On Sun, Jan 29, 2006 at 11:10:33AM +1100, Jonathan Wheelhouse wrote: > >Got a question re UNIX permissions: I've got a directory, photos, in my >home directory, that I want the wife and kids to put digital photos. > >I created a group, photo, and put them all in it. I changed the group >on the directory to be photo. I set the sgid bit on the directory so >that files created in the directory will have that group. I set the >restricted deletion flag on the directory so that people can only >delete their own files not those of others. > >Now the problem is that if people create sub-directories in this >directory and then populate that sub-directory with photos only they >have access to those photos. How can I make it so that even if they >create sub-directories the files in the sub-directory have their group >set to photo? I'm not sure I understand you, I was under the impression that subdirs created under a dir with sgid bit set would inherit the group with the sgid bit set: % mkdir test drwxr-xr-x 3 magnus magnus 4096 2006-01-29 00:58 test % sudo chgrp users test % sudo chmod g+s test % ls -ld test drwxr-sr-x 3 magnus users 4096 2006-01-29 00:58 test % cd test % touch hello % mkdir dir % ls -l drwxr-sr-x 2 magnus users 4096 2006-01-29 00:58 dir -rw-r--r-- 1 magnus users 0 2006-01-29 00:58 hello Anything more complicated you might need can probably be solved using ACLs (e.g. if users use different umasks). /M -- Magnus Therning (OpenPGP: 0xAB4DFBA4) magnus@therning.org http://therning.org/magnus Software is not manufactured, it is something you write and publish. Keep Europe free from software patents, we do not want censorship by patent law on written works. Good powers of observation are frequently called "cynicism" by those that don't have them.
Attachment:
pgpH8jlMdKZKG.pgp
Description: PGP signature