LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-03-2009, 11:24 AM   #1
fhd
LQ Newbie
 
Registered: Jan 2005
Posts: 22

Rep: Reputation: 15
Group write access for newly created files/directories without changing umask


Hi,

I have several directories, each owned by root and a group of the same name, like this:
Code:
drwxrwsr-x 2 root group1 4096 2009-04-03 18:10 group1
drwxrwsr-x 2 root group2 4096 2009-04-03 18:10 group2
drwxrwsr-x 2 root group3 4096 2009-04-03 18:10 group3
As you may have guessed, each user of group1, group2 or group3 should have write access to the respective directory.

By setting the sgid bit, I made sure that newly created files and directories are owned by the correct group, and that directories have the sgid bit set too.

Here goes my problem:
On each newly created directory or file, the permissions are set to 755. This is because this is the default umask, and I cannot change a users umask. I actually only want files created below a particular directory to have group write access, inheriting this behaviour to newly created directories properly.

I'm not on samba or NFS, I have to do this for SSH users.
The filesystem is ext3.

I started to fool around with ACLs, but couldn't find what I was looking for.

What do you think?

Last edited by fhd; 04-05-2009 at 05:31 AM. Reason: Didn't work
 
Old 04-04-2009, 06:45 AM   #2
Valery Reznic
ELF Statifier author
 
Registered: Oct 2007
Posts: 666

Rep: Reputation: 133Reputation: 133
Quote:
Originally Posted by fhd View Post
Hi,

I have several directories, each owned by root and a group of the same name, like this:
Code:
drwxrwsr-x 2 root group1 4096 2009-04-03 18:10 group1
drwxrwsr-x 2 root group2 4096 2009-04-03 18:10 group2
drwxrwsr-x 2 root group3 4096 2009-04-03 18:10 group3
As you may have guessed, each user of group1, group2 or group3 should have write access to the respective directory.

By setting the sgid bit, I made sure that newly created files and directories are owned by the correct group, and that directories have the sgid bit set too.

Here goes my problem:
On each newly created directory or file, the permissions are set to 755. This is because this is the default umask, and I cannot change a users umask. I actually only want files created below a particular directory to have group write access, inheriting this behaviour to newly created directories properly.

I'm not on samba or NFS, I have to do this for SSH users.
The filesystem is ext3.

I started to fool around with ACLs, but couldn't find what I was looking for.

What do you think?
If you can create directories owned by root why you can't change user umask ?

And what is purpose of those group-writable files ?
 
Old 04-04-2009, 07:02 AM   #3
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
It is up to the user creating a file to change the group write attribute.

You can use setfacl and create a default acl for the directory allowing write access for the group.

E.G.:
setfacl -m d:g:group1:rwx group1

Now a new file created in the group1/ directory will inherit the default group acl.
 
Old 04-05-2009, 05:28 AM   #4
fhd
LQ Newbie
 
Registered: Jan 2005
Posts: 22

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by jschiwal View Post
It is up to the user creating a file to change the group write attribute.

You can use setfacl and create a default acl for the directory allowing write access for the group.

E.G.:
setfacl -m d:g:group1:rwx group1

Now a new file created in the group1/ directory will inherit the default group acl.
Thank you very much, works like a charm!

Now I know that the "default" actually does something
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
lvm2 Newly created Volume Group lost after reboot seanikins Linux - Newbie 5 04-11-2010 12:55 PM
is there a way to check for newly created files without having to access the mount ignarus Linux - General 3 03-05-2008 04:01 AM
Trying to Add Users to Newly Created Group (Red Hat version) Linux_Enabled Red Hat 1 07-31-2007 10:13 PM
ProFTPD: Set umask so that directories are created with 'sticky bit' on. dutch2005 Linux - Software 1 09-06-2005 05:06 AM
Can we access the newly created files after dd if=hda6_last_mon_backup of=/dev/hda6 murugesan Linux - Software 0 03-29-2004 08:42 AM


All times are GMT -5. The time now is 11:51 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration