- 1 geecko sales 4 2007-05-23 09:17 filegeecko (notice the rw-r--r--). This permission makes other user in sales group cannot edit geecko's file. User geecko has to specifically set the permission to 664 on the file.
How do I achive the default umask inhereted from the parent directory? I read some suggestions from google to adjust the global default umask, but I think it's a bit risky, or is it the only way?
Phil answered your question how to enable the RH behavior by setting the umask globally. If you don't want to do this, there is the possibility to use access control lists (ACLs); the default ACL determines the access right of newly created files. I don't know if the global umask setting is sufficient for you, so I stop here with the explanation; ask, if you need more info. But note: both methods don't support changing the access rights of files that are created elsewhere, e.g., in a personal directory, and moved to the shared directory. (That's because moving doesn't create a file, it just changes the directory entry. (Reality is even more complex, but hopefully you'll see what I mean.)) Joachim -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod Email: jschrod@acm.org Roedermark, Germany -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Onsdag 23 maj 2007 09:49 skrev Joachim Schrod:
Fajar Priyanto wrote:
I do the same in Opensuse. But, the file created in the directory have the permission: -rw-r--r-- 1 geecko sales 4 2007-05-23 09:17 filegeecko (notice the rw-r--r--). This permission makes other user in sales group cannot edit geecko's file. User geecko has to specifically set the permission to 664 on the file.
How do I achive the default umask inhereted from the parent directory? I read some suggestions from google to adjust the global default umask, but I think it's a bit risky, or is it the only way?
Phil answered your question how to enable the RH behavior by setting the umask globally.
If you don't want to do this, there is the possibility to use access control lists (ACLs); the default ACL determines the access right of newly created files.
I don't know if the global umask setting is sufficient for you, so I stop here with the explanation; ask, if you need more info.
But note: both methods don't support changing the access rights of files that are created elsewhere, e.g., in a personal directory, and moved to the shared directory. (That's because moving doesn't create a file, it just changes the directory entry. (Reality is even more complex, but hopefully you'll see what I mean.))
Joachim
-- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod Email: jschrod@acm.org Roedermark, Germany
Hi, perhaps I don't understand your problem, but could you not just put umask 002 (or whatever you desire) into .bashrc in the /home/geecko directory? -- ------------------------------------------------------------------------- Med venlig hilsen/Best regards Verner Kjærsgaard -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday 23 May 2007 14:49, Joachim Schrod wrote:
Phil answered your question how to enable the RH behavior by setting the umask globally.
If you don't want to do this, there is the possibility to use access control lists (ACLs); the default ACL determines the access right of newly created files.
I don't know if the global umask setting is sufficient for you, so I stop here with the explanation; ask, if you need more info.
But note: both methods don't support changing the access rights of files that are created elsewhere, e.g., in a personal directory, and moved to the shared directory. (That's because moving doesn't create a file, it just changes the directory entry. (Reality is even more complex, but hopefully you'll see what I mean.))
Hi Joachim, Do you know where I can set the umask globally in Suse? However, I don't think setting up the umask globally would be "as safe as" in RH, because Suse doesn't use the concept of UPG (user private group). So, if I set the umask globally, then it means every user can access those files and directory in the "test" directory. You mean ACL as in "extended ACL" from setfacl? I think I can try "create" the UPG situation like in RH, but it means I have to "remove" all related users from the 'user' group. Not practical. Or, after some browsing on /etc/apparmor directory, I think it's possible to set the umask for the 'test' directory and files. I'm not sure. -- Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial http://linux2.arinet.org 6:00pm up 9:53, 2.6.18.2-34-default GNU/Linux Let's use OpenOffice. http://www.openoffice.org
Fajar Priyanto wrote:
On Wednesday 23 May 2007 14:49, Joachim Schrod wrote:
Phil answered your question how to enable the RH behavior by setting the umask globally.
If you don't want to do this, there is the possibility to use access control lists (ACLs); the default ACL determines the access right of newly created files.
I don't know if the global umask setting is sufficient for you, so I stop here with the explanation; ask, if you need more info.
But note: both methods don't support changing the access rights of files that are created elsewhere, e.g., in a personal directory, and moved to the shared directory. (That's because moving doesn't create a file, it just changes the directory entry. (Reality is even more complex, but hopefully you'll see what I mean.))
Hi Joachim, Do you know where I can set the umask globally in Suse?
However, I don't think setting up the umask globally would be "as safe as" in RH, because Suse doesn't use the concept of UPG (user private group). So, if I set the umask globally, then it means every user can access those files and directory in the "test" directory.
You can create private groups manually, when you create a user. However, I agree that the current SUSE configuration, where anyone can read personal folders is bizarre. It's beyond belief that SUSE would combine a common "users" group with such a default mask. -- Use OpenOffice.org <http://www.openoffice.org> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
Fajar Priyanto wrote:
On Wednesday 23 May 2007 14:49, Joachim Schrod wrote:
Phil answered your question how to enable the RH behavior by setting the umask globally.
If you don't want to do this, there is the possibility to use access control lists (ACLs); the default ACL determines the access right of newly created files.
I don't know if the global umask setting is sufficient for you, so I stop here with the explanation; ask, if you need more info.
But note: both methods don't support changing the access rights of files that are created elsewhere, e.g., in a personal directory, and moved to the shared directory. (That's because moving doesn't create a file, it just changes the directory entry. (Reality is even more complex, but hopefully you'll see what I mean.))
Hi Joachim, Do you know where I can set the umask globally in Suse?
However, I don't think setting up the umask globally would be "as safe as" in RH, because Suse doesn't use the concept of UPG (user private group). So, if I set the umask globally, then it means every user can access those files and directory in the "test" directory.
You can create private groups manually, when you create a user. However, I agree that the current SUSE configuration, where anyone can read personal folders is bizarre. It's beyond belief that SUSE would combine a common "users" group with such a default mask.
Yes, you're right. The combination of a default umask of 022 and a generic user group of 'users' is pretty insecure. Is there a bug about this? -- Jonathan Arnold (mailto:jdarnold@buddydog.org) Daemon Dancing in the Dark, an Open OS weblog: http://freebsd.amazingdev.com/blog/ UNIX is user-friendly. It's just a bit picky about who its friends are. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Fajar Priyanto wrote:
Hi Joachim, Do you know where I can set the umask globally in Suse?
Do you mean for new users? Try Yast, Security and Users, User Management, Expert Options, Default for New Users, Umask for Home Directory. -- Joe Morris Registered Linux user 231871 running openSUSE 10.2 x86_64 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Fajar Priyanto wrote:
On Wednesday 23 May 2007 14:49, Joachim Schrod wrote:
Phil answered your question how to enable the RH behavior by setting the umask globally.
If you don't want to do this, there is the possibility to use access control lists (ACLs); the default ACL determines the access right of newly created files.
I don't know if the global umask setting is sufficient for you, so I stop here with the explanation; ask, if you need more info.
But note: both methods don't support changing the access rights of files that are created elsewhere, e.g., in a personal directory, and moved to the shared directory. (That's because moving doesn't create a file, it just changes the directory entry. (Reality is even more complex, but hopefully you'll see what I mean.))
Hi Joachim, Do you know where I can set the umask globally in Suse?
/etc/initscript -- Use OpenOffice.org <http://www.openoffice.org> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knott wrote:
Fajar Priyanto wrote:
On Wednesday 23 May 2007 14:49, Joachim Schrod wrote:
Phil answered your question how to enable the RH behavior by setting the umask globally.
If you don't want to do this, there is the possibility to use access control lists (ACLs); the default ACL determines the access right of newly created files.
I don't know if the global umask setting is sufficient for you, so I stop here with the explanation; ask, if you need more info.
But note: both methods don't support changing the access rights of files that are created elsewhere, e.g., in a personal directory, and moved to the shared directory. (That's because moving doesn't create a file, it just changes the directory entry. (Reality is even more complex, but hopefully you'll see what I mean.))
Hi Joachim, Do you know where I can set the umask globally in Suse?
/etc/initscript
Also /etc/login.defs -- Use OpenOffice.org <http://www.openoffice.org> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wed, May 23, 2007 at 06:00:32PM +0700, Fajar Priyanto wrote:
Do you know where I can set the umask globally in Suse? ... Or, after some browsing on /etc/apparmor directory, I think it's possible to set the umask for the 'test' directory and files.
AppArmor does not affect your umask. It simply lists the posix capabilities and files/permissions that your programs are allowed to use when they are running. Furthermore, umasks are associated with processes, not with directories. So I'm not sure what you're trying to accomplish.. Can you try explaining again what it is you want? Thanks
You probably want to set it in the system logins eg /etc/csh.login On 5/25/07, Seth Arnold <seth.arnold@suse.de> wrote:
On Wed, May 23, 2007 at 06:00:32PM +0700, Fajar Priyanto wrote:
Do you know where I can set the umask globally in Suse? ... Or, after some browsing on /etc/apparmor directory, I think it's possible to set the umask for the 'test' directory and files.
AppArmor does not affect your umask. It simply lists the posix capabilities and files/permissions that your programs are allowed to use when they are running.
Furthermore, umasks are associated with processes, not with directories. So I'm not sure what you're trying to accomplish..
Can you try explaining again what it is you want? Thanks
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (8)
-
dave stern - e-mail.pluribus.unum -
Fajar Priyanto -
James Knott -
Joachim Schrod -
Joe Morris (NTM) -
Jonathan Arnold -
Seth Arnold -
Verner Kjærsgaard