On 17/03/2016 19:19, hw wrote: > > Hi, > > how can I make it so that multiple users on a system who create > files in a local, shared directory do have write access to files > created by other users within the shared directory? > > The directory is group-writeable, and the users belong to the group > which owns the directory. This enables them to create files within > the shared directory, yet the files they create belong to the user > who created it, and other users cannot modify them. The sticky bit > is set so that the files are owned by user:common-group. > > I would like to avoid changing the umask. If that cannot be avoided, > how do I change it? Users log in through x2goclient, and fvwm is > being executed on login. >
Ooooooh, that's a horrible one, with no really obvious answer. First, you cannot do it with just regular Unix permissions. umask is just not viable either, as a) it's global and affects all files a user creates and b) by definition umask is modifiable by the user (it's a feature to help users out so they don't need to chmod every file every time) and c) you can't stop them doing it (by design). There is a way to do it with Posix ACLs, I figured it out once. It was ugly. It was horrible. It was impossible to describe to someone else. And it was invisible (you had to spot the tiny "+" in ls -al and know what it means to know to look further. The simplest way is to run chown -R g+w dir in a cron every few minutes. This works but it's inelegant. The best solution I have found yet is to use the inotify feature in the kernel. It's an event framework and really neat: tell the kernel to generate an event every time something specific happens on the filesystem, and write a small listener that run chmod. There are many examples in the man pages. In your case, the area to monitor is the shared directory itself, and the event to register is on_file_create and on_file_modify. The listener is a small script that launches chmod g+w Do read the man pages thoroughly, the above will become clearer. inotify is an amazing tool, I wish it were more in common use. -- Alan McKinnon alan.mckin...@gmail.com
