| 1 |
Hi list! |
| 2 |
|
| 3 |
I'm a bit dissatisfied with the way umask and filesystem permissions |
| 4 |
work and I'd like to know if a) this is due to misunderstanding on my |
| 5 |
part and/or b) there is a clean workaround I'm unaware of. |
| 6 |
|
| 7 |
Let's say I have a system with various users working on some sensible |
| 8 |
data. Therefore I have to set up various security policies regarding |
| 9 |
file permissions and so forth. |
| 10 |
|
| 11 |
For example every $HOME-directory should be only readable to the user |
| 12 |
himself (e.g. for user phil_fl: chown phil_fl:phil:fl; umask 0077 or |
| 13 |
0007). |
| 14 |
|
| 15 |
Then there might be a common folder for all users in a specific group |
| 16 |
as a simple way of sharing files. These shall be accessible by every |
| 17 |
user in the group but by none else, so for the user phil_fl and the |
| 18 |
group users: chown phil_fl:users; umask 0007. |
| 19 |
|
| 20 |
As we see, the umask itself isn't the problem (in this special case) |
| 21 |
but the group is it, however, there might be cases in which need to |
| 22 |
change both for special folders. How do I do this without needing any |
| 23 |
interaction from the users? |
| 24 |
|
| 25 |
Thanks in advance! |
| 26 |
|
| 27 |
Florian Philipp |
Archives