1 |
On 04/23/2016 10:42 AM, hw wrote: |
2 |
> |
3 |
> Has it become entirely impossible to share a directory tree and the |
4 |
> files in it with multiple users when Linux is involved? This should be |
5 |
> a very simple thing to accomplish. |
6 |
> |
7 |
|
8 |
It was never possible. It's ridiculous, but there it is. The UNIX |
9 |
permissions model is too simple. ACLs were bolted on top, but most tools |
10 |
retain legacy behavior with respect to group masks that breaks default |
11 |
ACLs. You're seeing that same problem with your Samba share. |
12 |
|
13 |
Filesystem permissions are one thing that Windows got right. There's |
14 |
ongoing work to bring that model to Linux, |
15 |
|
16 |
https://en.wikipedia.org/wiki/Richacls |
17 |
|
18 |
but they're going to make the same mistake again[0] and allow the group |
19 |
bits to act as a mask. That means mkdir, tar, cp, 7z -- anything that |
20 |
tries to mess with group bits -- isn't going to work. They'll be DOA |
21 |
just like POSIX ACLs were. |
22 |
|
23 |
I think you can manage this with incron and POSIX ACLs. Instead of |
24 |
running "chmod g+w", use sys-apps/apply-default-acl to reset the |
25 |
permissions to the defaults that you set. |
26 |
|
27 |
I wrote apply-default-acl to solve exactly this problem. You just need |
28 |
to figure out a way to run it whenever things get screwed up. Which |
29 |
means, whenever a file or directory is created. |
30 |
|
31 |
|
32 |
[0] http://www.bestbits.at/richacl/man/richacl.7.txt |
33 |
|
34 |
Changing the file mode permission bits: |
35 |
|
36 |
When changing the file mode permission bits with chmod(1), the |
37 |
owner, group, and other file permission bits are set to the |
38 |
permission bits in the new mode... In addition, the masked and |
39 |
write_through ACL flags are set. This has the effect of limiting the |
40 |
permissions granted by the ACL to the file mode permission bits... |