[opensuse] Re: Wanna umask inhereted from parent directory
![](https://seccdn.libravatar.org/avatar/9b3c3a790b500cdb2bbfe34f8db0e867.jpg?s=120&d=mm&r=g)
Fajar Priyanto wrote:
Do you know where I can set the umask globally in Suse?
For all users: create /etc/profile.local with the umask command. For a group of users: Place it in their ~/.profile.
However, I don't think setting up the umask globally would be "as safe as" in RH, because Suse doesn't use the concept of UPG (user private group). So, if I set the umask globally, then it means every user can access those files and directory in the "test" directory.
Yes, that's right. This setting is only sensible if you don't use "users" as the group for these accounts, but a specific (different) group.
You mean ACL as in "extended ACL" from setfacl?
Yep. As an example, I use the following ACL setting on a SVN repository directory to ensure that www-data has always read access and group texcatal has write access, on newly created files in that directory tree: comedy:~ # getfacl /home/ctan/texcatalogue_svn getfacl: Removing leading '/' from absolute path names # file: home/ctan/texcatalogue_svn # owner: ftpmaint # group: server user::rwx user:www-data:r-x group::r-x group:texcatal:rwx mask::rwx other::--- default:user::rwx default:user:www-data:r-x default:group::r-x default:group:texcatal:rwx default:mask::rwx default:other::--- (Btw, this is the SVN repository that drives the TeX-Catalogue, at http://www.ctan.org/tex-archive/help/Catalogue/catalogue.html.)
I think I can try "create" the UPG situation like in RH, but it means I have to "remove" all related users from the 'user' group. Not practical.
Then ACL might be the way to go.
Or, after some browsing on /etc/apparmor directory, I think it's possible to set the umask for the 'test' directory and files.
Sorry, can't help with AppArmor; I don't use it. Joachim -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod Email: jschrod@acm.org Roedermark, Germany -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (1)
-
Joachim Schrod