Re: [SLE] How can I do this?

• Previous message: C Hamel: "[SLE] HP locks every 2nd boot"
• In reply to: Chris Carlen: "Re: [SLE] How can I do this?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Tue, 07 Sep 2004 10:25:05 -0400
To: suse-linux-e@suse.com

Chris Carlen wrote:

<SNIP>

> Hi, thanks for the input.
>
> I'm not sure I follow you. I tried this, and the results appear
> inconsistent with what I think you mean:
>
> user1@ngong:~/dir1> touch file1
> user1@ngong:~/dir1> l
> total 3
> drwxrwsr-x 2 user1 users 72 2004-09-06 19:13 ./
> drwxr-xr-x 71 user1 users 3240 2004-09-06 19:05 ../
> -rw-r--r-- 1 user1 users 0 2004-09-06 19:13 file1
>
> Notice that the directory ./ (the current directory) has the group 's'
> permission set. But when I create a file in this directory, it
> doesn't automatically get the group writable permission. Rather it
> gets the persmissions consistent with my umask of 022.
>
> Furthermore the man page for chmod indicates:
>
> STICKY DIRECTORIES
> When the sticky bit is set on a directory, files in that
> directory may be unlinked or renamed only by root or their
> owner. Without the sticky bit, anyone able to write to
> the directory can delete or rename files. The sticky bit
> is commonly found on directories, such as /tmp, that are
> world-writable.
>
> I don't think this is the thing we want to solve my problem.
>
> We really want some way of making the created files in a directory
> inherit the permissions of the directory, overriding the umask of the
> user.
>
> As some other respondents have suggested, access control lists might
> work, but this situation is complicated by the fact that the directory
> of interest is an NFS share. I'd have to experiment and see what
> happens. Still wishing for an easy answer...
>
>
> Good day!

The above isn't setting the sticky bit. That is setting the group id.
This would work if the umask was 002. The only downside I can see from
changing the default umask is the current permissions on the home
directories. That can easily be changed to 700. This is what I have done
and I have many shared directories working in the way you want both
through NFS and Samba as well as locally.

You can actually get pretty fancy with this setup. On one machine I have
a public folder that all users can write to. It contains a restricted
folder that everyone can read but only restricted can write. This folder
then contains the secret folder that only restricted users can enter.
This is then a single NFS and/or Samba share.

drwxrwsr-x 4 root restricted 4096 Sep 1 17:14 .
drwxrwsr-x 6 root users 4096 May 27 15:16 ..
-rw-rw-r-- 1 ben restricted 333831 Sep 1 16:54 logo1.eps
-rw-rw-r-- 1 ben restricted 111045 Sep 1 16:54 logo.eps
-rw-rw-r-- 1 louis restricted 10367748 Sep 1 17:11 logo.tiff
drwxrwsr-x 2 louis restricted 4096 May 27 15:09 New Folder
-rw-rw-r-- 1 ben restricted 13899 Sep 1 17:14 SCLogo.gif
drwxrws--- 2 louis restricted 4096 Sep 1 17:11 Secret

The above would be shared in Samba as:

[public]
        comment = Public Share
        path = /mnt/storage/public
        write list = @users
        inherit permissions = Yes
        map archive = No

The "inherit permissions" requires the "map archive = no" and is what
makes this work as expected.

I would still prefer to use the inherited permissions available through
ACLs though.

HTH,
Louis

-- 
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@suse.com

• Previous message: C Hamel: "[SLE] HP locks every 2nd boot"
• In reply to: Chris Carlen: "Re: [SLE] How can I do this?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]