FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 07-22-2008, 02:37 PM
Stephen Harris
 
Default sticky folder permissions

> Is there any way i can make /opt world readable and make sure these
> permissions stick to all subfolders and not allow users other than
> root/sudo to change them?

Make it a seperate filesystem mounted read-only, then remount it rw when
you need to make changes.

--

rgds
Stephen
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-22-2008, 02:55 PM
Tom Brown
 
Default sticky folder permissions

Is there any way i can make /opt world readable and make sure these
permissions stick to all subfolders and not allow users other than
root/sudo to change them?



Make it a seperate filesystem mounted read-only, then remount it rw when
you need to make changes.



i cant as the applications need to log there - i just need 'everyone' to
be able to read there - i would have thought i could somehow stick the
read permissions but it seems that perhaps not.



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-22-2008, 03:24 PM
Jeff
 
Default sticky folder permissions

On Tue, Jul 22, 2008 at 9:55 AM, Tom Brown <tom@ng23.net> wrote:
>
>>> Is there any way i can make /opt world readable and make sure these
>>> permissions stick to all subfolders and not allow users other than root/sudo
>>> to change them?
>>>
>>
>> Make it a seperate filesystem mounted read-only, then remount it rw when
>> you need to make changes.
>>
>
> i cant as the applications need to log there - i just need 'everyone' to be
> able to read there - i would have thought i could somehow stick the read
> permissions but it seems that perhaps not.

What are the applications? What is the directory structure? Is the
permission problem on a directory or a file? What user account owns
the application process? Is the app un-doing your manual permission
changes on existing files and directories, or just not granting read
permission to new objects?

If an application so chooses, it can set whatever permissions it wants
on newly created files. It may even have logic to alter the
permissions on existing files. You may not be able to control it from
the OS level.

Or, it could be as simple as setting (or changing) the umask in the
application startup script.

--
Jeff
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-22-2008, 03:32 PM
"William L. Maltby"
 
Default sticky folder permissions

On Tue, 2008-07-22 at 15:55 +0100, Tom Brown wrote:
> >> Is there any way i can make /opt world readable and make sure these
> >> permissions stick to all subfolders and not allow users other than
> >> root/sudo to change them?
> >>
> >
> > Make it a seperate filesystem mounted read-only, then remount it rw when
> > you need to make changes.
> >
>
> i cant as the applications need to log there - i just need 'everyone' to
> be able to read there - i would have thought i could somehow stick the
> read permissions but it seems that perhaps not.

The only possibilities I see quickly are using chattr and/or acl lists
(seems more promising, but not sure as I didn't take the time to really
understand the *implied* results).

$ man -k acl
acl (5) - Access Control Lists
acl (rpm) - Access control list utilities.
chacl (1) - change the access control list of a file or
directory
getfacl (1) - get file access control lists
libacl (rpm) - Dynamic library for access control list
support.
setfacl (1) - set file access control lists

"man chattr".

A *brief* scan doesn't yield an obvious simple solution though. But as
mentioned, there may be some implications that might "git 'er done".

> <snip>

HTH
--
Bill

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-22-2008, 03:36 PM
Tom Brown
 
Default sticky folder permissions

What are the applications? What is the directory structure? Is the
permission problem on a directory or a file? What user account owns
the application process? Is the app un-doing your manual permission
changes on existing files and directories, or just not granting read
permission to new objects?




in house apps running out of /opt/<appname> and logging into
/opt/<appname>/logs and are running as user <appname>


need to have world read on /opt/<appname>/logs

when permissions are 'manually' set when the app is redeployed it seems
that the world read is removed (i am investigating why this is)

If an application so chooses, it can set whatever permissions it wants
on newly created files. It may even have logic to alter the
permissions on existing files. You may not be able to control it from
the OS level.

Or, it could be as simple as setting (or changing) the umask in the
application startup script.




i was hoping at the OS level i could limit what the app could do with
the permissions as the app is not running as root. it seems i cant do
that so i will need to look at how the app is deployed and why the perms
are being reset/overwritten.



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-22-2008, 03:56 PM
Bowie Bailey
 
Default sticky folder permissions

Tom Brown wrote:
> > What are the applications? What is the directory structure? Is the
> > permission problem on a directory or a file? What user account owns
> > the application process? Is the app un-doing your manual permission
> > changes on existing files and directories, or just not granting
> > read permission to new objects?
> >
> >
>
> in house apps running out of /opt/<appname> and logging into
> /opt/<appname>/logs and are running as user <appname>
>
> need to have world read on /opt/<appname>/logs
>
> when permissions are 'manually' set when the app is redeployed it
> seems that the world read is removed (i am investigating why this is)

If it is the permissions on the directory that are the problem, then you
may be able to change the owner of the logs directory and then give the
application rw permissions. That way the application will be able to
write its logs, but would not be able to change permissions on the
directory.

--
Bowie
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-22-2008, 04:05 PM
Tom Brown
 
Default sticky folder permissions

If it is the permissions on the directory that are the problem, then you
may be able to change the owner of the logs directory and then give the
application rw permissions. That way the application will be able to
write its logs, but would not be able to change permissions on the
directory.




i will investigate all options given, thanks all

the issue is that this is a somewhat automated process in that a machine
is installed, applications deployed and brought into service as an
automated process so i cant check all the time to make sure permissions
are OK, ie world readable on logs.


i think to solve this i need to delve into the deploy to see why the
permissions are being reset -


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 05:58 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org