LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 01-07-2010, 11:12 AM   #1
kcommins
LQ Newbie
 
Registered: Aug 2005
Posts: 9

Rep: Reputation: 0
Problems with inheriting permissions


Hi all,

I've a problem on one of my servers with file permissions. Quite simply , when I run chmod 777 -R against a folder , it seems to be inconsistent on making that particular folders permissions trickle down to the folders beneath. Some folders inherit its permissions , some don't. For example...

/projects

Contains

/Jan /Feb /Mar /April

They all in turn contain folders marked /1 , /2 , /3 , up to /10, these folders all contain more folders , running to a depth of 6.

However , depending on what folder our users save their files into , some are saved with rwxrwxr-- , some get saved with rwxrwxrx. Forgive my lack of understanding but if I run the above command against the top level folder will this not make every folder and file below it inherit its permissions of 777 ?? Or is there something else that I need to do??

Any help is greatly appreciated in helping me resolve this matter.

Thanks..

KC
 
Old 01-07-2010, 06:10 PM   #2
markush
Senior Member
 
Registered: Apr 2007
Location: Germany
Distribution: Slackware
Posts: 3,970

Rep: Reputation: 848Reputation: 848Reputation: 848Reputation: 848Reputation: 848Reputation: 848Reputation: 848
hello kcommins,

as which user are you using the chmod command? If you execute it as root, the command should work like you expect it. But if a file has rwxrwxr-- permissions you'll have to be root or at least in the same group as the owner of the file to change its permissions.

Markus
 
Old 01-07-2010, 06:23 PM   #3
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,978
Blog Entries: 11

Rep: Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879
I'm not sure what you mean by "inherit". With chmod -R you can
apply permissions to all files & directories recursively - there's
nothing about inheritance in there. If your users create new files
the perms on the newly created files solely depend on the umask of
the user who creates a file, not on the perms of the directory it's
in. The only thing you can make "stick" to a directory is the group
ownership, which (the group ownership) will transfer to files created
in the directory.



Cheers,
Tink
 
Old 01-08-2010, 05:08 AM   #4
kcommins
LQ Newbie
 
Registered: Aug 2005
Posts: 9

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Tinkster View Post
I'm not sure what you mean by "inherit". With chmod -R you can
apply permissions to all files & directories recursively - there's
nothing about inheritance in there. If your users create new files
the perms on the newly created files solely depend on the umask of
the user who creates a file, not on the perms of the directory it's
in. The only thing you can make "stick" to a directory is the group
ownership, which (the group ownership) will transfer to files created
in the directory.



Cheers,
Tink
Hey Tink,

I suppose what I mean by 'inherit' ( apologies , I'm primarily a Window$ admin ) is the application of a set of permissions from a parent folder to all its children. Say I have a folder called 'projects' , if that folder has permissions 777, is owned by user 'john' , with a group of 'finance' , then everything in that folder and beneath it will be owned by john with the same group , and will have 777 permissions. However , this isn't happening. For the most part , any files saved in the folder structure are okay , but for some reason some files don't. Using the illustration below..


----------------------/projects--------------------------------
---------------------------|----------------------------------
--------------------------------------------------------------
|----/1 ---------/2----------/3-------- /4---------/5---------|
|-----|-----------|-----------|----------|----------|--------|
|----/a-/b-------/c-/d-------/e-/f------/g/-/h-----/i/-/j------|

So , if I save a file in /projects/1/a , it will have the desired permissions of 777. If I save the same file in say , /projects/3/e , for some reason its saved with 775. Both files have identical owners, yet one is giving differing permissions to the other. Is there any way I can ensure that everything saved beneath /projects is saved with 777??

@ Markush ,

Yep running the command as root.
Cheers for the replies guys ..

KC

Last edited by kcommins; 01-08-2010 at 08:47 AM.
 
Old 01-08-2010, 12:37 PM   #5
markush
Senior Member
 
Registered: Apr 2007
Location: Germany
Distribution: Slackware
Posts: 3,970

Rep: Reputation: 848Reputation: 848Reputation: 848Reputation: 848Reputation: 848Reputation: 848Reputation: 848
Hello kcommins,

I have missunderstood your question, but here is the correct answer.

The effect of chmod -R in Linux is not what you expected. In Windows the inheritance means that all files which are copied into a directory inherit the permissions of the directory. In Linux this is not the case. chmod with the -R option acts only on those files which presently exist in the directory and it's subdirectories, but all files which are copied into the directory later will not inherit the permissions but keep their permissions from before copying.

Markus

EDIT:
Quote:
Is there any way I can ensure that everything saved beneath /projects is saved with 777??
this is how the fat32-filesystem handles permissions. You can save the files on a fat32-partition.

Last edited by markush; 01-08-2010 at 12:42 PM. Reason: added a remark
 
Old 01-08-2010, 03:36 PM   #6
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,978
Blog Entries: 11

Rep: Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879
Quote:
Originally Posted by kcommins View Post

----------------------/projects--------------------------------
---------------------------|----------------------------------
--------------------------------------------------------------
|----/1 ---------/2----------/3-------- /4---------/5---------|
|-----|-----------|-----------|----------|----------|--------|
|----/a-/b-------/c-/d-------/e-/f------/g/-/h-----/i/-/j------|

So , if I save a file in /projects/1/a , it will have the desired permissions of 777. If I save the same file in say , /projects/3/e , for some reason its saved with 775. Both files have identical owners, yet one is giving differing permissions to the other. Is there any way I can ensure that everything saved beneath /projects is saved with 777??
hmmmm ... this begs the question how you go about
"saving" a file there. If you have a pre-existing
file it will take its permissions & ownerships with
it if the file-system is a linux one. If you create
a file in e.g. vi and save it it should have ownerships
& permissions defined by the logged in user and his
umask setting. If you have a variation of the perms
of the same file depending on where you copy/move it
to I'd be most interested in hearing what the underlying
storage is.

Cheers,
Tink
 
Old 01-13-2010, 05:36 AM   #7
kcommins
LQ Newbie
 
Registered: Aug 2005
Posts: 9

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Tinkster View Post
hmmmm ... this begs the question how you go about
"saving" a file there. If you have a pre-existing
file it will take its permissions & ownerships with
it if the file-system is a linux one. If you create
a file in e.g. vi and save it it should have ownerships
& permissions defined by the logged in user and his
umask setting. If you have a variation of the perms
of the same file depending on where you copy/move it
to I'd be most interested in hearing what the underlying
storage is.

Cheers,
Tink
Thanks again for the replies guys. I suppose a bit more background information is probably in order to get to the bottom of this problem.

First of all , the machine details. SUSE 10.1 , kernel 2.6.16.13-4, with Samba 3.0.22-11. The machine is used as a graphics file server, servicing a variety of XP and RedHat workstation clients. Typically, the workflow is something like this , graphics files are generated by one department ( XP clients ), saved via samba shares onto the SUSE box and picked up there by the other department ( RedHat workstations ) for further processing. The Red Hat machines access the shares via NFS ( configuration is below ) , and the XP clients access the graphics server via samba ( config is also below ) .

To answer both questions ,

@Markus,

Thanks for your help, makes sense. I was previously under the impression that files saved or created within a directory structure would 'inherit' ( again , apologies for the windoze speak ) the permissions of the folder above it, obviously this isn't the case.

@Tink,

Thanks for your reply also. Files arrive from the two sources mentioned above , via samba from the XP clients and via NFS from the RedHat machines. The file system of the volume is XFS.



/etc/exports
-------------

/var/lib/samba/graphics *(rw,no_root_squash,sync)


/etc/samba/smb.conf
-------------------

[global]
domain logons = Yes
domain master = No
ldap admin dn = cn=************,dc=*********,dc=com
ldap delete dn = No
# ldap filter = (uid=%u)
ldap passwd sync = No
ldap replication sleep = 1000
ldap ssl = Start_tls
ldap suffix = dc=**********,dc=com
ldap timeout = 5
netbios name = **********
server string = %h (graphics)
wins support = no
wins server = ***********
passdb backend = ldapsam:ldap://********.*********.com smbpasswd
password server = *
security = domain
workgroup = ***********
map acl inherit = No
# cups options = raw
case sensitive = No
nis homedir = Yes
map system = No
map archive = No
map hidden = No
store dos attributes = Yes
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192


[graphics]
comment = Graphics projects folder - backed up!
inherit acls = Yes
path = /var/lib/samba/graphics
read only = No
force user = graadmin
force group = Graphics
# valid users = @Graphics, "@Domain Admins"
read only = No
create mask = 0777
force create mode = 0777
# force directory mask = 0777
directory mask = 0777
inherit permissions = Yes
veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/aquota*/desktop.ini/TheVolumeSettingsFolder/TheFindByContentFolder/Temporary Items/
 
Old 01-13-2010, 06:24 PM   #8
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,269

Rep: Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028
As Tinkster said, permissions (for new files) are set (in Linux) by using the umask of the user(!), nothing to do with the current dir/file settings on disk.
You can ctrl the group permissions to be inherited, but in your case I think you need to check that all Linux users have the correct/same umask setting.
 
Old 01-13-2010, 06:39 PM   #9
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,978
Blog Entries: 11

Rep: Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879
I guess one thing to consider would be to make the users with Linux machines
use samba as well, rather than NFS, which w/(sh)ould take care of perms.



Cheers,
Tink
 
Old 01-15-2010, 08:45 AM   #10
kcommins
LQ Newbie
 
Registered: Aug 2005
Posts: 9

Original Poster
Rep: Reputation: 0
Hi guys,

Thanks for the replies. I've set the umask as 0000, but still files are being set as saved as -rwxrwx---+. As this mask isn't having the desired effect , what is the correct mask I need to apply to ensure that all files are saved as 777?

With regards to using a samba set up , we've previously had it set up and while there were issues with it, it might be worth looking into again.

Also, you may be wondering why its essential that the files need to be saved with 777 permissions?? On the RedHat machines we have graphics manipulation software that takes in the files from the central graphics server via nfs shares. The user that the software ( Autodesk Flame visual effects ) runs under is perfectly able to manipulate the files via shell when they have the permissions -rwxrwx---+, but for some strange reason when the software attempts to manipulate the files its unable to do so, and is only able to view, copy or execute the files with 777 perms. We've had many discussions with the software makers as to why this might be , and they're adamant that there is no issues with the software that may cause this.

Assuming they are telling the truth and their software isn't to blame , why might a user behave in two completely different ways ?( ie not work via the software and work via the shell )

KC
 
Old 01-17-2010, 06:33 PM   #11
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,269

Rep: Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028Reputation: 2028
Following on from Tinkster re having all clients use the same access SW, another option is to get SFU on the XP systems so that all clients can access via NFS.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Script Not Inheriting Environment Variables Woodsman Slackware 12 01-07-2010 04:35 PM
permissions not inheriting to subdirectories/files pridefc Linux - Security 4 12-11-2006 12:21 AM
Inheriting file permissions Hardip Linux - Security 4 07-02-2006 11:56 PM
inheriting permissions steve007 Linux - Security 3 07-05-2005 11:09 PM
Inheriting a network adminís job wedgeworth Linux - Software 1 10-10-2003 04:08 PM


All times are GMT -5. The time now is 09:30 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration