Fred Stluka on 6 May 2010 17:16:08 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] How to share write access to files via scp?...

  • From: Fred Stluka <>
  • To: "Philadelphia Linux User's Group Discussion List" <>
  • Subject: Re: [PLUG] How to share write access to files via scp?...
  • Date: Thu, 06 May 2010 20:16:03 -0400
  • Authentication-results: cm-omr4 smtp.user=fred; auth=pass (LOGIN)
  • Organization: Bristle Software, Inc.
  • Reply-to: Philadelphia Linux User's Group Discussion List <>
  • Sender:
  • User-agent: Thunderbird (Macintosh/20100228)

Linux gurus,

Thanks for all the great tips!

I used the sgid bit to inherit group, used ACLs to inherit
group permissions, and used a cron job to fix the permissions
mask that wouldn't inherit properly. 

Here's what I have and what I did.  Some minor nits, but it works
well enough for now.  Thanks!

  - Status:
    - Good:
      - Group inherits
      - Group permissions inherit
    - Bad:
      - When user creates file via scp, default is g-w, regardless of
        - Fixed by using default ACL.
      - Permissions "mask" does not inherit so it interferes w/group
        - Fix via cron job doing:  sudo setfacl -R -m mask:rwx /ebs/share
        - Not affected by umask on local computer or on server
      - When user overwrites file via scp, the owner doesn't change.
        - No solution?
      - Directories created recursively via scp do not inherit the g+s 
        - Fixed by using default ACL.

  - Technique to set it up:
    - Enable ACLs for the filesystem:
      - Edit /etc/fstab, changing line:
          /dev/sdf  /ebs  ext3  defaults  0  0
          /dev/sdf  /ebs  ext3  defaults,acl  0  0
        to support ACLs via setfacl and getfacl on the /ebs volume.
      - Re-boot to cause drive to be re-mounted using new /etc/fstab
        % shutdown -r now
    - Create a group of users
        % sudo groupadd team
        % sudo usermod -a -G team user1
        % sudo usermod -a -G team user2
        % sudo usermod -a -G team user3
        % sudo usermod -a -G team user4
    - Create a folder tree to be shared by the users
        % sudo mkdir      /ebs/share
        % sudo chmod 777  /ebs/share
        % sudo chgrp team /ebs/share
        % sudo chmod g+s  /ebs/share
        % sudo setfacl -m default:group::rwx,default:mask::rwx /ebs/share
        % sudo ln -s /ebs/share /share
    - Schedule frequent cron job to do:
        % sudo setfacl -R -m mask:rwx /ebs/share

Thanks for all the input! 

Any more suggestions for the remaining nits?  It would be nice to
get rid of the cron job, and to have the file owner change to show
the most recent writer.  Thanks!

Fred Stluka -- --
Bristle Software, Inc -- -- Glad to be of service!

Sean M. Collins wrote:
> On 5/4/10 10:43 PM, Fred Stluka wrote:
>> Can I set an ACL on a directory that will cause the files created
>> there via scp to inherit world- or group-write permissions?  Will
>> subdirectories inherit also, recursively? 
> If you set the "Default ACL" on the top-most directory everything will
> inherit ACL entries from it. I imagine your Default ACL could be as
> simple as an entry for a group that all users belong to, with the
> appropriate ACL verbs.
>> Will the file owner be
>> updated properly when scp overwrites a file?
> That would need to be handled by the SCP client. Standard procedure is
> to unlink() the old file and write() a new one.
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --