groups and file/folder permissions
 

I'm a little confused here...

I have an few people who work on client folders. I want them to log into the server and edit files from there.

I have a www folder. The contents of this folder should be editable only by the staff group. If a user creates a file I want anyone in that group to automatically be able to edit that file. Do I have to do a manual chgrp on all of these files?

Inside the www folder I have a folder called clients. I want anybody who is a member of the authors group to be able to edit these files. If a user creates a file in the clients folder any other user who is a member of that group should automatically be able to edit the file as well.

I know this sounds goofy, but I seem to be having a hell of a time getting this simple permissions stuff working...

gr...

#

Sticky bit mode: After execution of a job, the command is kept in the system memory. Originally this was a feature used a lot to save memory: big jobs are loaded into memory only once. But these days memory is inexpensive and there are better techniques to manage it, so it is not used anymore for its optimizing capabilities on single files. When applied to an entire directory, however, the sticky bit has a different meaning. In that case, a user can only change files in this directory when she is the user owner of the file or when the file has appropriate permissions. This feature is used on directories like /var/tmp, that have to be accessible for everyone, but where it is not appropriate for users to change or delete each other's data. The sticky bit is indicated by a t at the end of the file permission field:

but I want everyone in the group 'authors' to be able to edit the contents of ...../www/clients, no matter who created the file

and only members of staff to be able to edit the contents ......./www, no matter who creates the file

try this -i'm not sure though..

make users who you want to edit the files belong to one group - "authors"...
they will have write privillege

drwxrw-r-x users:authors /www/clients
drwxr-xr-x root:root /www

that doesn't quite work as well, with the sticky bit set or not a file created by a member of the staff group in the www folder is not editable by anyone else in that group still

same problem goes for the clients folder

the only way that I can make it editable by anybody in that group is to chgrp or chmod it - the file is still not erasable by anyone even in that case

check previous post -it's modified

I'm not sure if I'm answering your question here but:

chgrp staff /www <-- makes /www owned by the group "staff"
chmod g+w /www <-- makes /www writable by the group
chmog o-w /www <-- makes it read-only by the rest of the world

chgrp authors /www/clients <-- makes /www/clients owned by the group "authors"
chmod g+w /www/clients <-- makes /www/clients writable by the group.


The other two things you should verify are:

1. Your groups are set up correctly (/etc/group)
2. You're umask is set correctly (most likely /etc/bashrc if you're using bash)

Hope some of that helped...


-fudam

Sounds like a umask issue. Can you show me the ls -l of the directory? Also type in touch hello and then send the the ls -l of that too.

LOL! Hey look, we have a similar question that I recently asked

http://www.linuxquestions.org/questi...d.php?t=482967

be careful about playing around with the ACL that the other person mentions. I tested it on my /home directory and it kind of fudged up everything. Even rebooting is not giving the proper permissions, even though it'll say RWXRWXRWX and not give me access to my /home directory. Weird

I'm still trying to figure this out before I do it on my real production server.

okay, I think I understand what I need to do - though I'm not sure how to go about it quite yet!

When I create a user who is a member of the staff or authors group logs in .bashrc needs to fire off umask #### so that files are automatically created with permissions of rw-rw-r--

correct?

- on a side note
I realized that in the www folder I have a folder called includes which includes passwords for database connections. It seems that there is no way to not allow all users to read the contents of this folder without stopping apache and/or php from reading it as well, does that sound about right?

thanks!

I found this great page that should help us both. Will try this when I get home on my test server

http://www.cse.ohio-state.edu/sce/re...rectories.html

How about creating a special group with only the apache and php services that would be allow to read the password file for the database?

Right. Assuming you're using bash:

1. su to root
2. edit /etc/bashrc
3. Type in the following to make the umask of all standard users 002:
   
   Code:

   ---

   if [ $UID gt 99 ]; then
    umask 002
fi
4. Save the file and exit.
5. Log out, then log back in (or cheat by ssh'ing to yourself).
6. At command prompt (as a standard user now, not root) type in umask and you HOPEFULLY will get "0002"

   ---

Originally Posted by jon23d It seems that there is no way to not allow all users to read the contents of this folder without stopping apache and/or php from reading it as well, does that sound about right?