[PLUG] Setting directory permissions and umask

Stephen Gran on 20 Sep 2004 01:52:02 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] Setting directory permissions and umask

From: Stephen Gran <steve@lobefin.net>

To: PLUG <plug@lists.phillylinux.org>

Subject: [PLUG] Setting directory permissions and umask

Date: Sun, 19 Sep 2004 21:51:52 -0400

Mail-followup-to: PLUG <plug@lists.phillylinux.org>

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mutt/1.3.28i

Hello all, I think I am going to have to finally get into POSIX ACL's for this one, but I wanted to see if anyone has an easier solution before I go that route. Basically, I have a shared directory, where currently all members of a group have read access only. What I want to do is make the parent directory, containing all the files that are shared, setgid and group writable, so that people in this group can dump more files in there. The problem is that while I want them to be able to upload, I don't want them to be able to delete them. The best I can figure out is that while parent directory has to be group writeable, subdirectories should be only group readable, making them unlinkable because they would contain file that are only group readable, making unlink calls fail (I think). I know that if you have write permission to a directory, you can delete things in that directory, even when you don't have write permission to that file - what I'm not clear on is this: parent directory (mode 0770)(plus setgid, so I guess really 2770 or so?) sub directory (mode 0750) files (mode 0640) removal of sub directories and files should fail, since users won't have group write to subdirectory or files, right? Rough testing says yes, but I want to double check. So, if this is correct, I need to somehow set a umask on the parent directory to keep these permissions on creation of files, I think. Is there an easier way to do this than POSIX ACL's on linux? It looks like for this to work POSIX ACL's, I'm going to have to migrate to a 2.6 kernel, as well as do some other mucking around, so I was hoping for a solution that involved less overhaul of the system, just so four or five people didn't have to send me an email every week saying 'can you copy over X'. I know there is a system wide default umask (in fact the default of 022 would be almost perfect here - I just want 027), but I am hoping for something that could always apply to that directory, regardless of the user's umask, in case some user has a different set up in their ~/.bashrc or something. TIA, -- -------------------------------------------------------------------------- | Stephen Gran | "Jesus saves...but Gretzky gets the | | steve@lobefin.net | rebound!" -- Daniel Hinojosa | | http://www.lobefin.net/~steve | (hinojosa@hp-sdd) | --------------------------------------------------------------------------
Attachment: pgpB1XNfAPHB5.pgp
Description: PGP signature

Follow-Ups:

Re: [PLUG] Setting directory permissions and umask
From: Dan Widyono <dan@widyono.net>

Prev by Date: Re: [PLUG] Verizon DSL

Next by Date: [PLUG] [marsee@oreilly.com: Newsletter from O'Reilly UG Program, September 16]

Previous by thread: Re: [PLUG] content management systems

Next by thread: Re: [PLUG] Setting directory permissions and umask

Index(es):

Date

Thread