LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 06-05-2013, 12:55 AM   #1
astrogeek
Senior Member
 
Registered: Oct 2008
Distribution: Slackware: 12.1, 13.1, 14.1, 64-14.1, -current, FreeBSD-10
Posts: 1,669

Rep: Reputation: 579Reputation: 579Reputation: 579Reputation: 579Reputation: 579Reputation: 579
Any way to to force uid in shared directory? ACL?


I am setting up a machine to which several users have access via SSH and FTP.

I also have set up a user account and group to own a directory tree to which all the other users have shared access by group membership.

So far so good, works as expected.

But of course when a user, from their shell, saves a file to the shared directory, the file receives the uid of the user and gid of the group. I never thought of that as a problem.

But I have been asked by users to force all files saved in this directory to the uid of the shared directory owner instead of the login user. In other words, if 'andy' is the actual owner of the shared tree, and the group of the tree is 'thegroup', then when any member of 'thegroup' creates a file in the tree, the uid will be andy's uid.

I have looked around the net and all I find are Samba and ACL. Samba is not in the picture, so I have been reading up on ACL, but my tired brain is not really getting whether that will actually do what I want.

Has anyone done this, or know whether ACL is the right ticket?

All comments appreciated.
 
Old 06-05-2013, 02:07 AM   #2
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 5,194

Rep: Reputation: Disabled
You could use inotify to watch for the creation of files and change the file attributes after it has been created. This is an elegant solution and will be easy on your CPU and filesystem.
See http://en.positon.org/post/A-solutio...ce-permissions for an example of how to do this.

If you find a working solution, feel free to write a bit about it on docs.slackware.com .

Eric
 
2 members found this post helpful.
Old 06-05-2013, 02:27 AM   #3
astrogeek
Senior Member
 
Registered: Oct 2008
Distribution: Slackware: 12.1, 13.1, 14.1, 64-14.1, -current, FreeBSD-10
Posts: 1,669

Original Poster
Rep: Reputation: 579Reputation: 579Reputation: 579Reputation: 579Reputation: 579Reputation: 579
Quote:
Originally Posted by Alien Bob View Post
You could use inotify to watch for the creation of files and change the file attributes after it has been created. This is an elegant solution and will be easy on your CPU and filesystem.
See http://en.positon.org/post/A-solutio...ce-permissions for an example of how to do this.

If you find a working solution, feel free to write a bit about it on docs.slackware.com .

Eric
Thanks Eric! I was afraid I would have to go off to bed without any other suggestions.

I had thought of setting up a cron to watch it, but did not put it at the top of my list. The inotify approach looks simple enough - I'll let you know what I decide on.

Thanks for the invitation to docs.slackware.com, I'd be honored. I have hoped to become a contributor since the start, but [add excuse here...] - I'll see what I can do...
 
Old 06-08-2013, 04:25 AM   #4
SlackInstalled
LQ Newbie
 
Registered: Oct 2009
Location: Geldermalsen, The Netherlands
Distribution: Slackware 14.0
Posts: 21

Rep: Reputation: 2
Shared directories

I was looking for a solution for a same kind of problem and found the solution below
Had not time to to test it yet, but post it anyway

1. Create a local user with a home directory.

2. Use the mount --bind to mount every directory you want the user have acces to the users home directory
Example :
mount --bind /path/to/shared/directory /home/user/mount/point

Repeat this for every directory tou want the user have access to
Also if you want to have the user acces to the subdirectories also, use rbind instead of bind

3. If you want the user have for example only read only rights or have other UID etc remount the file system with the proper options
For example :
mount -o remount,ro,bind /home/user1/mount/point for read only access (or rbind when using that)

If you chroot the user in his home directory , no access to other parts of the file system are possible
 
Old 07-05-2013, 04:01 AM   #5
astrogeek
Senior Member
 
Registered: Oct 2008
Distribution: Slackware: 12.1, 13.1, 14.1, 64-14.1, -current, FreeBSD-10
Posts: 1,669

Original Poster
Rep: Reputation: 579Reputation: 579Reputation: 579Reputation: 579Reputation: 579Reputation: 579
Inotify start script

Following Eric's links I was able to learn a few new things - and create a short script that allows me to do what I wanted and more!

I have written it into a single init script and am now using it on the system which started this line of thought.

Anyone interested please download, read the configuration notes to set it up, and offer improvements or comments! But this is my first time to share one of my own scripts with others, so please be kind!

You can download a tarball (single file) here.

A brief description follows:

What it does

It uses inotify to monitor a directory tree for filesystem events. This makes it very efficient, not a resource hog!

When a file is created or modified within the tree, it enforces ownership by a single user and group, and sets minimum default file permission level. (I have created a special owner/user with 002 UMASK, but this is not necessary).

This allows you to set up a directory tree owned by some user and group, where all group members have r/w access, as usual. But when a group member other than the directory owner creates a file, ownership is assigned to the directory owner, not the user creating the file.

Additionally, and optionally, it will enforce a configurable minimum access permission level for all files in the tree. For example, if you specify that owner and group members have at least r/w access in the tree, ug+rw, then if an attempt is made to change any file to read only, or no access for owner or group members, it will instead be set to r/w - minimum permission level.

It also enforces a default minimum permission level for new files, but respects 'excess' permissions. For example, the new default is ug+rw,o-wx, which restricts non-group members to read only access. But if you create a file outside the watched tree and assign r-w-x to all users, then the excess x for groups will be respected, but the x for others conflicts with the minimum level of -wx and will be changed to r only.

It is set up to be run as /etc/rc.d/rc.iwatch when added to /etc/rc.d/rc.local, so it should be always on. But in the event file ownership or permissions within the tree are changed while the script is not running, it will detect and correct those when next started.

It has the usual start, stop and restart options, plus a start-fg option to start it as a foreground process for testing from a shell and receiving output for all events.

Finally, it recognizes its own watched path for start and stop conditions, and will only start or stop the inotify process using the same path. This allows you to run more than one watch scripts on different trees at the same time, but without conflict.

I am running two, each with a filename suffix which reflects its use - the example I uploaded is one of those so change or remove the suffix to meet your needs.

Give it a try and let me know what you think!
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Automatically force all files in a directory to have the same UID/GID? fmillion Linux - General 3 04-23-2013 03:56 AM
i received the message: adding read ACL for uid 1000 to '/media/david' failed xtrick Linux - Newbie 8 03-07-2013 12:07 AM
[GlusterFS] Issue with users same uid when setting POSIX ACL 3storm Linux - Software 1 11-26-2012 09:05 PM
Slackware 14: "Adding read ACL for uid 1000, operation not permitted." (CONFIG_TMPFS_POSIX_ACL) urza Slackware 3 10-01-2012 08:49 AM
Why does the ACL of a file created under a directory differ from the default ACL sctebnt Linux - Security 5 12-02-2011 08:13 AM


All times are GMT -5. The time now is 06:13 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration