Re: Umask 002 policy
On (23/12/04 09:51), Cameron Hutchison wrote:
> > On (22/12/04 20:19), Juhasz Sandor wrote:
> > >
> > > I have to implement default umask 002 for my users on my Debian server.
> > > I use KDM login. I searched the net, and I found tips only on setting umask
> > > on console, and on terminal emulators. (The standard /etc/profile,
> > > ~/.bashrc, /etc/bash.bashrc way.) Any program started from X window manager
> > > (for example K menu), has the original 022 umask. How can I solve this
> > > problem?
> Have a look at the package libpam-umask. I haven't used it, but it looks
> like what you want. It hooks into PAM, so that when users are
> authenticated for login, their umask is set to what you want.
> > > Some words about my server filesystem: I have some directories (teachers,
> > > classA, classB, etc) in my /export directory, which are only readable and
> > > writable by the groups with the same name. These groups have to be able to
> > > read, and edit each other's files. I decided to make this role with
> > > umask 002
> > > and private groups for every user (for their home directory). Is this the
> > > common way to solve this situation? If not, please help me.
> The is common, with the addition of setgid directories (chmod g+s
> dirname). Files created in a directory with the set-group-id bit set
> will take the group from the parent directory.
> Clive Menzies replied...
> > For existing directories: $ chmod -R 775 should do the trick
> bad idea. That will change all files to mode 775 as well. You only want
> directories. Plus you want the directories to have a mode of 2775 (or
> 2770 depending on permissions for others).
I've never really understood what the first digit does <shame-faced> but
having reread the chmod manpage it falls into place ....almost. Setting
the group ID at 2, means any file or directory created by someone in 'group'
will apply the same attributes?
> To prepare a directory hierarchy for group use, I do the following:
> # chgrp -R $group $dir
> # find $dir -type d -print0 | xargs -0 chmod 2770
> (I usually use mode 2775, but I think you wanted 2770 from your
> # find $dir -type f -print0 | xargs -0 chmod 660
> (likewise, I usually use mode 664...)
Very useful ;)
...strategies for business