Hello Toushi,
Actually, the setgid bit may do exactly what you want, you just have to remember it only controls the
group of any subdirectories or files. If you are looking for a way to force the permissions merely as a result of the working directory, I don't think it's possible under unix style permissions.
I think you might be able to simulate it though, and fallback on a cron job to set group permissions recursively.
This may be a good place to look at the system-wide shell script setups. For instance, I might define a shell function in the system's bashrc like:
Quote:
db1 () {
OLDUMASK=umask
umask <new umask>
newgrp db1
umask $OLDUMASK
}
|
This way, each user will inherit this shell function, and in order to use it simply types "db1" at the prompt whenever they do work in the directory in question. I haven't fully tested this, and it does require user training. In fact, now that I thought of it, I will implement it on my systems soon.
--jason
Everything after this line is what I started to write about how files and directories are created under unix/linux. I left it in for information's sake.
Let's look at what happens when the setgid bit is NOT set on a directory. Files and directories will be created with the user and default group names of the users. But what is the default group id that each user is a member of? This is listed in field number 4 of the system's passwd file. It is also shown as "gid=" on the output of id -a.
The umask controls any default file and directory permissions by subtraction. the umask cannot be used to add permissions. Thus, if permission is granted, the file/directory is created with the ownership and default group id of the user. Directory permissions are generally set with 0777 - umask. Files are set with 0666 - umask.
There are two ways to change what group id is used upon file/directory creation: changing the group the user is operating under with the 'newgrp' command, or the setgid bit and group on the working directory. To tell the truth, I haven't used the 'newgrp' command before. The directory's setgid bit is a shorthand method of this.
Thus given the original permissions:
Quote:
drwxrwx--- 2 userA db1 4096 Apr 26 16:54 data
|
and set userA's umask to 0022, the Details directory will look something like this:
Quote:
drwxr-xr-x 2 userA <UserA_Group> 4096 Apr 26 16:54 Details
|
if userB's umask is 0002, the Details directory will look something like this:
Quote:
drwxrwxr-x 2 userB <UserB_Group> 4096 Apr 26 16:54 Details
|
Now when we set the gid bit on the /tmp/data directory, permissions will look like this:
Quote:
drwxrws--- 2 userA db1 4096 Apr 26 16:54 data
|
Given the above umask values for userA and userB, when userA makes the Details directory, it will look like this:
Quote:
drwxr-sr-x 2 userA db1 4096 Apr 26 16:54 Details
|
and if userB creates the Details dir:
Quote:
drwxrwsr-x 2 userB db1 4096 Apr 26 16:54 Details
|
Note that in order for userA to create files or directories writable by userB, userA will need to alter each permission as they are created, or change his/her umask.
--jason