[Gllug] File permissions

[Bruce Richardson]

On Tue, Jun 29, 2010 at 02:01:28PM +0100, James wrote:
> I'm struggling with file permissions. I want to have a public directory
> that inherits the UID as well as the GID. Using chmod g=rwxs is fine for
> the group but under Debian doesn't work for the UID.

It won't work under any Linux.  The Linux filesystem code does not treat
SUID the same as it does SGID (and the same goes for most UNIXen,
althrough FreeBSD can be made to do what you want); it is considered too
much of a security risk.

> In Samba I just
> 'force user' but I am working in a mixed environment. 

Samba is a diffent issue.  The samba daemon (or a part of it) runs
permanently as root and can set any permissions it likes.

> Do I have to
> resort to ACL's?

It is generally a bad idea to have users accessing a filesystem both
directly and through Samba; one group will create files that cause
problems for the other.  It's an even worse idea with recent versions,
where Samba has its own internal virtual filesystem.

But I digress: the Linux filesystem will not do what you want, not even
with ACLs.  You'd be best to have all non-admin access to the filesystem
go via Samba.





Mmm, there is a way to sort of do what you want, but it's evil and
flaky.  The trick is to use a filesystem that doesn't support multiple
user IDs at all, like MSDOS or VFAT; with those, you specify at mount
time which user and group will own all files on the filesystem.  But you
really don't want to do that.

-- 
Bruce

If the universe were simple enough to be understood, we would be too
simple to understand it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 204 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20100629/1b1f653a/attachment.pgp>
-------------- next part --------------
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug