| sean finney on 13 Aug 2004 18:37:02 -0000 |
|
On Fri, Aug 13, 2004 at 11:32:40AM -0400, Dan Widyono wrote: > > I've tried both through SSH and through SFTP and I always get the same > > result. Anyone have any suggestions about what I might be missing? > > You're experiencing the drawback of that solution. ACL's will get you the > rest of the way. i for some reason mis-remembered that files would inherit the permissions from their parent directories, which apparently they don't. sorry about that. so, you could still use this method described, but you will need to change your umask settings. the security concerns that your colo admins brought up would still be relevent, though you could work around that if implemented user-private groups. that is, if every user has their own individual group assigned as their default group (ie: the default group owner of a file is this default group), then you could safely change the umask setting to 002, and the above scheme would work, since the files within the setgid directories would have the group write perms restricted to the directory's group owner. alternatively, you might want to look more into acl's, but this may or may not be feasible depending on the version of debian, your kernel, and what filesystems you're using. > I'm wondering (don't know) if Samba provides the appropriate "Default > permissions" settings? you can specify "create mask" and "directory mask" on a per-share basis, though i don't know if you can force a particular owner/group per-share. that might be enough though, because if the web shares are the setgid directories, the ownership would be properly inherited and the masks ought to take care of the permissions (though i haven't verified this myself) sean Attachment:
signature.asc
|
|