Rob Hudson wrote,
>How do I set up a directory so that any new files created in its
>subdirectories maintain the group and group write permissions?
>
>For example: There's a shared folder on a server and a group of users
>create and edit files in that folder. We want those new files to be
>editable by all users in the same group. By default, new files are
>created with the user's default user and group making them non-editable
>by others in the group.
Make sure the directory is owned by the desired group, and then turn on its
set-group-id bit:
chgrp groupname dirname
chmod g+s dirname
Henceforth, any new files created in that directory will be owned by the
group that owns the directory. Additionally, any new subdirectories you
create in that directory will also have their set-group-id bits turned on
automatically, so it works recursively.
Of course you'll need to make sure the directory is fully accessible by
its group ("chmod g+sa dirname").
This makes sure files in the directory are owned by the right group, but
it doesn't ensure that the permissions will be right. You'll have to
admonish your users to be careful about setting the right permissions..if
the use a umask whose middle digit is 0 (e.g. "umask 007"), they'll
automatically create files that are group readable and writeable.
If you have persistant problems with users not leaving their files group
readable and writable, you might want to consider a crontab entry that
periodically sets the appropriate permissions, for example,
chmod -R g+u /path/to/dirname
On Linux, the set-group-id bit on directories works on every filesystem
that supports Unix-style file permissions. It doesn't work on filesystems
like (V)FAT that don't understand Unix file permissions.
If you're using ext2 or ext3, this behavior can be altered with mount
options. In the default state, or if you mount the filesystem with the
"nogrpid" or "sysvgroups" option, it works as described above. If you
mount the filesystem with the "grpid" or "bsdgroups" option, the
filesystem behaves as if all directories had their set-group-id bits
permanently turned on.
- Neil Parker
_______________________________________________
EUGLUG mailing list
euglug@euglug.org
http://www.euglug.org/mailman/listinfo/euglug
