1 |
On Thursday 03 July 2008, Florian Philipp wrote: |
2 |
> Hi list! |
3 |
> |
4 |
> I'm a bit dissatisfied with the way umask and filesystem permissions |
5 |
> work and I'd like to know if a) this is due to misunderstanding on my |
6 |
> part and/or b) there is a clean workaround I'm unaware of. |
7 |
> |
8 |
> Let's say I have a system with various users working on some sensible |
9 |
> data. Therefore I have to set up various security policies regarding |
10 |
> file permissions and so forth. |
11 |
> |
12 |
> For example every $HOME-directory should be only readable to the user |
13 |
> himself (e.g. for user phil_fl: chown phil_fl:phil:fl; umask 0077 or |
14 |
> 0007). |
15 |
> |
16 |
> Then there might be a common folder for all users in a specific group |
17 |
> as a simple way of sharing files. These shall be accessible by every |
18 |
> user in the group but by none else, so for the user phil_fl and the |
19 |
> group users: chown phil_fl:users; umask 0007. |
20 |
> |
21 |
> As we see, the umask itself isn't the problem (in this special case) |
22 |
> but the group is it, however, there might be cases in which need to |
23 |
> change both for special folders. How do I do this without needing any |
24 |
> interaction from the users? |
25 |
|
26 |
umask does nothing for you here, it is simply a default starting point |
27 |
for the permissions of new files and directories and the user is |
28 |
completely free to change it to anything they feel like. |
29 |
|
30 |
Yes, this is by design. Yes, this is a very good thing :-) |
31 |
|
32 |
You want to set the setgid bit on the containing directory and chgrp |
33 |
that directory to the group involved. |
34 |
|
35 |
A bit of googling will help you further, if you get stuck or have no |
36 |
idea what I could possibly be on about, post back and I'll post the |
37 |
full story. It's quite involved and if it were code, it would be a |
38 |
heavily nested if clause |
39 |
|
40 |
-- |
41 |
Alan McKinnon |
42 |
alan dot mckinnon at gmail dot com |
43 |
|
44 |
-- |
45 |
gentoo-user@l.g.o mailing list |