1 |
Neil Bothwick schrieb: |
2 |
> On Thu, 17 Mar 2016 18:38:56 -0400, Rich Freeman wrote: |
3 |
> |
4 |
>>> umask is just not viable either, as a) it's global and affects all |
5 |
>>> files a user creates and b) by definition umask is modifiable by the |
6 |
>>> user (it's a feature to help users out so they don't need to chmod |
7 |
>>> every file every time) and c) you can't stop them doing it (by |
8 |
>>> design). |
9 |
>> |
10 |
>> Actually, this is completely viable. Just set the default umasks to |
11 |
>> 007, and create a new group for each user as their default group (and |
12 |
>> don't have all their home directories be owned by some users group). |
13 |
>> This is how this sort of situation was handled long before POSIX ACLs |
14 |
>> became common, and I know that some distros behave this way by default |
15 |
>> for this reason (this was the case in the distro I used right before I |
16 |
>> switched to Gentoo). |
17 |
>> |
18 |
>> If users chmod a file then tell them not to. If you must, set up some |
19 |
>> cron job to clean up after them. |
20 |
>> |
21 |
>> But, you can of course do this with ACLs as well. I haven't tried |
22 |
>> setting those up personally. |
23 |
> |
24 |
> I've done this with ACLs in the past, which is why I suggested it, but |
25 |
> it's a pain to set up if you haven't used them before. Alan's suggestion |
26 |
> of using inotify is probably simplest. Install incrond and put something |
27 |
> like this in a file in /etc/incron.d |
28 |
> |
29 |
> /shared/dir IN_CREATE,IN_MODIFY chmod g+w $# |
30 |
> |
31 |
> |
32 |
|
33 |
Thank you very much, I'll try to use incron for this. |