Re: [gentoo-user] default user permissions
Hi, Thanks for the help. Best regards, Hinko On 03/25/10 22:43, Florian Philipp wrote: Am 25.03.2010 09:50, schrieb Alan McKinnon: On Thursday 25 March 2010 10:26:25 Hinko Kocevar wrote: Hi, Where is defined what permissions will the newly created folder/file have by default? This is done by the umask of the user creating the folder. Eg. When creating a folder I would like it to have permissions right after it is created, to void use of chmod/chown afterwards: drwxrwxr-x 2 hinko users4096 Mar 25 09:23 folder1 while now I get only: drwxr-xr-x 2 hinko users4096 Mar 25 09:23 folder1 That is group should have 'w' set. This is a common misunderstanding about permissions and the Unix philosophy about them, which is: It's up to the user, not the system, to say what permissions he wants on new filesystem objects. Modifing the user's umask is not advised, as this is global. *Every* new file or dir then ends up with g+w and you probably don't want that. You need to use Posix ACLs for this, and your file system and kernel must support them; you configure it per directory. It's all in man pages and on google - better start reading. Be warned though: you *will* forget you set this, and *will* wonder in future why g+w is set in various places. ls gives precious little clue that an ACL is in place. I find that in real life, a find -exec chmod in a cron is a better solution To avoid ACLs and still have group rw rights on some folders for specific groups, you can make use of the 'user private group' scheme and the setgid bit: [1]. Gentoo uses this scheme per default, although I think the umask setting is different (has to be 002 or 007). What Alan forgot to tell is where to set the umask: /etc/profile. Don't use too strict settings because these are also applied to system accounts. This can easily break your system. [1] http://www.redhat.com/docs/manuals/linux/RHL-7.3-Manual/ref-guide/s1-users-groups-private-groups.html Hope this helps, Florian Philipp -- Hinko Kocevar Technical support software engineer Instrumentation Technologies Velika pot 22, SI-5250 Solkan - Slovenia T:+386 5 3352600, F:+386 5 3352601 mailto: hinko.koce...@i-tech.si http://www.i-tech.si - When your users demand stability The information transmitted is intended solely for the addressee and may contain confidential and/or privileged information. Any review, retention, disclosure or other use by persons other than the intended recipient is prohibited. If you received this in error, please notify the sender and delete all copies.
[gentoo-user] default user permissions
Hi, Where is defined what permissions will the newly created folder/file have by default? Eg. When creating a folder I would like it to have permissions right after it is created, to void use of chmod/chown afterwards: drwxrwxr-x 2 hinko users4096 Mar 25 09:23 folder1 while now I get only: drwxr-xr-x 2 hinko users4096 Mar 25 09:23 folder1 That is group should have 'w' set. Thank you! Best regards, Hinko -- Hinko Kocevar Technical support software engineer Instrumentation Technologies Velika pot 22, SI-5250 Solkan - Slovenia T:+386 5 3352600, F:+386 5 3352601 mailto: hinko.koce...@i-tech.si http://www.i-tech.si - When your users demand stability The information transmitted is intended solely for the addressee and may contain confidential and/or privileged information. Any review, retention, disclosure or other use by persons other than the intended recipient is prohibited. If you received this in error, please notify the sender and delete all copies.
Re: [gentoo-user] default user permissions
On Thursday 25 March 2010 10:26:25 Hinko Kocevar wrote: Hi, Where is defined what permissions will the newly created folder/file have by default? This is done by the umask of the user creating the folder. Eg. When creating a folder I would like it to have permissions right after it is created, to void use of chmod/chown afterwards: drwxrwxr-x 2 hinko users4096 Mar 25 09:23 folder1 while now I get only: drwxr-xr-x 2 hinko users4096 Mar 25 09:23 folder1 That is group should have 'w' set. This is a common misunderstanding about permissions and the Unix philosophy about them, which is: It's up to the user, not the system, to say what permissions he wants on new filesystem objects. Modifing the user's umask is not advised, as this is global. *Every* new file or dir then ends up with g+w and you probably don't want that. You need to use Posix ACLs for this, and your file system and kernel must support them; you configure it per directory. It's all in man pages and on google - better start reading. Be warned though: you *will* forget you set this, and *will* wonder in future why g+w is set in various places. ls gives precious little clue that an ACL is in place. I find that in real life, a find -exec chmod in a cron is a better solution -- alan dot mckinnon at gmail dot com
Re: [gentoo-user] default user permissions
Am 25.03.2010 09:50, schrieb Alan McKinnon: On Thursday 25 March 2010 10:26:25 Hinko Kocevar wrote: Hi, Where is defined what permissions will the newly created folder/file have by default? This is done by the umask of the user creating the folder. Eg. When creating a folder I would like it to have permissions right after it is created, to void use of chmod/chown afterwards: drwxrwxr-x 2 hinko users4096 Mar 25 09:23 folder1 while now I get only: drwxr-xr-x 2 hinko users4096 Mar 25 09:23 folder1 That is group should have 'w' set. This is a common misunderstanding about permissions and the Unix philosophy about them, which is: It's up to the user, not the system, to say what permissions he wants on new filesystem objects. Modifing the user's umask is not advised, as this is global. *Every* new file or dir then ends up with g+w and you probably don't want that. You need to use Posix ACLs for this, and your file system and kernel must support them; you configure it per directory. It's all in man pages and on google - better start reading. Be warned though: you *will* forget you set this, and *will* wonder in future why g+w is set in various places. ls gives precious little clue that an ACL is in place. I find that in real life, a find -exec chmod in a cron is a better solution To avoid ACLs and still have group rw rights on some folders for specific groups, you can make use of the 'user private group' scheme and the setgid bit: [1]. Gentoo uses this scheme per default, although I think the umask setting is different (has to be 002 or 007). What Alan forgot to tell is where to set the umask: /etc/profile. Don't use too strict settings because these are also applied to system accounts. This can easily break your system. [1] http://www.redhat.com/docs/manuals/linux/RHL-7.3-Manual/ref-guide/s1-users-groups-private-groups.html Hope this helps, Florian Philipp signature.asc Description: OpenPGP digital signature