LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 04-26-2011, 08:46 AM   #1
Toushi
LQ Newbie
 
Registered: Apr 2011
Posts: 18

Rep: Reputation: 0
Can not inherit the permission from parent folder to child.


Hello Experts!
I have setgid permission on my home directory (/home/XXXX) the permission look like below.
Code:
drwxrws---  2 toshi   jadu      4096 Apr 26 16:54 getset
If I create new directory in this getset folder the permission of getset folder could not inherit.
Code:
#cd getset
#mkdir test2
#ls |grep test2
drwxr-s---  2 toshi jadu 4096 Apr 26 16:56 test2
As I know the setgid utility allow to inherit the permission from parent directory to child directory.
Could please someone help me to find out the root cause of this and how to solve it?

Regards
Toushi

Last edited by XavierP; 04-26-2011 at 09:28 AM. Reason: Moved to Linux-General
 
Old 04-26-2011, 12:57 PM   #2
jason_not
Member
 
Registered: Aug 2010
Location: Beaverton, Oregon, USA
Distribution: Pfsense, Ubuntu, Centos, Fedora, Redhat, Scientfic, MacOS
Posts: 76

Rep: Reputation: 19
Hello Toushi,

The setgid bit on the directory only affects the group permissions, and means two things:

1) Any files created under that directory inherits the group ownership.
2) Any directories created under that directory inherit the setgid bit, AND the group ownership.

There is no other effect. Any mode, other than group ownership is controlled by the umask at the time of file/directory creation.

The user's ownership is controlled by the user creating the file or directory.

-------

I use this system under web directories for instance:

I set all of the directories as setgid, group www-data. I set the other permissions as --- to keep anyone else out.

I add all users that need access to this directory to the www-data group.

That way, any proper user ought to be able to edit files under this directory. Any new files will automatically be owned by the correct apache user.

--jason
 
Old 04-27-2011, 07:12 AM   #3
Toushi
LQ Newbie
 
Registered: Apr 2011
Posts: 18

Original Poster
Rep: Reputation: 0
Smile

Hello Jason!

Thanks for the reply!
Now I understand the setgid will not help me in my issue.

Is there any other option to inherit the permission from Parent folder to child folder?
I do not want to use umask it will breach the security.

Example:-

userA and userB are belongs to db1 group.

There is one folder (/tmp/data) has been shared for all user belongs to db1 group.

Permission on share folder is:-


drwxrwx--- 2 userA db1 4096 Apr 26 16:54 data

Now userB or userA want to create folder 'Details' in /tmp/data
And the permission of 'Details' folder should be same as data.

Q. Whenever member of group db1 create a folder under /tmp/data the permission should inherit from parent directory (data)by default.

Could you please suggest on it?

Thanks in advance!

Regards,
Toushi

Last edited by Toushi; 04-27-2011 at 07:16 AM.
 
Old 04-27-2011, 01:06 PM   #4
jason_not
Member
 
Registered: Aug 2010
Location: Beaverton, Oregon, USA
Distribution: Pfsense, Ubuntu, Centos, Fedora, Redhat, Scientfic, MacOS
Posts: 76

Rep: Reputation: 19
Hello Toushi,

Actually, the setgid bit may do exactly what you want, you just have to remember it only controls the group of any subdirectories or files. If you are looking for a way to force the permissions merely as a result of the working directory, I don't think it's possible under unix style permissions.

I think you might be able to simulate it though, and fallback on a cron job to set group permissions recursively.

This may be a good place to look at the system-wide shell script setups. For instance, I might define a shell function in the system's bashrc like:

Quote:
db1 () {
OLDUMASK=umask
umask <new umask>
newgrp db1
umask $OLDUMASK

}
This way, each user will inherit this shell function, and in order to use it simply types "db1" at the prompt whenever they do work in the directory in question. I haven't fully tested this, and it does require user training. In fact, now that I thought of it, I will implement it on my systems soon.

--jason


Everything after this line is what I started to write about how files and directories are created under unix/linux. I left it in for information's sake.



Let's look at what happens when the setgid bit is NOT set on a directory. Files and directories will be created with the user and default group names of the users. But what is the default group id that each user is a member of? This is listed in field number 4 of the system's passwd file. It is also shown as "gid=" on the output of id -a.

The umask controls any default file and directory permissions by subtraction. the umask cannot be used to add permissions. Thus, if permission is granted, the file/directory is created with the ownership and default group id of the user. Directory permissions are generally set with 0777 - umask. Files are set with 0666 - umask.

There are two ways to change what group id is used upon file/directory creation: changing the group the user is operating under with the 'newgrp' command, or the setgid bit and group on the working directory. To tell the truth, I haven't used the 'newgrp' command before. The directory's setgid bit is a shorthand method of this.

Thus given the original permissions:

Quote:
drwxrwx--- 2 userA db1 4096 Apr 26 16:54 data
and set userA's umask to 0022, the Details directory will look something like this:

Quote:
drwxr-xr-x 2 userA <UserA_Group> 4096 Apr 26 16:54 Details
if userB's umask is 0002, the Details directory will look something like this:

Quote:
drwxrwxr-x 2 userB <UserB_Group> 4096 Apr 26 16:54 Details

Now when we set the gid bit on the /tmp/data directory, permissions will look like this:

Quote:
drwxrws--- 2 userA db1 4096 Apr 26 16:54 data
Given the above umask values for userA and userB, when userA makes the Details directory, it will look like this:

Quote:
drwxr-sr-x 2 userA db1 4096 Apr 26 16:54 Details
and if userB creates the Details dir:

Quote:
drwxrwsr-x 2 userB db1 4096 Apr 26 16:54 Details
Note that in order for userA to create files or directories writable by userB, userA will need to alter each permission as they are created, or change his/her umask.



--jason
 
1 members found this post helpful.
Old 04-28-2011, 06:15 AM   #5
Toushi
LQ Newbie
 
Registered: Apr 2011
Posts: 18

Original Poster
Rep: Reputation: 0
Hello jason,

Now I got it!

Thank you very much to helping me to solve this problem

Regards,
Toushi
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
inherit permissions of the parent directory in newly created file abhijit_mohanta Linux - Newbie 1 09-10-2009 06:45 PM
File descriptors shared between child and parent causing parent to hang. bharadiaam Linux - Newbie 1 03-02-2009 01:01 AM
automatically inherit parent folder permissions when copying files teixeira Linux - Newbie 3 07-08-2008 12:21 PM
Samba - Inherit Permissions from Parent Directory bence8810 Linux - Software 6 08-03-2006 06:33 AM
parent and child processes skora Programming 5 11-02-2003 10:41 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 09:21 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration