default file permissions in a folder

replica9000 · 08-11-2008, 09:23 PM

Is there a way to set default file permissions in a folder?

Basically this is what I have:

a shared folder /home/me/shared
this folder is shared between NFS and Samba

now this folder i would use "chmod -R a=rwx /home/me/shared"

but when i create or copy files to this folder from the host, the permissions are
-rw-r--r-- me me

and when i do this from another location, the permissions are
-rwxr--r-- nobody nogroup

I want all the files and folders created or copied to this folder to automatically inherit the -rwxrwxrwx

And what effect does the nobody and nogroup have on the files?

jschiwal · 08-11-2008, 11:13 PM

All files are created initially with rxxrwxrwx permissions. Then the permissions are masked with the umask value. There is no reason to have the X bit set on files by default. Only executable file should have the x bit set, and you shouldn't allow executing files (at least accidentally) on a world writable share. A world writable share should be have it's own partition mounted with the noexec and nodev options. Also set the sticky bit on the directory being shared. E.G. chmod a=rwxt <directory>.

For a world writable share, the Samba server probably has an option to map a bad user to Guest. Guest is the windows equivalent of "Nobody". The directory being shared should be owned by Root. You don't want a regular user to be able to delete the entire directory. If an unauthenticated user saves a file in the share, the file will be owned by the "nobody" user. If the user is authenticated it will be owned by that user (Unless you use the Force User option).

The sticky bit protects files from being deleted by any user with write access to the directory. Deleting files writes to the directory and not to the file. If a user wants to protect a file from being altered or overwritten then they need to change the permissions to read only. The user needs to be an authenticated user however, so that the file isn't owned by nobody.

Mr. C. · 08-11-2008, 11:34 PM

A minor clarification in an area that often confuses new users. All files are created with the modes specified in open() or creat() calls, which are then subject to umask. This is only really relevant to programs that provide a mechanism for specifying default file / directory creation modes.