1 |
Hi Willie, |
2 |
|
3 |
Many thanks for your informative reply. |
4 |
|
5 |
|
6 |
On 30 Sep 2008, at 15:18, Willie Wong wrote: |
7 |
|
8 |
> On Tue, Sep 30, 2008 at 03:05:58AM +0100, Penguin Lover Stroller |
9 |
> squawked: |
10 |
>> I'm a little unclear as to how these permissions have been applied - |
11 |
>> shouldn't it be based either on the permissions of the mount-point |
12 |
>> directory, or added as an "-o users,umask=000" in /etc/fstab ? |
13 |
> |
14 |
> umask only applies to file systems with no intrinsic permission |
15 |
> settings, e.g. VFAT. The permissions for file systems with permission |
16 |
> bits are set in the file system itself ... chmod/chown/chgrp applied |
17 |
> to the mount point after |
18 |
> mounting will change the permissions of the actual file system. |
19 |
|
20 |
Of course! It would not have occurred to me to ask this question were |
21 |
I mounting a drive at a normal place in the Unix directory tree (by |
22 |
which I mean /bin, /boot, /etc, /home, /lib, /sbin, /usr, /var and |
23 |
directories below them). |
24 |
|
25 |
>> However I'm posting to solicit suggestions on the best permissions |
26 |
>> practices for this purpose. mediatomb shouldn't need write access |
27 |
>> to these |
28 |
>> files or folders at all - there's no option on the UPnP client, for |
29 |
>> instance, to delete files from the server. Should I make the drives |
30 |
>> owned |
31 |
>> by "users" and in the "mediatomb" group, with read-only access for |
32 |
>> the |
33 |
>> latter? Any other suggestions? |
34 |
>> |
35 |
> What's so secret in your media folders that you can't just give read |
36 |
> access to mediatomb? Why don't you have it like you have now with |
37 |
> regards tot he owner and group and just give read permission to other? |
38 |
> |
39 |
> owner root |
40 |
> group users |
41 |
> umask 002 (i.e. you will have rwxrwxr-x or rw-rw-r-- ?) |
42 |
|
43 |
Of course! That's perfect. And I can easily keep customer data and |
44 |
other stuff on the drive at umask 007. |
45 |
|
46 |
> To do any fancier (say, files owned by root, read-write access for all |
47 |
> users and read access only for mediatomb and no access for everyone |
48 |
> else) you will probably need a real ACL with which I can offer no |
49 |
> suggestions. |
50 |
|
51 |
No, that's not necessary at all. I must've been having a brain-fart |
52 |
even to have asked. |
53 |
|
54 |
Stroller. |