1 |
On 17/03/2016 19:19, hw wrote: |
2 |
> |
3 |
> Hi, |
4 |
> |
5 |
> how can I make it so that multiple users on a system who create |
6 |
> files in a local, shared directory do have write access to files |
7 |
> created by other users within the shared directory? |
8 |
> |
9 |
> The directory is group-writeable, and the users belong to the group |
10 |
> which owns the directory. This enables them to create files within |
11 |
> the shared directory, yet the files they create belong to the user |
12 |
> who created it, and other users cannot modify them. The sticky bit |
13 |
> is set so that the files are owned by user:common-group. |
14 |
> |
15 |
> I would like to avoid changing the umask. If that cannot be avoided, |
16 |
> how do I change it? Users log in through x2goclient, and fvwm is |
17 |
> being executed on login. |
18 |
> |
19 |
|
20 |
Ooooooh, that's a horrible one, with no really obvious answer. |
21 |
|
22 |
First, you cannot do it with just regular Unix permissions. |
23 |
|
24 |
umask is just not viable either, as a) it's global and affects all files |
25 |
a user creates and b) by definition umask is modifiable by the user |
26 |
(it's a feature to help users out so they don't need to chmod every file |
27 |
every time) and c) you can't stop them doing it (by design). |
28 |
|
29 |
There is a way to do it with Posix ACLs, I figured it out once. It was |
30 |
ugly. It was horrible. It was impossible to describe to someone else. |
31 |
And it was invisible (you had to spot the tiny "+" in ls -al and know |
32 |
what it means to know to look further. |
33 |
|
34 |
The simplest way is to run chown -R g+w dir in a cron every few minutes. |
35 |
This works but it's inelegant. |
36 |
|
37 |
The best solution I have found yet is to use the inotify feature in the |
38 |
kernel. It's an event framework and really neat: tell the kernel to |
39 |
generate an event every time something specific happens on the |
40 |
filesystem, and write a small listener that run chmod. There are many |
41 |
examples in the man pages. |
42 |
|
43 |
In your case, the area to monitor is the shared directory itself, and |
44 |
the event to register is on_file_create and on_file_modify. The listener |
45 |
is a small script that launches chmod g+w |
46 |
|
47 |
Do read the man pages thoroughly, the above will become clearer. inotify |
48 |
is an amazing tool, I wish it were more in common use. |
49 |
|
50 |
|
51 |
-- |
52 |
Alan McKinnon |
53 |
alan.mckinnon@×××××.com |