[opensuse] how to give files group rw permissions
Hi I want all files created or copied to a directory become rw for all group members. I have a directory e.g. chmod g+rws /home/dropbox gives me: d-wxrws--x 2 root suseusers 4096 Feb 14 20:16 dropbox However, if a user in the suseusers group copies or creates a file there it is: -rw-r--r-- 1 steve6 suseusers 0 Feb 14 20:23 hola but I want it: -rw-rw---- 1 steve6 suseusers 0 Feb 14 20:23 hola Can it be done? Thanks, L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, Feb 14, 2012 at 2:31 PM, lynn <lynn@steve-ss.com> wrote:
Hi I want all files created or copied to a directory become rw for all group members.
I have a directory e.g. chmod g+rws /home/dropbox
gives me: d-wxrws--x 2 root suseusers 4096 Feb 14 20:16 dropbox
However, if a user in the suseusers group copies or creates a file there it is: -rw-r--r-- 1 steve6 suseusers 0 Feb 14 20:23 hola
but I want it: -rw-rw---- 1 steve6 suseusers 0 Feb 14 20:23 hola
Can it be done?
Thanks, L x
With ACLS, yes. See http://old-en.opensuse.org/SDB:POSIX_Access_Control_List_%28ACL%29_Support Or for a simple tutorial, I helped write this many moons ago: http://old-en.opensuse.org/How_to_share_directories_between_groups_of_users_... I assume it still works. If you need help understanding it, just let me know. Now if some kind soul would move those to the new Wiki and test them with a recent release, even better. Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tuesday 14 February 2012 20:31:01 lynn wrote:
Hi I want all files created or copied to a directory become rw for all group members.
I have a directory e.g. chmod g+rws /home/dropbox
gives me: d-wxrws--x 2 root suseusers 4096 Feb 14 20:16 dropbox
The sgid bit sets the ownership of the created files to group that owns the directory, not the permissions
but I want it: -rw-rw---- 1 steve6 suseusers 0 Feb 14 20:23 hola
setfacl -d -m g::rw /home/dropbox Anders -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 14/02/12 20:55, Anders Johansson wrote:
On Tuesday 14 February 2012 20:31:01 lynn wrote:
Hi I want all files created or copied to a directory become rw for all group members.
I have a directory e.g. chmod g+rws /home/dropbox
gives me: d-wxrws--x 2 root suseusers 4096 Feb 14 20:16 dropbox The sgid bit sets the ownership of the created files to group that owns the directory, not the permissions
but I want it: -rw-rw---- 1 steve6 suseusers 0 Feb 14 20:23 hola setfacl -d -m g::rw /home/dropbox
Anders
OMG That _is_ magic. I'm going to look into the acl stuff. Despite the fear of hijacking my own thread, I'll drop a hint to another thread I have open where I'm comparing nfs rw speeds to folders like this one, and to your own home folder. The latter is faster than the former. I think that the group rw has something to do with this. But that's the other thread. Can I ask a few more things on this one? I'm getting rwx's I've never seen before. Here, two users from the suseusers group have echoed a file to the folder: hh3:/home/dropbox # ls -la total 24 d-wxrws--x+ 2 root suseusers 4096 Feb 14 23:00 . drwxr-xr-x 5 root root 4096 Feb 14 19:55 .. --w-r----- 1 lynn2 suseusers 2 Feb 14 22:56 h --w-rw---- 1 steve6 suseusers 6 Feb 14 23:06 hello --w-rw---- 1 lynn2 suseusers 30 Feb 14 23:01 hola Can I assume: 1. setfacl applies only to newly copied or created files 2. The file h was created before the setfacl 3. The setfacl command was issued at 11pm 4. root created the dropbox folder at 7:55 pm 5. There is no way of knowing when the chmod g+rws command was issued 6. The permissions work but are not as they are supposed to be due to the chmod in 5 7. The owner of hola is irrelevant as to its rw permissions 8. steve6 cannot edit h Questions: how would I chmod h to take on --w-rw---- Thanks for your help and patience. L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Wednesday 15 February 2012 00:08:39 lynn wrote:
Can I ask a few more things on this one?
I'm getting rwx's I've never seen before. Here, two users from the suseusers group have echoed a file to the folder:
hh3:/home/dropbox # ls -la total 24 d-wxrws--x+ 2 root suseusers 4096 Feb 14 23:00 . drwxr-xr-x 5 root root 4096 Feb 14 19:55 .. --w-r----- 1 lynn2 suseusers 2 Feb 14 22:56 h --w-rw---- 1 steve6 suseusers 6 Feb 14 23:06 hello --w-rw---- 1 lynn2 suseusers 30 Feb 14 23:01 hola
Can I assume: 1. setfacl applies only to newly copied or created files
Yes.
2. The file h was created before the setfacl
Probably
3. The setfacl command was issued at 11pm
Well, the last change to the directory was at 11pm. That could have been the setfacl, or it could have been that a file in the directory was last created at that time. When you create a new file in the directory, the directory gets updated and its timestamp changes
4. root created the dropbox folder at 7:55 pm
7:55pm was the last time the /home directory was changed. If creating /home/dropbox was the last thing you did there, then yes
5. There is no way of knowing when the chmod g+rws command was issued
correct
6. The permissions work but are not as they are supposed to be due to the chmod in 5
Yes, it looks like the user default acl is wrong because the directory doesn't have read rights for the user. You should do chmod u+r /home/dropbox setfacl -d -m u::rwx /home/dropbox unless of course you really want the permissions to be the way they are, and that users can't read their own files, only write to them
7. The owner of hola is irrelevant as to its rw permissions
correct
8. steve6 cannot edit h
correct
Questions: how would I chmod h to take on --w-rw----
You actually want it to be write-only for the user? If so, it should be "chmod 260 h" Anders -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 15/02/12 00:37, Anders Johansson wrote:
On Wednesday 15 February 2012 00:08:39 lynn wrote:
6. The permissions work but are not as they are supposed to be due to the chmod in 5 Yes, it looks like the user default acl is wrong because the directory doesn't have read rights for the user. You should do
chmod u+r /home/dropbox setfacl -d -m u::rwx /home/dropbox I got Permission denied when I tried to copy anything after that:-( Still having problems with it. I tried again. Can you have a look at this?
Terminal1: lynn@hh3:~> id uid=1002(lynn) gid=100(users) groups=100(users),33(video) lynn@hh3:~> su root Password: hh3:/home/lynn # id uid=0(root) gid=0(root) groups=0(root) hh3:/home/lynn # rm -r /home/dropbox hh3:/home/lynn # mkdir /home/dropbox hh3:/home/lynn # chown -R root:suseusers /home/dropbox/ hh3:/home/lynn # setfacl -d -m g::rwx /home/dropbox hh3:/home/lynn # chmod u+r /home/dropbox hh3:/home/lynn # setfacl -d -m u::rwx /home/dropbox Terminal2: lynn@hh3:~> id uid=1002(lynn) gid=100(users) groups=100(users),33(video) lynn@hh3:~> su lynn2 Password: Warning: Your password will expire in 41 days on Wed 28 Mar 2012 15:03:45 CEST lynn2@hh3:/home/lynn$ cd ../CACTUS/lynn2 lynn2@hh3:~$ id uid=3000054(lynn2) gid=3000028(suseusers) groups=3000028(suseusers) lynn2@hh3:~$ touch lynn2 lynn2@hh3:~$ cp lynn2 /home/dropbox cp: cannot create regular file `/home/dropbox/lynn2': Permission denied T1 hh3:/home/lynn # setfacl -d -m g::rwx /home/dropbox T2 lynn2@hh3:~$ cp lynn2 /home/dropbox cp: cannot create regular file `/home/dropbox/lynn2': Permission denied T1 hh3:/home/lynn # chmod g+rws /home/dropbox T2 lynn2@hh3:~$ ls -la /home/dropbox/ total 8 drwxrwsr-x+ 2 root suseusers 4096 Feb 15 15:32 . drwxr-xr-x 6 root root 4096 Feb 15 15:22 .. -rw-r--r-- 1 lynn2 suseusers 0 Feb 15 15:32 lynn2 lynn2@hh3:~$ touch /home/dropbox/lynn2_1 lynn2@hh3:~$ ls -la /home/dropbox/ total 8 drwxrwsr-x+ 2 root suseusers 4096 Feb 15 15:33 . drwxr-xr-x 6 root root 4096 Feb 15 15:22 .. -rw-r--r-- 1 lynn2 suseusers 0 Feb 15 15:32 lynn2 -rw-rw-r-- 1 lynn2 suseusers 0 Feb 15 15:33 lynn2_1 lynn2@hh3:~$ su steve4 Password: Warning: Your password will expire in 41 days on Tue 27 Mar 2012 17:27:54 CEST steve4@hh3:/home/CACTUS/lynn2> id uid=3000053(steve4) gid=3000028(suseusers) groups=3000028(suseusers) steve4@hh3:/home/CACTUS/lynn2> cp /home/dropbox/lynn2 /home/dropbox/lynn2.steve4 steve4@hh3:/home/CACTUS/lynn2> ls -la /home/dropbox/ total 8 drwxrwsr-x+ 2 root suseusers 4096 Feb 15 15:35 . drwxr-xr-x 6 root root 4096 Feb 15 15:22 .. -rw-r--r-- 1 lynn2 suseusers 0 Feb 15 15:32 lynn2 -rw-rw-r-- 1 lynn2 suseusers 0 Feb 15 15:33 lynn2_1 -rw-r--r-- 1 steve4 suseusers 0 Feb 15 15:35 lynn2.steve4 steve4@hh3:/home/CACTUS/lynn2> touch /home/dropbox/steve4 steve4@hh3:/home/CACTUS/lynn2> ls -la /home/dropbox/ total 8 drwxrwsr-x+ 2 root suseusers 4096 Feb 15 15:36 . drwxr-xr-x 6 root root 4096 Feb 15 15:22 .. -rw-r--r-- 1 lynn2 suseusers 0 Feb 15 15:32 lynn2 -rw-rw-r-- 1 lynn2 suseusers 0 Feb 15 15:33 lynn2_1 -rw-r--r-- 1 steve4 suseusers 0 Feb 15 15:35 lynn2.steve4 -rw-rw-r-- 1 steve4 suseusers 0 Feb 15 15:36 steve4 Conclusion: If I create a file under /home/dropbox I get -rw-rw-r-- If I copy a file crated in my home folder to /home/dropbox I get -rw-r--r-- Question: Can I have -rw-rw---- no matter whether I create or copy? Thanks for the answers to the other stuff. L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 02/15/2012 12:37 AM, Anders Johansson wrote:
On Wednesday 15 February 2012 00:08:39 lynn wrote:
Can I ask a few more things on this one?
I'm getting rwx's I've never seen before. Here, two users from the suseusers group have echoed a file to the folder:
hh3:/home/dropbox # ls -la total 24 d-wxrws--x+ 2 root suseusers 4096 Feb 14 23:00 . drwxr-xr-x 5 root root 4096 Feb 14 19:55 .. --w-r----- 1 lynn2 suseusers 2 Feb 14 22:56 h --w-rw---- 1 steve6 suseusers 6 Feb 14 23:06 hello --w-rw---- 1 lynn2 suseusers 30 Feb 14 23:01 hola
Can I assume: 1. setfacl applies only to newly copied or created files Yes.
Hi again. Sorry to bump this but we still can't fully resolve this permissions, ownership access stuff. We have workarounds but can't find a definitive yes/no you can/can't do it answer. I got together with our AD admin to try to make some common ground out of our octal permissions, ownerships and setfacl's and their ntacls. We documented it here: http://linuxcostablanca.blogspot.com/2012/02/samba4-shares.html The ntacl seems to handle stuff differently. A domain user creating a file in a Samba share from windows creates a file which appears as rw r under Linux but is effectively rw rw since all members of the group are able to edit it from both Linux and windows. On Linux, newly created files appear rw rw for the user and behave rw rw for group members on windows but rw r for group members under Linux. Ahhgghh!! There are some bits that windows is setting which seem to be invisible to openSUSE. Could NFS have anything to do with this? Thanks from Lynn and Steve@lcb -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 15/02/12 00:37, Anders Johansson wrote:
On Wednesday 15 February 2012 00:08:39 lynn wrote:
hh3:/home/dropbox # ls -la total 24 d-wxrws--x+ 2 root suseusers 4096 Feb 14 23:00 . drwxr-xr-x 5 root root 4096 Feb 14 19:55 .. --w-r----- 1 lynn2 suseusers 2 Feb 14 22:56 h --w-rw---- 1 steve6 suseusers 6 Feb 14 23:06 hello --w-rw---- 1 lynn2 suseusers 30 Feb 14 23:01 hola
Can I assume: 1. setfacl applies only to newly copied or created files
Time for the big hammer: #!/bin/sh while true; do $(chmod -R 660 /home/dropbox/*); sleep 4; done The share is on a nfs4 filesystem. Is there any chance of getting posix <--> nfs4 acl mapping? Thanks, L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2012/02/14 14:31 (GMT-0500) lynn composed:
I want all files created or copied to a directory become rw for all group members.
I have a directory e.g. chmod g+rws /home/dropbox
gives me: d-wxrws--x 2 root suseusers 4096 Feb 14 20:16 dropbox
However, if a user in the suseusers group copies or creates a file there it is: -rw-r--r-- 1 steve6 suseusers 0 Feb 14 20:23 hola
but I want it: -rw-rw---- 1 steve6 suseusers 0 Feb 14 20:23 hola
Can it be done?
Back in the '80's on Xenix I discovered how to avoid the need to have a directory need non-default permissions: # /etc/profile.local umask 002 It's what I still do. Why distros expected to be used mostly as single user and/or mini LAN hosts don't set the default umask to 002 I don't understand. -- "The wise are known for their understanding, and pleasant words are persuasive." Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (4)
-
Anders Johansson -
Felix Miata -
Greg Freemyer -
lynn