LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Desktop
User Name
Password
Linux - Desktop This forum is for the discussion of all Linux Software used in a desktop context.

Notices

Reply
 
Search this Thread
Old 12-07-2007, 02:16 AM   #1
mattydee
Member
 
Registered: Dec 2006
Location: Vancouver, BC
Distribution: Debian
Posts: 462

Rep: Reputation: 39
Applying default permissions for newly created files within a specific folder


I've been trying to do this for a while, but I haven't found much info on this so I had to put the pieces together myself, so to speak. In essence, I want to change the umask for only one folder, which you can't really do with umask... This is the only way AFAIK to achieve this. Please let me know if there is a simpler way.

Here is my objective:

I have a folder which I want to share with rw permissions for a selected group of users. Let's say the folder is /music and I want to share it with the group media. What we want is not only having users accessing files in /music with rw access, but also to ensure that all files created in /music will have ownership username:media and permissions -rw-rw-r-- .

To achieve this, we will use two tools:
1) GID
2) ACL (man acl)

GID
Lets assume the /music directory has the following permissions:
Code:
drwxrwxr-x	root media
By setting the GID on the directory /music , files created within this directory will have the same group as the /music directory. For example, normally we would expect a newly created file to have the following ownership:
Code:
-rw-r--r--  1 matty users       0 2007-12-06 22:46 newfile
If we set the GID of /music :
Code:
chmod g+s /music
Now, newly created files in /music will have the following ownership:
Code:
-rw-r--r--  1 matty media       0 2007-12-06 22:46 newfile
We are one step closer but what we actually want is:
Code:
-rw-rw-r--  1 matty media       0 2007-12-06 22:46 newfile
so that other users in the group media will be able to modify/delete the file.

ACL

ACL is included in the default Slackware install (for Ubuntu sudo apt-get install acl should do the trick). To "activate" it, you simply have to remount the drive with the acl option.

My fstab looks something like this (modify yours appropriately - don't mess it up!):
Code:
/dev/hdb1        /music          ext3        defaults,acl     1   2
I have used ACL with reiserfs and ext3. I'm not sure how it works with others. Also, it seems that you don't have to specify acl in the options for xfs partitions.

Now remount the drive for it to take effect:
Code:
mount -o remount /music
We can now use ACL to create default permissions for for newly created files in /music
Code:
setfacl -d -m g::rwx /music
setfacl -d -m o::rx /music
Check the new permissions:
Code:
getfacl /music
The output should look something like this:
Code:
# file: /music
# owner: matty
# group: media
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:other::r-x
We're done. For those who prefer a GUI, you can execute the steps outlined above using Konqueror. Right click -> permissions -> advanced permissions. Mess around with those options at you leisure.

Now, when we create a new file in /music :
Code:
touch newfile
ls -l newfile
Gives us:
Code:
-rw-rw-r--+  1 matty media       0 2007-12-06 22:46 newfile
The plus sign is to indicate ACL attributes are in effect on the file.

Newly created folders in /music should have:
Code:
drwxrwsr-x+ 2 matty media 48 2007-12-06 23:15 newfolder/
Applying this idea to an already existing messy /music folder with subdirectories.

Before you do this as root in a valuable folder, its probably a good idea to practice as user in a not so valuable folder in your home directory to avoid potentially disastrous mistakes. Before using chmod and chown with -R as root, think carefully...

Set GID as described above:
Code:
chown -R :media /music
chmod 775 music
chmod g+s /music
ls -ld music should give us
Code:
drwxrwsr-x   3 matty media
*** find a way to set the g+s on all subdirectories ***
This is pretty straight forward using konqueror. Select all the directories and right click, permissions, and advanced permissions.
From the command line: ???

We can apply acl recursively:
Code:
setfacl -R -d -m g::rwx -m o::rx /music
This creates the default rules for newly created files/dirs within the /music directory and subdirectories.

If the original files in there were created with a "standard" umask, most of them will have permissions similar to:
Code:
-rw-r--r--
drwx-r-xr-x
Assuming this is the case, we can fix this with
Code:
chmod -R g+w /music
That should do it.
Your files in /music should now be group (media) writeable. New files will be created with group media and be group writeable as well.

Last edited by mattydee; 11-07-2009 at 02:37 PM.
 
Old 12-18-2007, 04:23 PM   #2
mattydee
Member
 
Registered: Dec 2006
Location: Vancouver, BC
Distribution: Debian
Posts: 462

Original Poster
Rep: Reputation: 39
Any (constructive) feedback on this would be appreciated
 
Old 01-10-2008, 04:14 AM   #3
bagel50
LQ Newbie
 
Registered: Jan 2008
Distribution: RHEL, Fedora, Kubuntu
Posts: 1

Rep: Reputation: 0
Seems like exactly what I need, thanks for posting the detailed instructions
 
Old 01-12-2008, 03:53 PM   #4
mattydee
Member
 
Registered: Dec 2006
Location: Vancouver, BC
Distribution: Debian
Posts: 462

Original Poster
Rep: Reputation: 39
You're welcome.

Glad this helped someone
 
Old 02-01-2008, 10:26 PM   #5
xenmaster
LQ Newbie
 
Registered: Sep 2005
Posts: 15

Rep: Reputation: 0
Same here. I couldn't find out how to do it by myself as quickly as I could search the internet . Much appreciated.

Btw:
Code:
ls -l | grep music
can also be accomplished by:
Code:
ls -ld music
The 'd' makes sure you are listing not the contents but the directory entry itself.

Last edited by xenmaster; 02-01-2008 at 10:32 PM.
 
Old 02-02-2008, 12:51 PM   #6
mattydee
Member
 
Registered: Dec 2006
Location: Vancouver, BC
Distribution: Debian
Posts: 462

Original Poster
Rep: Reputation: 39
Quote:
Originally Posted by xenmaster View Post
Same here. I couldn't find out how to do it by myself as quickly as I could search the internet . Much appreciated.

Btw:
Code:
ls -l | grep music
can also be accomplished by:
Code:
ls -ld music
The 'd' makes sure you are listing not the contents but the directory entry itself.
You're welcome! Thanks for the tip.

I wrote this help guide because every question I saw answered about this referred to umask, which just isn't really a solution for what most people want to accomplish.
 
Old 02-02-2008, 12:54 PM   #7
mattydee
Member
 
Registered: Dec 2006
Location: Vancouver, BC
Distribution: Debian
Posts: 462

Original Poster
Rep: Reputation: 39
Also:

It would be good if people who did this could report what distro and filesystem(s) they are using and what steps (if any) they had to do in order to activate acl.
 
Old 02-02-2008, 05:29 PM   #8
xenmaster
LQ Newbie
 
Registered: Sep 2005
Posts: 15

Rep: Reputation: 0
I am using Ubuntu 7.10 and applied this to ext3. Life will be a lot easier if we can get 90% to use one or two distributions . Critical mass! Now even a computer-noob friend of mine is using Ubuntu on his laptop. Whenever he's in trouble, I need to spell out the commands for him, but still .

I didn't even get umask to work, I think mount gave me unsupported option errors. I also tried to have 'cp' preserve file permissions based on acl, like when creating files, but that didn't work, so I had to manually chmod all the files. I still have to manually chmod all the directories to have g+x. But the action seems to have been in vain, because I can't get Windows to recognize UTF8 encoding on the ext3 volume, so there goes interoperability. Of course, there wouldn't have been acl in windows, but the right amount of scripting should automate the revival when in linux. I think the ext2ifs driver doesn't map UTF8 encoding to whatever evil single-byte scheme WinXP uses internally, and back.
 
Old 07-02-2009, 02:49 PM   #9
henkegbg
LQ Newbie
 
Registered: Jul 2009
Posts: 1

Rep: Reputation: 0
And then...

Hey!

First of all, I just must say that I created an account here just for this thread. Great tips .

Anyway I have a further questions which you might be able to help with:

Say that I want to copy an already created file into this directory, and I would like the copied file to gain the same permissions. Anyone has an idea of this (from my limited testing, it seems that files copied into the directory actually keep their old permissions)?

Cheers,

Henrik
 
Old 07-03-2009, 06:02 PM   #10
mattydee
Member
 
Registered: Dec 2006
Location: Vancouver, BC
Distribution: Debian
Posts: 462

Original Poster
Rep: Reputation: 39
Quote:
Originally Posted by henkegbg View Post
Hey!

First of all, I just must say that I created an account here just for this thread. Great tips .

Anyway I have a further questions which you might be able to help with:

Say that I want to copy an already created file into this directory, and I would like the copied file to gain the same permissions. Anyone has an idea of this (from my limited testing, it seems that files copied into the directory actually keep their old permissions)?

Cheers,

Henrik
Hi Henrik. Thanks.

I haven't found a way to do this either... yet. One workaround would be to use the "find" command to apply the proper permissions to all files and folders within the target directory.

775 for directories
664 for files
and then chmod g+s on the directories.

But ya, it would be better to find a way to do this when the file is being moved.
 
Old 07-17-2009, 04:29 AM   #11
S.Lowhand
LQ Newbie
 
Registered: Jul 2009
Posts: 14

Rep: Reputation: 0
Newb: Variation on the theme...

Mattydee,

Thanks for posting your tip, although I confess it's over my head :-)

I'm an OSX user desperate to move to Ubuntu.

OSX sets the default folder structure up like this: (Correct me someone if I'm wrong...)

'Home', which is world readable.
Inside Home I have
Desktop
Documents
Library
Movies
Music
Pictures
Public
/Dropbox
Sites

All the folders inside 'Home' are locked to anyone except me, other than 'Public' which is read/write for anyone and 'Dropbox which is 'write only' for anyone.

'Sites' is the Apache folder.

This setup seems sensible to me. It's secure and private.

Ubuntu sets things up so that everything in the 'Home' folder is world-readable. This to me is not so clever.

Be that as it may. I _really_ don't want to argue the point but I'm desperate to find a way so that any new user I create on the box gets an OSX-like permissions setup.

Can you help me? I'm a bit of a Ubuntu evangelist and don't want a prospective Windows convert to think I'm nuts for recommending an OS which has such odd defaults.

Is there a way? I'm guessing it's a variation on your setup above but I'm not sufficiently well versed in the technicalities.

Any help appreciated :-)

(As an aside... Do all Linux Distros have these (what I would call...) odd default permissions?)

Slow.
 
Old 11-06-2009, 06:53 PM   #12
mwildam
Member
 
Registered: Sep 2006
Location: Vienna, Austria
Distribution: Fedora 13, Ubuntu 10.04
Posts: 52

Rep: Reputation: 15
INDEED - all other threads suggest the umask which is not a matching solution for this issue which is what I need.

Just a small typo: To install acl is: apt-get install acl

BTW: It seems that on Fedora the adding of ,acl to the options is not required in the /etc/fstab - but on Ubuntu yes (I have noticed that on an older Fedora 9 machine).
 
Old 11-07-2009, 02:45 PM   #13
mattydee
Member
 
Registered: Dec 2006
Location: Vancouver, BC
Distribution: Debian
Posts: 462

Original Poster
Rep: Reputation: 39
Quote:
Originally Posted by S.Lowhand View Post
Mattydee,

Thanks for posting your tip, although I confess it's over my head :-)

I'm an OSX user desperate to move to Ubuntu.

OSX sets the default folder structure up like this: (Correct me someone if I'm wrong...)

'Home', which is world readable.
Inside Home I have
Desktop
Documents
Library
Movies
Music
Pictures
Public
/Dropbox
Sites

All the folders inside 'Home' are locked to anyone except me, other than 'Public' which is read/write for anyone and 'Dropbox which is 'write only' for anyone.

'Sites' is the Apache folder.

This setup seems sensible to me. It's secure and private.

Ubuntu sets things up so that everything in the 'Home' folder is world-readable. This to me is not so clever.

Be that as it may. I _really_ don't want to argue the point but I'm desperate to find a way so that any new user I create on the box gets an OSX-like permissions setup.

Can you help me? I'm a bit of a Ubuntu evangelist and don't want a prospective Windows convert to think I'm nuts for recommending an OS which has such odd defaults.

Is there a way? I'm guessing it's a variation on your setup above but I'm not sufficiently well versed in the technicalities.

Any help appreciated :-)

(As an aside... Do all Linux Distros have these (what I would call...) odd default permissions?)

Slow.
Hi S.Lowhand,
To set the permissions you want, I believe you can use chmod 700 on all the directories in your home folder that you don't want anyone else to access:
Code:
chmod 700 /home/user/my-directory
If there are no folders you wish to share in your home folder, you could even set your home directory that way.
Code:
chmod 700 /home/user
This may have some minor consequences though. For example, your login manager might not be able to read your .face icon (or whatever it's called) and you won't get your pretty login picture next to user name on the login screen. That's a problem I've had in the past anyways.

Cheers!

EDIT: I may have misunderstood your question. If you want all this to happen by default when you create a new user, then you would probably want to modify the adduser script, which is probably located in /usr/sbin/

Last edited by mattydee; 11-07-2009 at 02:55 PM.
 
Old 11-07-2009, 02:46 PM   #14
mattydee
Member
 
Registered: Dec 2006
Location: Vancouver, BC
Distribution: Debian
Posts: 462

Original Poster
Rep: Reputation: 39
Quote:
Originally Posted by mwildam View Post
INDEED - all other threads suggest the umask which is not a matching solution for this issue which is what I need.

Just a small typo: To install acl is: apt-get install acl

BTW: It seems that on Fedora the adding of ,acl to the options is not required in the /etc/fstab - but on Ubuntu yes (I have noticed that on an older Fedora 9 machine).
Thanks your pointing out the typo mwildam. It's now fixed.
 
Old 11-07-2009, 02:52 PM   #15
mattydee
Member
 
Registered: Dec 2006
Location: Vancouver, BC
Distribution: Debian
Posts: 462

Original Poster
Rep: Reputation: 39
Quote:
Originally Posted by S.Lowhand View Post
(As an aside... Do all Linux Distros have these (what I would call...) odd default permissions?)
Slow.
I'm not sure if this a Ubuntu quirk. I think the defaults perms for the home folders in Slackware is 711 which means users can enter the home dir but not ls or see any of the files in there. But of course, if someone knows the name of a file in there, and if the file was created with read perms for all (which is the default umask in most cases) then they could read that file. I honestly don't know why or the historical reasons behind why things are this way.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Automatically set permissions of new files created within a specific folder Lorian Linux - Desktop 2 03-03-2007 03:17 PM
Default permissions of files and folder maginotjr Slackware 2 07-29-2005 03:52 AM
How to set permissions for newly created dirs? z-vet Linux - General 2 12-04-2004 08:06 AM
permissions for newly created files dialbat Linux - General 2 10-04-2004 02:58 PM
default files and folder acl permissions Baltasar Fedora 4 08-30-2004 12:50 PM


All times are GMT -5. The time now is 07:17 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration