User permmissions and folder sharing

psychoholic · 05-06-2003, 01:00 PM

Hi all!

Once again I have a very easy linux question that I cannot solve

I have a folder called Shared at /home/shared. The system in question has 5 users. I need each of these users to read/write/edit and create files this folder.

To achieve this I created a seperate group called "people" which every user belongs to . The /home/shared folder was then set up with people as its owner and group. I then placed a link to this folder in everyones home folder.

People can access this folder. However if a single user writes a file to inside folder it gets there user permisisons. This means that others users cannot edit it.

I can only solve this problem by using konquerer and right clicking on the /home/shared folder and selcting apply "changes to subdirectories". It then goes down the branch and changes the files permission to the people group in both terms of owner and group.

I am thinking that I need to insert a "chmod" command into my startup script so when each user logs on this is done automatically.

Question is what would the command be and where script could I place it in?

I hope this makes sense. I at least hope someone can figure out what I am trying to do!

Unfortunatley I dont have access to this machine at the moment but will later. I'm remembering the problem from about a week or two ago. Forgive me if it doesn't make sense!

Thanks in advance

david_ross · 05-06-2003, 01:23 PM

You could put a script in each users .bash_profile but that would only be read when someone logged in. You may be better writing a cron job that recursively sets the permissions on the files every five minutes etc:
chown -R people /home/shared/*
chgrp -R people /home/shared/*
chgrp -R 660 /home/shared/*

tangle · 05-06-2003, 01:36 PM

Are these users connecting locually, by NFS or by Samba?

psychoholic · 05-06-2003, 03:55 PM

People log on to the machine locally. If that helps!

Thanks

Tom

Tinkster · 05-06-2003, 04:47 PM

It's a bit tricky ... the "proper" way from a security
point of view would be the cron job suggested above,
with the odd chance of someone trying to edit a
file that was written by someone else before cron
hit it ...

If you take good care of the subdirectory trees
permissions of the individual group members so
they can't list each others home for reading and
make their work-folders so they have different
names that are unknown to each other, you
could make people the default group for all
of them and change their umask to 002...

Cheers,
Tink

jeremy · 05-06-2003, 04:54 PM

If you set the sticky bit on the directory all files written to the directory will be owned to the same group as the directory. Proper umasks will do the rest.

--jeremy

psychoholic · 05-17-2003, 12:37 PM

Hi all,

I opted for the following placed in the .bash_profile in user home directory...

***
chown -R yp /home/Shared/*
chgrp -R users /home/Shared/*
chmod -R 660 /home/Shared
***

This sets the owner status of the files in this directory as YP which is a group everyone belongs to.

Also the group is set to "user"s which everyone belongs to.

However this works fine except one thing.

Some people can save files to the shared folder which other people cannot change the privelgies for.

For example I can log on as admin. This is an account which I use to adminsiter the computer. If I save a file into the shared folder during this session and log out it stays as having "admin "for owner and "admin" for group.

If some one else log in for example the "yp" account. When the script is run files cannot be changed as their is insufficent priveliges.

I think that the above script would be best run as root user which would solve the problem

I also tried putting the above inside the .bash_logout file which would solve the problem but this didn't work.

Any suggestions...

Thank in advance!

Tom

david_ross · 05-17-2003, 12:41 PM

Quote:

Originally posted by david_ross
You could put a script in each users .bash_profile but that would only be read when someone logged in. You may be better writing a cron job that recursively sets the permissions on the files every five minutes etc:
chown -R people /home/shared/*
chgrp -R people /home/shared/*
chgrp -R 660 /home/shared/*

Like I said before - put it in a script that is run as root by cron.

acid_kewpie · 05-17-2003, 01:01 PM

i really really would suggest doing it the way jeremy described... i.e. the correct way.

david_ross · 05-17-2003, 01:06 PM

Quote:

Originally posted by acid_kewpie
i really really would suggest doing it the way jeremy described... i.e. the correct way.

That is fine for the most part but it will not stop users changing the permissions on the files. Perhaps a combination is the best way to go.

david_ross · 05-17-2003, 01:11 PM

Oops - that's not entirely true - I never noticed you were giving yourself as the named owner!

psychoholic · 05-17-2003, 03:14 PM

Thanks for the speedy reply guys!

Ok I am going to admit it! I don't know what a sticky bit is or a umask or how to use them! I guess that might be the reason I choose the other method <grin>

Same with the cron job... <bigger grin>

I know I really should know this but I am an idiot! I guess I need to go away and look up sticky bits and umasks... and maybe cron for the 'other' method... unless anyone here wants to enlighten me

Thanks everyone for the pointers!

Tom