FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 01-26-2011, 09:45 AM
Rafa Griman
 
Default Basic Permissions Questions

Hi

On Wed, Jan 26, 2011 at 11:31 AM, James Bensley <jwbensley@gmail.com> wrote:
> On 26 January 2011 10:17, Rafa Griman <rafagriman@gmail.com> wrote:
>> Directories should have +x permissions. Do a:
>>
>> chmod * *0750 * */directory
>>
>> And see what happens.
>>
>
> Hi Rafa, like a fool I sent that email and then worked this out
> shortly after


I'm glad you worked it out


> Still, if I hadn't your response was quick so I wouldn't have been
> waiting long. This leads me onto a new question though;
>
> If user1 writes a file in folder1 will user2 be made the default group
> owner, is there a way of enforcing this and with the required
> privileges (r for files, rx for directories?).


Ownership doesn't change just by creating files. Ownership of a file
is set to the user that creates that file, no matter where the file
is. Obviously, root can change file ownership ... so treat him well

In any case, try it out yourself. Create the files and see what happens


> User1 accesses folder1 over smb so I could set up a create mask but
> other folders accessed by users1 not via smb (ssh, rsync etc) I still
> want user2 to have read only access. Can you implement smb style
> create masks at a file system level?

Samba is a different story (but related), you can create masks, set
default permissions, ...

I usually recommend O'Reilley's Samba book because it starts off with
a very simple config and then complicates it little by little.

HTH

Rafa
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-26-2011, 10:20 AM
Edo
 
Default Basic Permissions Questions

Hi,
On Jan 26, 2011, at 7:31 PM, James Bensley <jwbensley@gmail.com> wrote:

On 26 January 2011 10:17, Rafa Griman <rafagriman@gmail.com> wrote:
Directories should have +x permissions. Do a:

chmod ¬* ¬*0750 ¬* ¬*/directory

And see what happens.


Hi Rafa, like a fool I sent that email and then worked this out
shortly after

Still, if I hadn't your response was quick so I wouldn't have been
waiting long. This leads me onto a new question though;

If user1 writes a file in folder1 will user2 be made the default group
owner, is there a way of enforcing this and with the required
privileges (r for files, rx for directories?).

Yes. If user1 belongs to the user2 group, that’s how it should [already] work.
User1 accesses folder1 over smb so I could set up a create mask but
other folders accessed by users1 not via smb (ssh, rsync etc) I still
want user2 to have read only access. Can you implement smb style
create masks at a file system level?


¬*¬*man acl
Maybe that’s what you are looking for.
HTH,
--¬*- Edwin - mailto:ml2edwin@gmail.com‚ÄúThe wise are the ones that treasure up knowledge, but the mouth¬*¬*of the foolish one is near to ruin itself.‚ÄĚ√ľ√ľProverbs 10:14
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-26-2011, 10:57 AM
"Les Bell"
 
Default Basic Permissions Questions

Edo <ml2edwin@gmail.com> wrote:

>>
If user1 writes a file in folder1 will user2 be made the default
group
owner, is there a way of enforcing this and with the required
privileges (r for files, rx for directories?).

Yes. If user1 belongs to the user2 group, that’s how it should [already]
work.
<<

The problem here is the RH "User Private Group" scheme, which means that
user1 is only a member of the group user1 and user2 is only a member of the
group user2. So their group memberships, by default, don't intersect and
user2's only access to user1's files is by virtue of the "other/world"
permissions, which depend upon the umask (but don't give access, by
default).

I've written this up (again, for a course I wrote some years ago, but it's
still mostly relevant) at
http://www.lesbell.com.au/Home.nsf/web/Controlling+Access+to+Files?OpenDocument
- see the section near the bottom entitled "
Red Hat's User Private Group Philosophy" which explains how it should be
used (the secret is to make the user administrator of their own group with
gpasswd -A). The RH approach, imho, is better than a global group, "users",
as found on other distros, because there's no real difference between
"users" and "world".

One easy way to allow shared access - and this will work over Samba - is to
create a group for the users, e.g. "accounts" and make the various users
members of that group (as a secondary group). Then create a shared
directory for them, chown it to be owned by the group (e.g. chown
me:accounts /home/accounts) and then set the SGID bit on the directory
(chmod 2777 /home/accounts). Now, whenever anybody creates a file in that
directory, it will be owned by that user and the shared group "accounts",
rather than the primary group of the creator. See the section in that
article on "Permissions on directories".

I actually haven't tested that approach with SELinux, but I can't see that
it would interfere.

Best,

--- Les Bell
[http://www.lesbell.com.au]
Tel: +61 2 9451 1144


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-26-2011, 12:58 PM
Robert Nichols
 
Default Basic Permissions Questions

On 01/26/2011 04:31 AM, James Bensley wrote:
> On 26 January 2011 10:17, Rafa Griman<rafagriman@gmail.com> wrote:
>> Directories should have +x permissions. Do a:
>>
>> chmod 0750 /directory
>>
>> And see what happens.
>>
>
> Hi Rafa, like a fool I sent that email and then worked this out
> shortly after
>
> Still, if I hadn't your response was quick so I wouldn't have been
> waiting long. This leads me onto a new question though;
>
> If user1 writes a file in folder1 will user2 be made the default group
> owner, is there a way of enforcing this and with the required
> privileges (r for files, rx for directories?).

Setting the SETGID bit on the directory ("chmod g+s folder1") will
cause the GID of that directory to propagate to newly created files
and directories therein.

--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 01-26-2011, 01:49 PM
James Bensley
 
Default Basic Permissions Questions

Thanks to all for your replies; the ability to set the group ID (SGID)
was the solution I needed, thanks very much guys

--
Regards,
James.

http://www.jamesbensley.co.cc/

There are 10 kinds of people in the world; Those who understand
Vigesimal, and J others...?
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 07:18 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org