LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 09-27-2012, 07:56 AM   #1
abhinav4
Member
 
Registered: Jun 2010
Location: India
Distribution: Fedora/Cent OS
Posts: 123

Rep: Reputation: 0
Exclamation Inheriting file permission


Is there a way to inherit parent folder permission?
There is a folder called "/stuff" with 777 permission, which means everyone has full access to the file.
Now if someone creates a file inside "/stuff" i want that file to inherit the permission from its parent ie. file should have permission of .777
 
Old 09-27-2012, 08:11 AM   #2
JaseP
Senior Member
 
Registered: Jun 2002
Location: Eastern PA, USA
Distribution: K/Ubuntu 10.04/12.04, Scientific Linux 6.3, Android-x86, Maemo
Posts: 1,658

Rep: Reputation: 138Reputation: 138
I found this article, which addresses this...
http://techblog.shanock.com/articles...of-a-directory

And another;
http://backdrift.org/recursive-inoti...ng-with-lsyncd

And a Q&A from another site;
http://superuser.com/questions/15191...rent-directory

The short answer is there's no pervasive, yet easy way to do this... But there's more than one way to skin a cat. The other options are to use use SAMBA or a partition that has no permissions, like FAT16 or FAT32...

Using SAMBA, is probably the best bet... But that comes with it's own case of canned worms...
 
Old 09-27-2012, 08:39 AM   #3
tronayne
Senior Member
 
Registered: Oct 2003
Location: Northeastern Michigan, where Carhartt is a Designer Label
Distribution: Slackware 32- & 64-bit Stable
Posts: 3,042

Rep: Reputation: 761Reputation: 761Reputation: 761Reputation: 761Reputation: 761Reputation: 761Reputation: 761
Quote:
Originally Posted by abhinav4 View Post
Is there a way to inherit parent folder permission?
Well, no, not automagically.

You have granted Attila the Hun permission on the directory, so users can write into it, but a file written in that directory will be owned by the user and have the users' UMASK.

The default, system-wide, UMASK is 0022 which is -rw-r--r-- 1 userid users for files and drwxr-xr-x 2 userid users for directories.

If you really want all users to have read-write access to all other users' files, you can set the UMASK value in their individual .profile file (in their home directory) like this
Code:
# set UMASK
umask 002
which will set the value when they log in and cause any file they write (every file, always) to -rw-rw-r-- 1 userid users, which permits group read-write permission. That may not be what you want when you think about it, eh? And you do not want to do this system-wide, it's a vast security hole.

A simple way to accomplish this requires a little user education. In this case you would not put the umask 002 in their .profile files; rather, teach them that, when they are going to write a file in that directory to
Code:
umask 002
cd directory
                        <do what you need to do>
                        <either log out or>
cd                      <takes you to your home directory>
umask 022               <change back to the default UMASK>
That's the safest.

Hope this helps some.
 
Old 09-27-2012, 09:11 AM   #4
JaseP
Senior Member
 
Registered: Jun 2002
Location: Eastern PA, USA
Distribution: K/Ubuntu 10.04/12.04, Scientific Linux 6.3, Android-x86, Maemo
Posts: 1,658

Rep: Reputation: 138Reputation: 138
Changing the system-wide UMASK is inadvisable, as tronayne implied. You could potentially break things that you are unaware of (for instance, if you use NIS, your keyfiles could get all [explitive implied]-ed up). There are strange things out there in packages that you don't know about. And changing the local UMASK doesn't necessarily solve your problem either.

I am dubious of "user education." I couldn't get my own wife to stop breaking the system on one of our HTPCs (her nickname in the house is; "The Breaker of All Things"). It was a simple setup, with a SAMBA share to the server, and a file manager set to display ripped movies as if it were a menu... I even locked the user interface up by changing the read-write permissions of configs... But she still managed to break it. Users are the definition of entropy. I now run a more locked down system, more appliance or kiosk-like.

A script (maybe run as a cron job), or using something like SAMBA is probably better (although SAMBA's potentially overkill). It depends on what you're trying to do...
 
Old 09-27-2012, 09:53 AM   #5
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
You can use setfacl to create a default acl for the directory. The default will be inherited. Using a group such
as "users" that regular users belong to might be better than "others".

Code:
setfacl -m o:rwx directory
setfacl -m d:o:rwx  directory
Files created won't have the x bit set, but shouldn't. For globally writable directories, the sticky bit should be set, and the partition should be mounted with the nosuid,noexec and nodev options. You could use a bind mount to mount a directory there instead of a partition,
and include these mount options. This allows you to use better options even if you hadn't dedicated a partition for it.

Last edited by jschiwal; 09-27-2012 at 10:12 AM.
 
Old 10-14-2012, 04:37 PM   #6
Shanock
LQ Newbie
 
Registered: Aug 2009
Distribution: Gentoo
Posts: 3

Rep: Reputation: 0
Sorry to necrobump, but I'm the author of the first article that JaseP cited (came across this thread while looking at my Google Analytics data). It seems as though he may have stopped reading where I mentioned Samba, but if you read the rest, you'll find that Samba didn't work out too well for me, and I now use a much better (slimmer, simpler, and more reliable) solution involving inotifywait.

It will watch a directory for activity and perform any action you want on a created/modified/accessed file, including setting both permissions and ownership. This will do exactly what you want, though the example on my page will only work on one directory (recursively) at a time. If you want something more complicated (i.e., any file created in /home will have appropriate ownership relative to userdir in which it was created), it can be done with inotifywait, but will take some scriptwork.

Last edited by Shanock; 10-14-2012 at 04:49 PM.
 
Old 10-14-2012, 04:58 PM   #7
suicidaleggroll
Senior Member
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 2,808

Rep: Reputation: 996Reputation: 996Reputation: 996Reputation: 996Reputation: 996Reputation: 996Reputation: 996Reputation: 996
You could also set up a cron job for root to chmod -R that directory every so often.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problems with inheriting permissions kcommins Linux - Newbie 10 01-17-2010 06:33 PM
permissions not inheriting to subdirectories/files pridefc Linux - Security 4 12-11-2006 12:21 AM
Inheriting file permissions Hardip Linux - Security 4 07-02-2006 11:56 PM
inheriting permissions steve007 Linux - Security 3 07-05-2005 11:09 PM
can't use protected inner class when inheriting the outer Dominik Programming 6 02-02-2004 01:12 AM


All times are GMT -5. The time now is 09:13 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration