Hello, Am Montag, 9. Januar 2006 12:55 schrieb Alex Hargrove: [...]
Suppose you have a directory structure which is shared by a group of users. There, for the directories, the group-s-bit is set, making sure that anything created there belongs to the same group as the directory wherein it's created. Now if something is created there, you want the group-write-bit set, so the rest of the group can change it. So you set umask to something very open, giving automatical write access to the group.
So far, everything is fine. But, if you are lazy, you leave that umask active even when working in other directories.
If you are really lazy *and* want to have a secure solution, - don't change you umask - use a default ACL for the directory that sets group write permissions setfacl -d -m mask:007 /path/to/directory is all you need. [1] Regards, Christian Boltz [1] Well, if subdirectories already exist, you have to call setfacl on them too. -- http://3d-crew.com "Die Tastatur finden Sie, indem Sie das Kabel verfolgen, das mit einem 5poligen DIN-Stecker an der Rueckseite Ihres Rechners angebracht ist." aus der CrossPoint Hilfe