Re: Sharing a directory

To: debian-user@lists.debian.org
Subject: Re: Sharing a directory
From: Magnus Therning <magnus@therning.org>
Date: Sun, 29 Jan 2006 11:39:13 +0000
Message-id: <[🔎] 20060129113913.GB8021@die.therning.org>
In-reply-to: <[🔎] 1138498954.3998.21.camel@prometheus.martinoconnor.com>
References: <[🔎] 87lkwz99mu.fsf@exemail.com.au> <[🔎] 20060129010305.GB16507@die.therning.org> <[🔎] 1138498954.3998.21.camel@prometheus.martinoconnor.com>

On Sun, Jan 29, 2006 at 01:42:34AM +0000, Martin OConnor wrote:
>On Sun, 2006-01-29 at 01:03 +0000, Magnus Therning wrote:
>> On Sun, Jan 29, 2006 at 11:10:33AM +1100, Jonathan Wheelhouse wrote:
>> >
>> >Got a question re UNIX permissions: I've got a directory, photos, in my
>> >home directory, that I want the wife and kids to put digital photos.
>> >
>> >I created a group, photo, and put them all in it.  I changed the group
>> >on the directory to be photo.  I set the sgid bit on the directory so
>> >that files created in the directory will have that group.  I set the
>> >restricted deletion flag on the directory so that people can only
>> >delete their own files not those of others.
>> >
>> >Now the problem is that if people create sub-directories in this
>> >directory and then populate that sub-directory with photos only they
>> >have access to those photos.  How can I make it so that even if they
>> >create sub-directories the files in the sub-directory have their group
>> >set to photo?
>> 
>> I'm not sure I understand you, I was under the impression that subdirs
>> created under a dir with sgid bit set would inherit the group with the
>> sgid bit set:
>> 
>>  % mkdir test
>>  drwxr-xr-x 3 magnus magnus 4096 2006-01-29 00:58 test
>>  % sudo chgrp users test
>>  % sudo chmod g+s test
>>  % ls -ld test
>>  drwxr-sr-x 3 magnus users 4096 2006-01-29 00:58 test
>>  % cd test
>>  % touch hello
>>  % mkdir dir
>>  % ls -l
>>  drwxr-sr-x 2 magnus users 4096 2006-01-29 00:58 dir
>>  -rw-r--r-- 1 magnus users    0 2006-01-29 00:58 hello
>> 
>> Anything more complicated you might need can probably be solved using
>> ACLs (e.g. if users use different umasks).
>> 
>> /M
>> 
>You can use umask to change your users default file permissions. 
>If you put: umask 0022 
>in the .bashrc and .bash_profile, any new files and dirs will be group
>writable by default.
>The only problem with this is that it applies to *ALL* files that user
>creates, not just the files in the sgid directory.
>Hope this helps,

That's still depending on the user's discretion though, since they can
edit override any umask setting the administrator sets as default. IIRC
ACLs gives more power to the admin.

/M

-- 
Magnus Therning                    (OpenPGP: 0xAB4DFBA4)
magnus@therning.org
http://therning.org/magnus

Software is not manufactured, it is something you write and publish.
Keep Europe free from software patents, we do not want censorship
by patent law on written works.

Finagle's Second Law:
Always keep a record of data -- it indicates you've been working.

Attachment: pgpU9UJPmMX74.pgp
Description: PGP signature

Reply to:

References:
- Sharing a directory
  - From: Jonathan Wheelhouse <wheelhouse@exemail.com.au>
- Re: Sharing a directory
  - From: Magnus Therning <magnus@therning.org>
- Re: Sharing a directory
  - From: Martin OConnor <martinoc@gmail.com>

Prev by Date: Re: How to minimize /dev (using udev)?
Next by Date: Re: software RAID on mixed drive types (SATA/IDE)
Previous by thread: Re: Sharing a directory
Next by thread: Re: Sharing a directory
Index(es):
- Date
- Thread