[Gllug] File permissions

Sunny Aujla sunnyfedora99 at gmail.com
Wed Jun 30 14:17:37 UTC 2010 

Just a quick note*

As far as i can remember, the setuid permission set on a directory is
ignored on UNIX and Linux systems, but FreeBSD interprets it similarly to
setgid, namely, all files and sub-directories are forced to be owned by the
directory owner.


On Wed, Jun 30, 2010 at 2:59 PM, Bruce Richardson <itsbruce at workshy.org>wrote:

> On Tue, Jun 29, 2010 at 03:56:56PM +0100, gllug wrote:
> >
> > But I digress: the Linux filesystem will not do what you want, not even
> > with ACLs.
>
> I should expand on this, though, James.  ACLs won't do the exact thing
> yhou are trying to do (force specific user and group access).  They may,
> however, let you achieve the effect you are after.  Are you trying to
> force the user and group just to be sure that everybody who is
> authorised to access the share can work with all the files created on
> it?  Or is there some other reason for wanting the specific user and
> group?
>
> If it's the former, you can achieve the same by setting a default acl on
> the top level directory.  If all the users who should have access to the
> location are in the "staff" group and you want this group to have
> read/write acces by default, then you could set up the ACLs for the
> directory something like this:
>
>        user::rwx
>        group::rwx
>        mask::rwx
>        other::---
>        default:user::rwx
>        default:group::rwx
>        default:group:staff:rwx
>        default:mask::rwx
>        default:other::---
>
> This also requires the top level directory to be owned by the group and
> have a mode of at least 0770; if this isn't the case, then you should
> add
>
>        group:staff:rwx
>
>
> That will achieve what you want because of the default ACLs, which are
> inherited, and doesn't require any SGID bits set anywhere.  It does
> leave open the possibility of somebody setting more restrictive
> permissions, having created a file; if you don't want that then you
> really do have to restrict access to samba only, so that you can force
> the file mode as well.
>
> --
> Bruce
>
> The ice-caps are melting, tra-la-la-la.  All the world is drowning,
> tra-la-la-la-la.  -- Tiny Tim.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iEYEARECAAYFAkwrTdYACgkQtkVqYTMBSwE/kwCeN0sH8PnaLjcpzjDdi5ZTrCZ6
> AEgAnAvooN6L6U8B7ZJNoeXXdEC+psmn
> =mjVP
> -----END PGP SIGNATURE-----
>
> --
> Gllug mailing list  -  Gllug at gllug.org.uk
> http://lists.gllug.org.uk/mailman/listinfo/gllug
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20100630/5e5e89b7/attachment.html>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list