Re: default file permissions
Silvan schrieb: On Thursday 13 May 2004 12:18 pm, Ulrich Fürst wrote: You're right, thanks. I'll change to user instead of staff (of course I trust my wife but I'm not sure about myself ;-) ). No o.k. I just feel better I guess using a group that is made for it. Or make your own and set it up how you want. We have our own group. Group 700. Easy to set up, and that way no accidents, since you get to explicitly configure everything that's available to that particular group independent of package management. I took our last name for the group name. With a little incident. I forgot to change the owner of /home/ It stayed to staff. So KDE couldn't start, because it had no write access to the home directory ;-) read you, Ulrich P.S. of course I changed the owner of /home/ and subdirectories allready.
Re: default file permissions
Nathaniel W. Turner schrieb: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Monday 10 May 2004 11:48 am, Birgit und Ulrich Fürst wrote: By the way. Is it bad to use staff instead of user as group? I didn't find any system files using staff. FWIW, The staff group has write access to everything under /usr/local. As /usr/local/bin is in everyone's path by default, only trusted users should be put in the staff group. You're right, thanks. I'll change to user instead of staff (of course I trust my wife but I'm not sure about myself ;-) ). No o.k. I just feel better I guess using a group that is made for it. Thank you Ulrich
Re: default file permissions
On Thursday 13 May 2004 12:18 pm, Ulrich Fürst wrote: You're right, thanks. I'll change to user instead of staff (of course I trust my wife but I'm not sure about myself ;-) ). No o.k. I just feel better I guess using a group that is made for it. Or make your own and set it up how you want. We have our own group. Group 700. Easy to set up, and that way no accidents, since you get to explicitly configure everything that's available to that particular group independent of package management. -- Michael McIntyre Silvan [EMAIL PROTECTED] Linux fanatic, and certified Geek; registered Linux user #243621 http://www.geocities.com/Paris/Rue/5407/
Re: default file permissions
On Tuesday 11 May 2004 08:13 am, Bart Dorsey wrote: On Monday 10 May 2004 11:17 am, Antonio Rodriguez wrote: do with the sticky bit, about which I wouldn't mind reading. It seems that in most references that I have seen they don't talk about it much. Okay, here goes ;) you asked for it ;) Since he asked for it, and since I think I'm the last person on earth who still has a copy of my hacked ls, I will present the ultimate completely useless list of every combination from to Nah, nevermind. That's a 268K file. Ouch! :) But just to prove what a dork I am: $touch glee;for ((a=0;a=7;++a));do for ((b=0;b=7;++b));do for ((c=0;c=7; ++c));do for ((d=0;d=7;++d));do chmod $a$b$c$d glee;ls -O glee;done;done;done;done foo $tail foo 7766 -rwsrwSrwT1 silvan silvan 0 May 12 02:53 glee 7767 -rwsrwSrwt1 silvan silvan 0 May 12 02:53 glee 7770 -rwsrws--T1 silvan silvan 0 May 12 02:53 glee 7771 -rwsrws--t1 silvan silvan 0 May 12 02:53 glee 7772 -rwsrws-wT1 silvan silvan 0 May 12 02:53 glee 7773 -rwsrws-wt1 silvan silvan 0 May 12 02:53 glee 7774 -rwsrwsr-T1 silvan silvan 0 May 12 02:53 glee 7775 -rwsrwsr-t1 silvan silvan 0 May 12 02:53 glee 7776 -rwsrwsrwT1 silvan silvan 0 May 12 02:53 glee -rwsrwsrwt1 silvan silvan 0 May 12 02:53 glee (I hate it that GNU rejected my patch. I think ls -O is indispensably handy. It's not worth forking whatever superpackage fileutils became though.) -- Michael McIntyre Silvan [EMAIL PROTECTED] Linux fanatic, and certified Geek; registered Linux user #243621 http://www.geocities.com/Paris/Rue/5407/
Re: default file permissions
On Monday 10 May 2004 12:06 pm, Antiphon wrote: If I get it right 0007 would lead to denie access to anyone not beeing user or in the group of the file, and giving full access to the file for user and group? That would be what I want! No. 0007 means that anyone can write to it who is not a member of your group and who doesn't own the file. It sounds like you want 0070 instead The numbers are (special-user-group-other) No, we were talking about umasks here, not permissions. -- Michael McIntyre Silvan [EMAIL PROTECTED] Linux fanatic, and certified Geek; registered Linux user #243621 http://www.geocities.com/Paris/Rue/5407/
Re: default file permissions
On Monday 10 May 2004 11:17 am, Antonio Rodriguez wrote: Would some explain further the 4 number system? More exactly, the last three numbers are clear, they are explained everywhere, but the first one, refering to special, is not explained anywhere that I know. I will be happy to read about it. I imagine that the first digit has to do with the sticky bit, about which I wouldn't mind reading. It seems that in most references that I have seen they don't talk about it much. Okay, here goes ;) you asked for it ;) first off, binary imagine three three digit binary numbers in a row. 000 000 000 = rwx rwx rwx Let these represent the bits you are toggling then assign these places just like you would for decimal numbers. (in decimal you have 100's place, 10's place and 1's place... in binary however, you use powers of 2 not 10, so you get 4's place, 2's place and 1's place.) Each of these places can be assigned either a 0 or a 1. 421 421 421 = rwx rwx rwx so rw-rw-r-- would be 110 110 100 or... 4 + 2, and 4 + 2, and 4 or... 644. Since the maximum possible number is 7 and the minimum is 0, this means we are creating three octal numbers (octal meaning 8) other examples: rwxrwxrwx = 111 111 111 = 777 r--r--r-- = 100 100 100 = 444 rwxrwxr-x = 111 111 101 = 775 You should get the idea. BTW, the sticky bits are overlaid on top of these to create the extra digit... 4 2 1 rwx rwx rwx so group sticky would be 2777 in this example... and it prints as rwx rws rwx Thank you all. pgpf3OvDGEcnN.pgp Description: signature
Re: default file permissions
On Tue, May 11, 2004 at 07:13:04AM -0500, Bart Dorsey wrote: Okay, here goes ;) you asked for it ;) Thank you first off, binary snip You should get the idea. Beautiful up to here. All is clear. BTW, the sticky bits are overlaid on top of these to create the extra digit... 4 2 1 rwx rwx rwx can you be more explicit? so group sticky would be 2777 in this example... and it prints as rwx rws rwx Very unclear. Thank you for allowing me to (ab)use your good disposition.
Re: default file permissions
On Tuesday 11 May 2004 9:11 am, Antonio Rodriguez wrote: BTW, the sticky bits are overlaid on top of these to create the extra digit... 4 2 1 rwx rwx rwx can you be more explicit? Sure, I'll try the first rwx is the 4's place, the second rwx is the 2's place, and the third rwx is the 1's place... it's another 3 digit binary number overlaid on TOP of the exisiting permissions. so, group sticky would be. 0 1 0 which gives us a 2. user sticky would be a 1 0 0 or, 4, this is mostly used to make stuff run setuid by another user (usually root) and other sticky (used by the /tmp directory..shows up as a t in the permissions list) would be 0 0 1 or 1 rwsrwsrwt would be what it would look like at I hope that makes more sense. so group sticky would be 2777 in this example... and it prints as rwx rws rwx Very unclear. Thank you for allowing me to (ab)use your good disposition.
Re: default file permissions
Bart Dorsey wrote: Maybe it would be somewhat easier to understand if you separated the numeric / octal (e.g., 2777) representation of the sticky bits from the alphabetic representation (e.g., rwsrwsrwt)? Attempting to do so: * In numeric representation, the sticky bits are represented by a 4th octal digit (e.g., 2777 vs. 777) (notice the extra octal digit is at the front) * In (the binary representation of) that octal digit, the first bit is for user, the second for group, and the last for world (IIUC) * In the alphabetic representation, a 4th group of three letters is *not* added, but instead the appropriate x is substituted by a t or s to indicate the bit is set, *and* * (IIRC) that t or s is uppercase or lowercase depending on whether the x bit for that group is set or not (and I don't recall whether uppercase or lowercase indicates the x bit is set, but I'd lean towards uppercase). regards, Randy Kramer On Tuesday 11 May 2004 9:11 am, Antonio Rodriguez wrote: BTW, the sticky bits are overlaid on top of these to create the extra digit... 4 2 1 rwx rwx rwx can you be more explicit? Sure, I'll try the first rwx is the 4's place, the second rwx is the 2's place, and the third rwx is the 1's place... it's another 3 digit binary number overlaid on TOP of the exisiting permissions. so, group sticky would be. 0 1 0 which gives us a 2. user sticky would be a 1 0 0 or, 4, this is mostly used to make stuff run setuid by another user (usually root) and other sticky (used by the /tmp directory..shows up as a t in the permissions list) would be 0 0 1 or 1 rwsrwsrwt would be what it would look like at I hope that makes more sense. so group sticky would be 2777 in this example... and it prints as rwx rws rwx Very unclear. Thank you for allowing me to (ab)use your good disposition. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: default file permissions
Bart Dorsey schrieb: The real proper way to do this is to create your family-group (in fact the users group would suffice for this, just add both users to is (why is this not the default in debian?) them create /home/shared-stuff and set it 775 chmod 775 /home/shared-stuff then set the group sticky bit on the directory chmod g+s /home/shared-stuff and chown it to root.users chown root.users /home/shared-stuff That's nearly what I did first. Just nearly because the directory's owner is ulrich:staff (we're both in staff). But, it's important to note, that you could leave umask alone, and when there are files you WANT to share, you put them at 664 manually... chmod g+w file That's o.k. for normal files (text documents an so on) but with that I would have to run a script as root before running mozilla to change all the file created from mozilla (like the bookmarks.hmtl) to the next user. Mozilla sets some files to be only readable by the owner -rw---1 ulrich staff 86783 May 10 16:57 bookmarks.html When I start as user birgit it's the same. Except the owner changed to birgit and the file is empty (deleted and created new on startup of mozilla). The sticky bit doesn't change anything according this special behaviour of mozilla. Anyway, is this even helpful, or are you trying to do something I still don't quite understand It more seems that *I'm* just beginning to understand my real problem. (see above). I guess it's more an internal policy of mozilla and has less to do with kde, I fear. Ulrich
Re: default file permissions
Silvan schrieb: On Sunday 09 May 2004 02:53 pm, Ulrich Fürst wrote: Where is the file? I don't run Mozilla, so I'm not familiar with that. Is it under /usr somewhere, or what? It's under /home/.mozilla/ ... In this directory and in subdirectories mozilla stores it's settings and the mails and so on. OK, let's back up again. I'm still not completely clear what you have here. I think you have /home/you /home/your-wife Then you are trying to share files between each other by configuring various things to write directly to /home instead of /home/you or /home/your-wife Is that right? Completely. If so, that's very strange. How do you even have write permission on /home? What is the permission on that directory? It's supposed to be 755, and individual users are not supposed to be able to write to /home directly anyway. I presume you've changed this. I guess you can do it that way if you insist, but it seems messy and difficult to manage safely. Why not create a shared directory for the two of you with 775 permissions? Other posts that I missed previously already explained about setting your umask in various places. With the right umask ( would work, or you could be more restrictive), and a directory you can both access it should be possible to do what you want. drwxrwxr-- 10 root staff 4096 May 9 22:37 /home/ You've made a directory, chowned it to your-family-group, set it to 775 so the group can write there. Then when you set your umask to 0 and create a file, your wife can then modify the same file, even though you still own it. This seems like what you want. It would probably be better to use a umask of 0007 instead, so you still have *some* control. (I should have used that in the above example, but I'm too lazy to go back and re-do it. :) If I get it right 0007 would lead to denie access to anyone not beeing user or in the group of the file, and giving full access to the file for user and group? That would be what I want! Anyway, is this even helpful, or are you trying to do something I still don't quite understand? You could help me creating normal files with group read/write permissions
Re: default file permissions
I wrote: That's nearly what I did first. Just nearly because the directory's owner is ulrich:staff (we're both in staff). By the way. Is it bad to use staff instead of user as group? I didn't find any system files using staff. Ulrich
Re: default file permissions
On Mon, 10 May 2004 17:45:36 +0200, Ulrich Fürst [EMAIL PROTECTED] wrote: Silvan schrieb: This seems like what you want. It would probably be better to use a umask of 0007 instead, so you still have *some* control. (I should have used that in the above example, but I'm too lazy to go back and re-do it. :) If I get it right 0007 would lead to denie access to anyone not beeing user or in the group of the file, and giving full access to the file for user and group? That would be what I want! No. 0007 means that anyone can write to it who is not a member of your group and who doesn't own the file. It sounds like you want 0070 instead The numbers are (special-user-group-other)
Re: default file permissions
On Mon, May 10, 2004 at 12:06:42PM -0400, Antiphon wrote: On Mon, 10 May 2004 17:45:36 +0200, Ulrich Fürst [EMAIL PROTECTED] wrote: Silvan schrieb: This seems like what you want. It would probably be better to use a umask of 0007 instead, so you still have *some* control. (I should have used that in the above example, but I'm too lazy to go back and re-do it. :) If I get it right 0007 would lead to denie access to anyone not beeing user or in the group of the file, and giving full access to the file for user and group? That would be what I want! No. 0007 means that anyone can write to it who is not a member of your group and who doesn't own the file. It sounds like you want 0070 instead The numbers are (special-user-group-other) Would some explain further the 4 number system? More exactly, the last three numbers are clear, they are explained everywhere, but the first one, refering to special, is not explained anywhere that I know. I will be happy to read about it. I imagine that the first digit has to do with the sticky bit, about which I wouldn't mind reading. It seems that in most references that I have seen they don't talk about it much. Thank you all.
Re: default file permissions
Antonio Rodriguez schrieb: On Mon, May 10, 2004 at 12:06:42PM -0400, Antiphon wrote: On Mon, 10 May 2004 17:45:36 +0200, Ulrich Fürst [EMAIL PROTECTED] wrote: Silvan schrieb: This seems like what you want. It would probably be better to use a umask of 0007 instead, so you still have *some* control. (I should have used that in the above example, but I'm too lazy to go back and re-do it. :) If I get it right 0007 would lead to denie access to anyone not beeing user or in the group of the file, and giving full access to the file for user and group? That would be what I want! No. 0007 means that anyone can write to it who is not a member of your group and who doesn't own the file. It sounds like you want 0070 instead The numbers are (special-user-group-other) Would some explain further the 4 number system? More exactly, the last three numbers are clear, they are explained everywhere, but the first one, refering to special, is not explained anywhere that I know. I will be happy to read about it. I imagine that the first digit has to do with the sticky bit, about which I wouldn't mind reading. It seems that in most references that I have seen they don't talk about it much. Thank you all. It's kind of like the other bits setuid is 4000 setgit is 2000 stickky is 1000 Ulrich
Re: default file permissions
Antiphon schrieb: On Mon, 10 May 2004 17:45:36 +0200, Ulrich Fürst [EMAIL PROTECTED] wrote: Silvan schrieb: If I get it right 0007 would lead to denie access to anyone not beeing user or in the group of the file, and giving full access to the file for user and group? That would be what I want! No. 0007 means that anyone can write to it who is not a member of your group and who doesn't own the file. It sounds like you want 0070 instead The numbers are (special-user-group-other) Hmm. I thought the rights of a file is 0666 (for directories 0777) minus umask. So rw-rw would be 666 with umask 006 (o.k. not 7), that is 660? Ulrich
Re: default file permissions
On Mon, 10 May 2004 18:45:55 +0200, Ulrich Fürst [EMAIL PROTECTED] wrote: Antiphon schrieb: On Mon, 10 May 2004 17:45:36 +0200, Ulrich Fürst [EMAIL PROTECTED] wrote: Silvan schrieb: If I get it right 0007 would lead to denie access to anyone not beeing user or in the group of the file, and giving full access to the file for user and group? That would be what I want! No. 0007 means that anyone can write to it who is not a member of your group and who doesn't own the file. It sounds like you want 0070 instead The numbers are (special-user-group-other) Hmm. I thought the rights of a file is 0666 (for directories 0777) minus umask. So rw-rw would be 666 with umask 006 (o.k. not 7), that is 660? Ulrich The executable bit can be applied to files and directories alike since, in reality, a directory is merely just a kind of file. rw-rw would be 660 Of course, one needn't use the octal numbers all the time chmod ug+w would be the same thing as chmod 660. And to those who don't know, all advanced file managers like Konqueror, Rox, or Nautilus can manage these attributes for you.
Re: default file permissions
Antiphon schrieb: The executable bit can be applied to files and directories alike since, in reality, a directory is merely just a kind of file. rw-rw would be 660 So setting my umask to 006 would lead to let new files be 660, right? Ulrich
Re: default file permissions
On Monday 10 May 2004 02:01 pm, Ulrich Fürst wrote: Antiphon schrieb: The executable bit can be applied to files and directories alike since, in reality, a directory is merely just a kind of file. rw-rw would be 660 So setting my umask to 006 would lead to let new files be 660, right? Ulrich That should do the trick
Re: default file permissions
* Antiphon [Mon, 10 May 2004 20:23:02 -0400]: rw-rw would be 660 So setting my umask to 006 would lead to let new files be 660, right? That should do the trick sorry but nope. UMASK=006 would yield permissions rwxrwx--x (771). you need a little binary arithmetic to understand umasks. google should provide pages with detailed explanations of this. cu -- Adeodato Simó EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621 Create a system that is usable even by idiots, and only idiots will use it.
Re: default file permissions
Ulrich Fürst writes: Antiphon schrieb: The executable bit can be applied to files and directories alike since, in reality, a directory is merely just a kind of file. rw-rw would be 660 So setting my umask to 006 would lead to let new files be 660, right? UMASK(2) Linux Programmer's Manual UMASK(2) NAME umask - set file creation mask SYNOPSIS #include sys/types.h #include sys/stat.h mode_t umask(mode_t mask); DESCRIPTION umask sets the umask to mask 0777. The umask is used by open(2) to set initial file permissions on a newly-created file. Specifically, permissions in the umask are turned off from the mode argument to open(2) (so, for example, the common umask default value of 022 results in new files being created with per- missions 0666~022 = 0644 = rw-r--r-- in the usual case where the mode is specified as 0666). RETURN VALUE This system call always succeeds and the previous value of the mask is returned. CONFORMING TO SVr4, SVID, POSIX, X/OPEN, BSD 4.3 SEE ALSO creat(2), open(2) Linux 1998-08-09 UMASK(2) ;) cheers domi
Re: default file permissions
* Adeodato Simó [Tue, 11 May 2004 02:38:43 +0200]: * Antiphon [Mon, 10 May 2004 20:23:02 -0400]: rw-rw would be 660 So setting my umask to 006 would lead to let new files be 660, right? That should do the trick sorry but nope. UMASK=006 would yield permissions rwxrwx--x (771). you need a little binary arithmetic to understand umasks. google should provide pages with detailed explanations of this. *sigh* ok, that'd be for directories only. -- Adeodato Simó EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621 He who has not a good memory should never take upon himself the trade of lying. -- Michel de Montaigne
Re: default file permissions
Am Sonntag, 9. Mai 2004 11:10 schrieb Ulrich Fürst: I want to use the same mozilla-profile for different users. But every knew file gets the permission - r w - r - - r - - . So no other user can get write access. I found out that I should set the sgid/suid-bit for the directories but that doesn't help. Whenever I create a test-file with 'touch file' it has only write permissions for the user not for the group. look for umask. Maybe setting it to umask 002 in /etc/profile might help you. JT -- http://www.jtheuer.de mailto:mail(-)jtheuer.de gpg-fingerprint: C707 EE9A 5BC1 CA68 95E0 F665 A72F 4885 650A 7F6E
Re: default file permissions
* Jan Torben Heuer [Sun, 09 May 2004 14:57:25 +0200]: look for umask. Maybe setting it to umask 002 in /etc/profile might help you. If that doesn't work, try: # echo umask 002 /etc/X11/Xsession.d/95local-umask -- Adeodato Simó EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621 Man is certainly stark mad; he cannot make a flea, yet he makes gods by the dozens. -- Michel de Montaigne
Re: default file permissions
Jan Torben Heuer wrote: Am Sonntag, 9. Mai 2004 11:10 schrieb Ulrich Fürst: I want to use the same mozilla-profile for different users. But every knew file gets the permission - r w - r - - r - - . So no other user can get write access. I found out that I should set the sgid/suid-bit for the directories but that doesn't help. Whenever I create a test-file with 'touch file' it has only write permissions for the user not for the group. look for umask. Maybe setting it to umask 002 in /etc/profile might help you. umask was set to 022 but setting it to 002 either in /etc/profile or in the kde-console doesn't help for the konqueror or other programs but only for the kde-console. Ulrich
Re: default file permissions
Adeodato Simó wrote: * Jan Torben Heuer [Sun, 09 May 2004 14:57:25 +0200]: look for umask. Maybe setting it to umask 002 in /etc/profile might help you. If that doesn't work, try: # echo umask 002 /etc/X11/Xsession.d/95local-umask That only changes things for the kde-console, too. Ulrich
Re: default file permissions
* Ulrich Fürst [Sun, 09 May 2004 17:16:06 +0200]: Adeodato Simó wrote: If that doesn't work, try: # echo umask 002 /etc/X11/Xsession.d/95local-umask That only changes things for the kde-console, too. mmm, i hadn't tested. now i have and: - works in mozilla when saving a image or downloading a file - works in konqueror when downloading a file - works when running touch from kde (not bash): alt-f2 - touch /tmp/foo - DOES NOT WORK when creating or copying local files with konqueror googling for this should yield some kind of info. -- Adeodato Simó EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621 When the only tool you have is a hammer, every problem starts to look like a nail.
Re: default file permissions
On Sunday 09 May 2004 05:10 am, Ulrich Fürst wrote: I want to use the same mozilla-profile for different users. But every knew file gets the permission - r w - r - - r - - . So no other user can get write access. I found out that I should set Where is the file? I don't run Mozilla, so I'm not familiar with that. Is it under /usr somewhere, or what? I really don't quite understand what you're trying to do. If you're having problems like this, it seems the files must be in /usr or some other system directory. I can't begin to imagine why you yourself as your user need to be able to write to /usr, let alone share files there among all your other users. This smacks of being dangerous and poorly-conceived. I'm not going to tell you how to do what you want without first making sure you're not about to do something regretable. the sgid/suid-bit for the directories but that doesn't help. It wouldn't. Permissions on the directory have nothing to do with your umask. It sounds like your default umask for your users is 0027. This is a very sane and reasonable default. It means regular files will be created with 0640 (-rw-r-) permissions, and directories with 0750(drwxr-x---). You can change this if you *really* want to, but first I suggest you really think about what you want to do, and whether or not the way you're trying to do it is the safest way to get there. Can you better definethe problem in terms of specific files you want to be common among all your users? want ( - r w - r w - r - ) . How can I change this, not only for mozilla but for some other shared directories, too. That's what I'm really not getting. *What* shared directories? Is Mozilla some bizarre exception to the rule that individual user config files belong in ~ and systemwide defaults are immutable? If you yourself need to write to anything outside of /home/you to use Mozilla, something seems badly out of whack. It seems much more likely that a better approach to this would be to devise some way to keep dotfiles (such as maybe ~/.mozilla) between your users in sync with each other, which could possibly be accomplished with far less potential danger to the integrity of your system. Perhaps create a common user directory owned by your group, set with group rwx permissions, and create symlinks from individual user directories to the files contained in this common place. I suppose you'd still have to tweak your umask to make that useful, but it would be far less dangerous than giving everybody permission to write to certain files in, say, /usr somewhere. -- Michael McIntyre Silvan [EMAIL PROTECTED] Linux fanatic, and certified Geek; registered Linux user #243621 http://www.geocities.com/Paris/Rue/5407/
Re: default file permissions
Silvan wrote: On Sunday 09 May 2004 05:10 am, Ulrich Fürst wrote: I want to use the same mozilla-profile for different users. But every knew file gets the permission - r w - r - - r - - . So no other user can get write access. I found out that I should set Where is the file? I don't run Mozilla, so I'm not familiar with that. Is it under /usr somewhere, or what? It's under /home/.mozilla/ ... In this directory and in subdirectories mozilla stores it's settings and the mails and so on. /home is on another partition mounted according to fstab: /dev/hda5 /home ext3 defaults,auto,nosuid,nodev 0 3 I really don't quite understand what you're trying to do. If you're having problems like this, it seems the files must be in /usr or some other system directory. I can't begin to imagine why you yourself as your user need to be able to write to /usr, let alone share files there among all your other users. This smacks of being dangerous and poorly-conceived. I'm not going to tell you how to do what you want without first making sure you're not about to do something regretable. O.k.: I have three accounts on this desktop computer. The one for root, one for me and one for my wife. I wanted to seperate the account for my wife so she only has programs in the KDE-menue she will use. And she's only one desktop but I use multiple Desktops in KDE. That's why I seperated the accounts. But the problem I got with that is that we can't access files we're both working on. E.g. files in /home/Dokumente/ As far as I could see, you're solution lead to being new files from open office rw-rw--r-- That would be just what I want. The problem with mozilla is that we have email accounts together. Sure we both want to be able to read it. And the bookmarks-file should be for us both, too. So what I want is that mozilla uses the directory /home/.mozilla/ for storing its files for my wife as well as for me. Mozilla points korrekt to the directory but because my wife's account has no write permissions mozilla is deleting the bookmark file and creates a new empty one. The permissions of the new file is -rw---1 ulrich staff 86910 May 9 20:11 /home/.mozilla/Gemeinsam/oeftg7hl.slt/bookmarks.html or -rw---1 birgit staff 86910 May 9 22:30 /home/.mozilla/Gemeinsam/oeftg7hl.slt/bookmarks.html according to who last started mozilla (btw. it's mozilla 1.6 from backports.org) Can you better define the problem in terms of specific files you want to be common among all your users? want ( - r w - r w - r - ) . How can I O.K. I have to change that! - r w - r w - - - - would be even better. change this, not only for mozilla but for some other shared directories, too. That's what I'm really not getting. *What* shared directories? Is Mozilla some bizarre exception to the rule that individual user config files belong in ~ and systemwide defaults are immutable? If you yourself need to write to anything outside of /home/you to use Mozilla, something seems badly out of whack. I don't have to. Normaly mozilla would store it's files under ~/.mozilla/ but I thought it would be easier to share them when I have them in /home/.mozilla/ so I changed the location of the files. Which is by the way no hack but implemented in mozilla. You can use every directory you have write permissions. Perhaps It seems much more likely that a better approach to this would be to devise some way to keep dotfiles (such as maybe ~/.mozilla) between your users in sync with each other, which could possibly be accomplished with far less potential danger to the integrity of your system. Perhaps create a common user directory owned by your group, set with group rwx permissions, and create symlinks from individual user directories to the files contained in this common place. I suppose you'd still have to tweak your umask to make that useful, but it would be far less dangerous than giving everybody permission to write to certain files in, say, /usr somewhere. O.K. but afaik a sym-link has the same permissions as the original file. So when I create a symlink from a file with -rw--- ulrich:staff (thats me and my primary group) has read and write permission the symlink would have the same and not -rw--- birgit:staff or -rw-rw. So I thought /that/ wouldn't help. Or am I wrong with that? TIA Ulrich
Re: default file permissions
* Ulrich Fürst [Sun, 09 May 2004 20:53:16 +0200]: it. And the bookmarks-file should be for us both, too. So what I want is that mozilla uses the directory /home/.mozilla/ for storing its files for my wife as well as for me. Mozilla points korrekt to the directory but because my wife's account has no write permissions mozilla is deleting the bookmark file and creates a new empty one. mozilla does this as a security/sanity meassure. some programs make sure certain user files have appropriate permissions (appropriate for normal use, that is). mmm, if you never log in at the same time, you could go for rsync'ing directories (or files) that you want the same before login/after logout. i think it can work if you do it right (i.e., taking care of only syncinc from newer files to older, etc.) -- Adeodato Simó EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621 Listening to: Ellos - Ni hablar I went to the race track once and bet on a horse that was so good that it took seven others to beat him!
Re: default file permissions
Adeodato Simó schrieb: * Ulrich Fürst [Sun, 09 May 2004 20:53:16 +0200]: it. And the bookmarks-file should be for us both, too. So what I want is that mozilla uses the directory /home/.mozilla/ for storing its files for my wife as well as for me. Mozilla points korrekt to the directory but because my wife's account has no write permissions mozilla is deleting the bookmark file and creates a new empty one. mozilla does this as a security/sanity meassure. some programs make sure certain user files have appropriate permissions (appropriate for normal use, that is). mmm, if you never log in at the same time, you could go for rsync'ing directories (or files) that you want the same before login/after logout. i think it can work if you do it right (i.e., taking care of only syncinc from newer files to older, etc.) We don't log in at the same time. But what do I win with rsync. I read the man-page and as far as I could find out you can preserve the ownership of a file. But you can't change it. So I have to do a chmod on all the files as well. So why is it better than a cp x y in a ~/.kde/Autostart/copy_mozilla file? TIA Ulrich
Re: default file permissions
On Sunday 09 May 2004 02:53 pm, Ulrich Fürst wrote: Where is the file? I don't run Mozilla, so I'm not familiar with that. Is it under /usr somewhere, or what? It's under /home/.mozilla/ ... In this directory and in subdirectories mozilla stores it's settings and the mails and so on. OK, let's back up again. I'm still not completely clear what you have here. I think you have /home/you /home/your-wife Then you are trying to share files between each other by configuring various things to write directly to /home instead of /home/you or /home/your-wife Is that right? If so, that's very strange. How do you even have write permission on /home? What is the permission on that directory? It's supposed to be 755, and individual users are not supposed to be able to write to /home directly anyway. I presume you've changed this. I guess you can do it that way if you insist, but it seems messy and difficult to manage safely. Why not create a shared directory for the two of you with 775 permissions? Other posts that I missed previously already explained about setting your umask in various places. With the right umask ( would work, or you could be more restrictive), and a directory you can both access it should be possible to do what you want. Something like this: [EMAIL PROTECTED] /home -mkdir shared-directory-demo [EMAIL PROTECTED] /home -chmod 755 shared-directory-demo [EMAIL PROTECTED] /home -chown root:your-family-group shared-directory-demo [EMAIL PROTECTED] /home -ls -ld shared-directory-demo/ drwxrwxr-x2 root your-family-group 4096 May 9 21:04 shared-directory-demo// [EMAIL PROTECTED] /home -cd shared-directory-demo/ [EMAIL PROTECTED] /home/shared-directory-demo -su you [EMAIL PROTECTED] /home/shared-directory-demo -umask [EMAIL PROTECTED] /home/shared-directory-demo -touch foo [EMAIL PROTECTED] /home/shared-directory-demo -ls -l foo -rw-rw-rw-1 you you 0 May 9 21:04 foo [EMAIL PROTECTED] /home/shared-directory-demo -cd .. [EMAIL PROTECTED] /home -exit exit [EMAIL PROTECTED] /home/shared-directory-demo -su your-wife [EMAIL PROTECTED] /home/shared-directory-demo -umask [EMAIL PROTECTED] /home/shared-directory-demo -touch foo [EMAIL PROTECTED] /home/shared-directory-demo -ls -l foo -rw-rw-rw-1 you you 0 May 9 21:05 foo You've made a directory, chowned it to your-family-group, set it to 775 so the group can write there. Then when you set your umask to 0 and create a file, your wife can then modify the same file, even though you still own it. This seems like what you want. It would probably be better to use a umask of 0007 instead, so you still have *some* control. (I should have used that in the above example, but I'm too lazy to go back and re-do it. :) Anyway, is this even helpful, or are you trying to do something I still don't quite understand? -- Michael McIntyre you [EMAIL PROTECTED] Linux fanatic, and certified Geek; registered Linux user #243621 http://www.geocities.com/Paris/Rue/5407/
Re: default file permissions
The real proper way to do this is to create your family-group (in fact the users group would suffice for this, just add both users to is (why is this not the default in debian?) them create /home/shared-stuff and set it 775 chmod 775 /home/shared-stuff then set the group sticky bit on the directory chmod g+s /home/shared-stuff and chown it to root.users chown root.users /home/shared-stuff now, people in the users group can create files in there, the default umask will make them 644, but you can easily change that so that the umask is 664 if you really want. But, it's important to note, that you could leave umask alone, and when there are files you WANT to share, you put them at 664 manually... chmod g+w file Anyway, however you do it, the sticky bit on the directory makes the files end up owned by the group users. If you didn't have this files would be owned by your private group (the one named just like your username), and your wife wouldn't be able to access them. Example: users on my box: echo and froddie. ringo:/home# ls -adl shared-stuff drwxrwsr-x2 root users4096 May 9 22:12 shared-stuff See the sticky bit? (the s) [EMAIL PROTECTED]:/home/shared-stuff$ ls -al total 8 drwxrwsr-x2 root users4096 May 9 22:13 . drwxrwsr-x 15 root staff4096 May 9 22:12 .. -rw-rw-r--1 froddie users 0 May 9 22:13 bar -rw-r--r--1 echo users 0 May 9 22:13 foo I just touched two files in this dir. My umask is 022 (the default). As echo, I created foo. My wife can read it, but she can't modify it. I logged in as my wife... and touched bar. I did chmod g+w bar. Now echo can access the file and read and write it. You see how both files are owned by the group users. After changing the directory to not have the sticky bit.. and touchging a file.. I get this. [EMAIL PROTECTED]:/home/shared-stuff$ ls -al total 8 drwxrwxr-x2 root users4096 May 9 22:16 . drwxrwsr-x 15 root staff4096 May 9 22:12 .. -rw-rw-r--1 froddie users 0 May 9 22:13 bar -rw-r--r--1 echo users 0 May 9 22:13 foo -rw-r--r--1 echo echo0 May 9 22:16 foobar See how foobar is owned by echo.echo The moral of this story: Learn to use the group sticky bit on directories :) On Sunday 09 May 2004 9:26 pm, Silvan wrote: On Sunday 09 May 2004 02:53 pm, Ulrich Fürst wrote: Where is the file? I don't run Mozilla, so I'm not familiar with that. Is it under /usr somewhere, or what? It's under /home/.mozilla/ ... In this directory and in subdirectories mozilla stores it's settings and the mails and so on. OK, let's back up again. I'm still not completely clear what you have here. I think you have /home/you /home/your-wife Then you are trying to share files between each other by configuring various things to write directly to /home instead of /home/you or /home/your-wife Is that right? If so, that's very strange. How do you even have write permission on /home? What is the permission on that directory? It's supposed to be 755, and individual users are not supposed to be able to write to /home directly anyway. I presume you've changed this. I guess you can do it that way if you insist, but it seems messy and difficult to manage safely. Why not create a shared directory for the two of you with 775 permissions? Other posts that I missed previously already explained about setting your umask in various places. With the right umask ( would work, or you could be more restrictive), and a directory you can both access it should be possible to do what you want. Something like this: [EMAIL PROTECTED] /home -mkdir shared-directory-demo [EMAIL PROTECTED] /home -chmod 755 shared-directory-demo [EMAIL PROTECTED] /home -chown root:your-family-group shared-directory-demo [EMAIL PROTECTED] /home -ls -ld shared-directory-demo/ drwxrwxr-x2 root your-family-group 4096 May 9 21:04 shared-directory-demo// [EMAIL PROTECTED] /home -cd shared-directory-demo/ [EMAIL PROTECTED] /home/shared-directory-demo -su you [EMAIL PROTECTED] /home/shared-directory-demo -umask [EMAIL PROTECTED] /home/shared-directory-demo -touch foo [EMAIL PROTECTED] /home/shared-directory-demo -ls -l foo -rw-rw-rw-1 you you 0 May 9 21:04 foo [EMAIL PROTECTED] /home/shared-directory-demo -cd .. [EMAIL PROTECTED] /home -exit exit [EMAIL PROTECTED] /home/shared-directory-demo -su your-wife [EMAIL PROTECTED] /home/shared-directory-demo -umask [EMAIL PROTECTED] /home/shared-directory-demo -touch foo [EMAIL PROTECTED] /home/shared-directory-demo -ls -l foo -rw-rw-rw-1 you you 0 May 9 21:05 foo You've made a directory, chowned it to your-family-group, set it to 775 so the group can write there. Then when you set your umask to 0 and create a file, your wife can then modify the same file,