LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Desktop
User Name
Password
Linux - Desktop This forum is for the discussion of all Linux Software used in a desktop context.

Notices


Reply
  Search this Thread
Old 11-08-2009, 05:09 AM   #16
S.Lowhand
LQ Newbie
 
Registered: Jul 2009
Posts: 14

Rep: Reputation: 0

Quote:
Originally Posted by mattydee View Post
Hi S.Lowhand,

EDIT: I may have misunderstood your question. If you want all this to happen by default when you create a new user, then you would probably want to modify the adduser script, which is probably located in /usr/sbin/
mattydee,

I wasn't being very clear...

I was trying to find a way to automate the process of setting 'Proper' permissions on my box whenever a new account is created.

People sometimes ask me to help them with computer related issues and I always suggest they just install Ubuntu and be done with Windows. If they subsequently find out about the odd default permissions I feel they will lose confidence in Linux in general.

Sadly I'm not sufficiently versed in Linux to work these things out for myself, yet :-)

Can you help me along the way to modifying the aduser script, anyone? I actually thought solving my issue relied on ACL as well...?

Slow
 
Old 11-08-2009, 07:55 AM   #17
mattydee
Member
 
Registered: Dec 2006
Location: Vancouver, BC
Distribution: Debian,Ubuntu,Slackware
Posts: 479

Original Poster
Rep: Reputation: 48
Quote:
Originally Posted by S.Lowhand View Post
mattydee,
Can you help me along the way to modifying the aduser script, anyone? I actually thought solving my issue relied on ACL as well...?
Slow
It looks like Ubuntu uses the adduser script as well:
https://help.ubuntu.com/8.04/serverg...anagement.html

EDIT:
It looks like what you need is in /etc/adduser.conf

Change the line
DIR_MODE=0755
to
DIR_MODE=0700
or something similar

Last edited by mattydee; 11-08-2009 at 08:00 AM.
 
Old 11-09-2009, 02:12 AM   #18
mwildam
Member
 
Registered: Sep 2006
Location: Vienna, Austria
Distribution: Fedora 13, Ubuntu 10.04
Posts: 52

Rep: Reputation: 15
Quote:
Originally Posted by S.Lowhand View Post
Can you help me? I'm a bit of a Ubuntu evangelist and don't want a prospective Windows convert to think I'm nuts for recommending an OS which has such odd defaults.
At least Fedora 9 (which is not the current version) has the same default permissions as Ubuntu.

I am not sure if this is really a bad default. At least it is the most secure default to avoid accidentally publishing unwanted data to others.

There are features at least on Ubuntu at the Gnome desktop for easy folder sharing - however I did not test so far, what is done behind the scenes on the permission level when I do this.
 
Old 11-09-2009, 02:43 AM   #19
S.Lowhand
LQ Newbie
 
Registered: Jul 2009
Posts: 14

Rep: Reputation: 0
Quote:
Originally Posted by mattydee View Post
It looks like Ubuntu uses the adduser script as well:
https://help.ubuntu.com/8.04/serverg...anagement.html

EDIT:
It looks like what you need is in /etc/adduser.conf

Change the line
DIR_MODE=0755
to
DIR_MODE=0700
or something similar
mattydee,

As I say, I'm a total newb here but won't this approach kill 'Sharing'?

I was hoping we might be able to come up with an elegant solution to end up with OSX-like final setup.

It's probably a fiddly process otherwise someone would have done it ages ago... :-)

S
 
Old 11-09-2009, 02:46 AM   #20
S.Lowhand
LQ Newbie
 
Registered: Jul 2009
Posts: 14

Rep: Reputation: 0
Quote:
Originally Posted by mwildam View Post
At least Fedora 9 (which is not the current version) has the same default permissions as Ubuntu.

I am not sure if this is really a bad default. At least it is the most secure default to avoid accidentally publishing unwanted data to others.
mwildam,

You're making me think I have completely misunderstood the defaults...

I was under the impression the default permissions for a newly created account was that everything is world-readable. No?

In which case, how does it prevent me from 'accidentally publishing unwanted data to others'?

S
 
Old 11-09-2009, 03:06 AM   #21
mwildam
Member
 
Registered: Sep 2006
Location: Vienna, Austria
Distribution: Fedora 13, Ubuntu 10.04
Posts: 52

Rep: Reputation: 15
Quote:
Originally Posted by S.Lowhand View Post
I was under the impression the default permissions for a newly created account was that everything is world-readable. No?

In which case, how does it prevent me from 'accidentally publishing unwanted data to others'?
Sorry, you are completely right!
I spent a lot of time at the weekend installing a server and managing security and I somehow was (after too less sleep) still thinking about that. Sorry for the confusion!

I mean the default is not so bad because by default it is ensured that nobody is modifying data you created.
 
Old 11-09-2009, 12:29 PM   #22
mattydee
Member
 
Registered: Dec 2006
Location: Vancouver, BC
Distribution: Debian,Ubuntu,Slackware
Posts: 479

Original Poster
Rep: Reputation: 48
S.Lowhand:

Not that I don't want to help you, but since you need help with a custom Ubuntu setup, something that's completely unrelated to the thread topic, why don't you start another thread and link to it here. I will try to answer your questions there and it will also probably get more exposure.
 
Old 11-10-2009, 02:53 AM   #23
S.Lowhand
LQ Newbie
 
Registered: Jul 2009
Posts: 14

Rep: Reputation: 0
Quote:
Originally Posted by mattydee View Post
S.Lowhand:

Not that I don't want to help you, but since you need help with a custom Ubuntu setup, something that's completely unrelated to the thread topic, why don't you start another thread and link to it here. I will try to answer your questions there and it will also probably get more exposure.
mattydee,

Shows what a Newb I am that I thought my issue was related to your original thread... :-)

I started a new thread here:
http://www.linuxquestions.org/questi...2/#post3751309

Really appreciate any help you can give

Slow
 
Old 03-29-2010, 11:10 AM   #24
kvmreddy
LQ Newbie
 
Registered: Aug 2009
Posts: 15

Rep: Reputation: 3
It is difficult to inherit parent directory permissions without using
ACLs, but there is a way to mitigate this problem, Check bellow link.
Can you inherit parent directory permissions
 
Old 03-29-2010, 11:14 AM   #25
kvmreddy
LQ Newbie
 
Registered: Aug 2009
Posts: 15

Rep: Reputation: 3
Check bellow link, It may help you
http://bashscript.blogspot.com/2010/...nd-shared.html
 
Old 10-15-2010, 10:09 AM   #26
mgrivas
LQ Newbie
 
Registered: Oct 2010
Posts: 3

Rep: Reputation: 1
Apply chmod g+s to all subdirs.

Thanks for the excellent tip.

My penny of thought :
You asked for
a recursive per-directory application of "chmod g+s " within /music

Well, here it is :
$ cd /music
$ find -type d -exec chmod g+s '{}' \s

Watch the '' and \ . They must be placed as-is for the "find" to work properly.

Well, it may be a bit out-of-date, but better late than never, right ?
 
1 members found this post helpful.
Old 03-18-2011, 11:18 AM   #27
hb.johnallen
LQ Newbie
 
Registered: Mar 2011
Posts: 1

Rep: Reputation: 0
I am having the similar problem

Hello mattydee,

I have tried your given solution, But I didn't got 100% success in the same.

Actually, I am trying to create files from Web browser using PHP Script or something. It created with same user / group.
But not the permission.

Could you please help me out, How to resolved that.

Thanks.
 
Old 03-23-2011, 05:25 AM   #28
lakshone
LQ Newbie
 
Registered: Mar 2011
Posts: 1

Rep: Reputation: 0
Hi......

Nice post, solved my problem but one more thing ... if i try to delete from ftp account some file and directory. i can't do that. my ftp user are test user.

how i do that.. any suggesting.

Thanks
Laksh
 
Old 06-01-2011, 02:58 PM   #29
schlabs
Member
 
Registered: Aug 2007
Posts: 33

Rep: Reputation: 3
Quote:
Originally Posted by mattydee View Post
I've been trying to do this for a while, but I haven't found much info on this so I had to put the pieces together myself, so to speak. In essence, I want to change the umask for only one folder, which you can't really do with umask... This is the only way AFAIK to achieve this. Please let me know if there is a simpler way.

Here is my objective:

I have a folder which I want to share with rw permissions for a selected group of users. Let's say the folder is /music and I want to share it with the group media. What we want is not only having users accessing files in /music with rw access, but also to ensure that all files created in /music will have ownership username:media and permissions -rw-rw-r-- .

To achieve this, we will use two tools:
1) GID
2) ACL (man acl)

GID
Lets assume the /music directory has the following permissions:
Code:
drwxrwxr-x	root media
By setting the GID on the directory /music , files created within this directory will have the same group as the /music directory. For example, normally we would expect a newly created file to have the following ownership:
Code:
-rw-r--r--  1 matty users       0 2007-12-06 22:46 newfile
If we set the GID of /music :
Code:
chmod g+s /music
Now, newly created files in /music will have the following ownership:
Code:
-rw-r--r--  1 matty media       0 2007-12-06 22:46 newfile
We are one step closer but what we actually want is:
Code:
-rw-rw-r--  1 matty media       0 2007-12-06 22:46 newfile
so that other users in the group media will be able to modify/delete the file.

ACL

ACL is included in the default Slackware install (for Ubuntu sudo apt-get install acl should do the trick). To "activate" it, you simply have to remount the drive with the acl option.

My fstab looks something like this (modify yours appropriately - don't mess it up!):
Code:
/dev/hdb1        /music          ext3        defaults,acl     1   2
I have used ACL with reiserfs and ext3. I'm not sure how it works with others. Also, it seems that you don't have to specify acl in the options for xfs partitions.

Now remount the drive for it to take effect:
Code:
mount -o remount /music
We can now use ACL to create default permissions for for newly created files in /music
Code:
setfacl -d -m g::rwx /music
setfacl -d -m o::rx /music
Check the new permissions:
Code:
getfacl /music
The output should look something like this:
Code:
# file: /music
# owner: matty
# group: media
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:other::r-x
We're done. For those who prefer a GUI, you can execute the steps outlined above using Konqueror. Right click -> permissions -> advanced permissions. Mess around with those options at you leisure.

Now, when we create a new file in /music :
Code:
touch newfile
ls -l newfile
Gives us:
Code:
-rw-rw-r--+  1 matty media       0 2007-12-06 22:46 newfile
The plus sign is to indicate ACL attributes are in effect on the file.

Newly created folders in /music should have:
Code:
drwxrwsr-x+ 2 matty media 48 2007-12-06 23:15 newfolder/
Applying this idea to an already existing messy /music folder with subdirectories.

Before you do this as root in a valuable folder, its probably a good idea to practice as user in a not so valuable folder in your home directory to avoid potentially disastrous mistakes. Before using chmod and chown with -R as root, think carefully...

Set GID as described above:
Code:
chown -R :media /music
chmod 775 music
chmod g+s /music
ls -ld music should give us
Code:
drwxrwsr-x   3 matty media
*** find a way to set the g+s on all subdirectories ***
This is pretty straight forward using konqueror. Select all the directories and right click, permissions, and advanced permissions.
From the command line: ???

We can apply acl recursively:
Code:
setfacl -R -d -m g::rwx -m o::rx /music
This creates the default rules for newly created files/dirs within the /music directory and subdirectories.

If the original files in there were created with a "standard" umask, most of them will have permissions similar to:
Code:
-rw-r--r--
drwx-r-xr-x
Assuming this is the case, we can fix this with
Code:
chmod -R g+w /music
That should do it.
Your files in /music should now be group (media) writeable. New files will be created with group media and be group writeable as well.
Was perfect for me. Thank you
 
1 members found this post helpful.
Old 10-30-2016, 09:55 PM   #30
xode
Member
 
Registered: Aug 2003
Distribution: Mandrake 9.0; FC4; FC8; SUSE 10.3; SUSE 12.1; SUSE 13.2
Posts: 626
Blog Entries: 1

Rep: Reputation: 49
Quote:
Originally Posted by mattydee View Post
I've been trying to do this for a while, but I haven't found much info on this so I had to put the pieces together myself, so to speak. In essence, I want to change the umask for only one folder, which you can't really do with umask... This is the only way AFAIK to achieve this. Please let me know if there is a simpler way.

Here is my objective:

I have a folder which I want to share with rw permissions for a selected group of users. Let's say the folder is /music and I want to share it with the group media. What we want is not only having users accessing files in /music with rw access, but also to ensure that all files created in /music will have ownership username:media and permissions -rw-rw-r-- .

To achieve this, we will use two tools:
1) GID
2) ACL (man acl)

GID
Lets assume the /music directory has the following permissions:
Code:
drwxrwxr-x	root media
By setting the GID on the directory /music , files created within this directory will have the same group as the /music directory. For example, normally we would expect a newly created file to have the following ownership:
Code:
-rw-r--r--  1 matty users       0 2007-12-06 22:46 newfile
If we set the GID of /music :
Code:
chmod g+s /music
Now, newly created files in /music will have the following ownership:
Code:
-rw-r--r--  1 matty media       0 2007-12-06 22:46 newfile
We are one step closer but what we actually want is:
Code:
-rw-rw-r--  1 matty media       0 2007-12-06 22:46 newfile
so that other users in the group media will be able to modify/delete the file.

ACL

ACL is included in the default Slackware install (for Ubuntu sudo apt-get install acl should do the trick). To "activate" it, you simply have to remount the drive with the acl option.

My fstab looks something like this (modify yours appropriately - don't mess it up!):
Code:
/dev/hdb1        /music          ext3        defaults,acl     1   2
I have used ACL with reiserfs and ext3. I'm not sure how it works with others. Also, it seems that you don't have to specify acl in the options for xfs partitions.

Now remount the drive for it to take effect:
Code:
mount -o remount /music
We can now use ACL to create default permissions for for newly created files in /music
Code:
setfacl -d -m g::rwx /music
setfacl -d -m o::rx /music
Check the new permissions:
Code:
getfacl /music
The output should look something like this:
Code:
# file: /music
# owner: matty
# group: media
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:other::r-x
We're done. For those who prefer a GUI, you can execute the steps outlined above using Konqueror. Right click -> permissions -> advanced permissions. Mess around with those options at you leisure.

Now, when we create a new file in /music :
Code:
touch newfile
ls -l newfile
Gives us:
Code:
-rw-rw-r--+  1 matty media       0 2007-12-06 22:46 newfile
The plus sign is to indicate ACL attributes are in effect on the file.

Newly created folders in /music should have:
Code:
drwxrwsr-x+ 2 matty media 48 2007-12-06 23:15 newfolder/
Applying this idea to an already existing messy /music folder with subdirectories.

Before you do this as root in a valuable folder, its probably a good idea to practice as user in a not so valuable folder in your home directory to avoid potentially disastrous mistakes. Before using chmod and chown with -R as root, think carefully...

Set GID as described above:
Code:
chown -R :media /music
chmod 775 music
chmod g+s /music
ls -ld music should give us
Code:
drwxrwsr-x   3 matty media
*** find a way to set the g+s on all subdirectories ***
This is pretty straight forward using konqueror. Select all the directories and right click, permissions, and advanced permissions.
From the command line: ???

We can apply acl recursively:
Code:
setfacl -R -d -m g::rwx -m o::rx /music
This creates the default rules for newly created files/dirs within the /music directory and subdirectories.

If the original files in there were created with a "standard" umask, most of them will have permissions similar to:
Code:
-rw-r--r--
drwx-r-xr-x
Assuming this is the case, we can fix this with
Code:
chmod -R g+w /music
That should do it.
Your files in /music should now be group (media) writeable. New files will be created with group media and be group writeable as well.
This was part of a workaround solution to an ugly problem in openSUSE 13.2 as shown at http://www.linuxquestions.org/questi...on-4175584608/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Automatically set permissions of new files created within a specific folder Lorian Linux - Desktop 2 03-03-2007 03:17 PM
Default permissions of files and folder maginotjr Slackware 2 07-29-2005 03:52 AM
How to set permissions for newly created dirs? z-vet Linux - General 2 12-04-2004 08:06 AM
permissions for newly created files dialbat Linux - General 2 10-04-2004 02:58 PM
default files and folder acl permissions Baltasar Fedora 4 08-30-2004 12:50 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Desktop

All times are GMT -5. The time now is 09:19 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration