[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: default file permissions



The real proper way to do this is to create your family-group (in fact the 
"users" group would suffice for this, just add both users to is (why is this 
not the default in debian?)

them create /home/shared-stuff

and set it 775 

chmod 775 /home/shared-stuff

then set the "group sticky bit" on the directory

chmod g+s /home/shared-stuff

and chown it to root.users

chown root.users /home/shared-stuff

now, people in the users group can create files in there, the default umask
will make them 644, but you can easily change that so that the umask is 664 if 
you really want.

But, it's important to note, that you could leave umask alone, and when there 
are files you WANT to share, you put them at 664 manually... chmod g+w file

Anyway, however you do it, the "sticky" bit on the directory makes the files 
end up owned by the group "users".  If you didn't have this files would be 
owned by your private group (the one named just like your username), and your 
wife wouldn't be able to access them.

Example:

users on my box:  echo and froddie.

ringo:/home# ls -adl shared-stuff
drwxrwsr-x    2 root     users        4096 May  9 22:12 shared-stuff

See the sticky bit? (the s)

echo@ringo:/home/shared-stuff$ ls -al
total 8
drwxrwsr-x    2 root     users        4096 May  9 22:13 .
drwxrwsr-x   15 root     staff        4096 May  9 22:12 ..
-rw-rw-r--    1 froddie  users           0 May  9 22:13 bar
-rw-r--r--    1 echo     users           0 May  9 22:13 foo

I just touched two files in this dir. My umask is 022 (the default). As echo, 
I created foo. My wife can read it, but she can't modify it.

I logged in as my wife... and touched bar.  I did chmod g+w bar.

Now echo can access the file and read and write it.

You see how both files are owned by the group "users".

After changing the directory to not have the sticky bit.. and touchging a 
file.. I get this.

echo@ringo:/home/shared-stuff$ ls -al
total 8
drwxrwxr-x    2 root     users        4096 May  9 22:16 .
drwxrwsr-x   15 root     staff        4096 May  9 22:12 ..
-rw-rw-r--    1 froddie  users           0 May  9 22:13 bar
-rw-r--r--    1 echo     users           0 May  9 22:13 foo
-rw-r--r--    1 echo     echo            0 May  9 22:16 foobar

See how foobar is owned by echo.echo

The moral of this story:  Learn to use the group sticky bit  on directories :)



On Sunday 09 May 2004 9:26 pm, Silvan wrote:
> On Sunday 09 May 2004 02:53 pm, Ulrich Fürst wrote:
> > > Where is the file?  I don't run Mozilla, so I'm not familiar with that.
> > > Is it under /usr somewhere, or what?
> >
> > It's under /home/.mozilla/ ...
> > In this directory and in subdirectories mozilla stores it's settings
> > and the mails and so on.
>
> OK, let's back up again.  I'm still not completely clear what you have
> here. I think you have
>
> /home/you
> /home/your-wife
>
> Then you are trying to share files between each other by configuring
> various things to write directly to /home instead of /home/you or
> /home/your-wife
>
> Is that right?
>
> If so, that's very strange.  How do you even have write permission on
> /home? What is the permission on that directory?  It's supposed to be 755,
> and individual users are not supposed to be able to write to /home directly
> anyway.  I presume you've changed this.
>
> I guess you can do it that way if you insist, but it seems messy and
> difficult to manage safely.  Why not create a shared directory for the two
> of you with 775 permissions?
>
> Other posts that I missed previously already explained about setting your
> umask in various places.  With the right umask (0000 would work, or you
> could be more restrictive), and a directory you can both access it should
> be possible to do what you want.
>
> Something like this:
>
> [root@your-box] /home
> ->mkdir shared-directory-demo
> [root@your-box] /home
> ->chmod 755 shared-directory-demo
> [root@your-box] /home
> ->chown root:your-family-group shared-directory-demo
> [root@your-box] /home
> ->ls -ld shared-directory-demo/
> drwxrwxr-x    2 root     your-family-group     4096 May  9 21:04
> shared-directory-demo//
> [root@your-box] /home
> ->cd shared-directory-demo/
> [root@your-box] /home/shared-directory-demo
> ->su you
> [you@your-box] /home/shared-directory-demo
> ->umask 0000
> [you@your-box] /home/shared-directory-demo
> ->touch foo
> [you@your-box] /home/shared-directory-demo
> ->ls -l foo
> -rw-rw-rw-    1 you   you          0 May  9 21:04 foo
> [you@your-box] /home/shared-directory-demo
> ->cd ..
> [you@your-box] /home
> ->exit
> exit
> [root@your-box] /home/shared-directory-demo
> ->su your-wife
> [your-wife@your-box] /home/shared-directory-demo
> ->umask 0000
> [your-wife@your-box] /home/shared-directory-demo
> ->touch foo
> [your-wife@your-box] /home/shared-directory-demo
> ->ls -l foo
> -rw-rw-rw-    1 you   you          0 May  9 21:05 foo
>
> You've made a directory, chowned it to your-family-group, set it to 775 so
> the group can write there.  Then when you set your umask to 0 and create a
> file, your wife can then modify the same file, even though you still own
> it.
>
> This seems like what you want.  It would probably be better to use a umask
> of 0007 instead, so you still have *some* control.  (I should have used
> that in the above example, but I'm too lazy to go back and re-do it.  :)
>
> Anyway, is this even helpful, or are you trying to do something I still
> don't quite understand?

Attachment: pgpS5ChfMcTP5.pgp
Description: signature


Reply to: