LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 09-13-2006, 12:53 AM   #1
Micro420
Senior Member
 
Registered: Aug 2003
Location: Berkeley, CA
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986

Rep: Reputation: 45
Trying to get permissions correct with Samba and SSH


I created a directory: /share

/share is being shared at my office with people in the "accounting" group vis Samba.
In the smb.conf file, I put create mask = 0770 and directory mask = 0770
FIne and Dandy! When users using Windows create and move files around, everyone in the Accounting group has permissions to the newly created folders and files.

I also want some users to be able to access this /share folder via ssh/sftp. I set up the respective users to have their home directory set to /share so that is the first place they are taken to when they SSH/SFTP in. The problem is that once they create folders or files, the permissions to the newly created files and folders are 750 RWXR-X---. This means that the group "accounting" cannot modify or delete these files. How do I have it so that files and folders will automatically be 770 (RWXRWX---) when a user modifies and creates folders via SSH/SFTP? Otherwise, I have to keep executing as root 'chmod -R 770 /share' and that is pretty annoying.

Last edited by Micro420; 09-13-2006 at 12:54 AM.
 
Old 09-13-2006, 01:26 AM   #2
odcheck
Member
 
Registered: Aug 2006
Distribution: Fedora, CentOS, RHEL, Debian
Posts: 978

Rep: Reputation: 30
chgrp -R accounting /share
this could do it.
 
Old 09-13-2006, 01:55 AM   #3
Micro420
Senior Member
 
Registered: Aug 2003
Location: Berkeley, CA
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986

Original Poster
Rep: Reputation: 45
Quote:
Originally Posted by odcheck
chgrp -R accounting /share
this could do it.
The thing is that this is effective at the moment. I would have to keep executing chgrp -R accounting /share when a user modifies or creates a new folder, and that would not be practical. I tested it and when I SSH and create a folder, it creates the folder, but gives it an automatic permission of RWXR-X---. This is not good. I need it to be RWXRWX--- so that all users in the accounting group can read, write, and execute

Is this something I am supposed edit in the /etc/fstab?

Last edited by Micro420; 09-13-2006 at 02:05 AM.
 
Old 09-13-2006, 02:01 AM   #4
SlackDaemon
Member
 
Registered: Mar 2006
Distribution: RedHat, Slackware, Experimenting with FreeBSD
Posts: 222

Rep: Reputation: 30
You can achive this using ACLs. If your kernel has ACL support built in for your particular type of filesystem, mount the necessary partition with he acl option.

mount -o remount,acl /share

Set the share folder with SGID and permission 770:

chmod 2770 /share

Set the ACL permissions for the group and others:

setfacl -m d:g:accounting:rwx /share
setfacl -m d: o::--- /share

Files will now be created as rw-rw---- and directories as rwxrwx---

Last edited by SlackDaemon; 09-13-2006 at 02:02 AM.
 
Old 09-13-2006, 02:31 AM   #5
Micro420
Senior Member
 
Registered: Aug 2003
Location: Berkeley, CA
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986

Original Poster
Rep: Reputation: 45
Thanks for the detailed post! It does, however, get a little more complicated. I failed to mention that within this /share folder, there are other subdirectories that each need to have their own permissions. Example, /share/accounting (accounting group), /share/design (designing group), /share/hr (human resources group), etc...

Can I specify the permissions with the ACL for each of those directories? My filesystem is ext3 and it has ACL support (Kubuntu 6.06). Lastly, if I do this on the current partition, will I lose my important data files messing around with this ACL settings?

Last edited by Micro420; 09-13-2006 at 03:20 AM.
 
Old 09-13-2006, 03:46 AM   #6
SlackDaemon
Member
 
Registered: Mar 2006
Distribution: RedHat, Slackware, Experimenting with FreeBSD
Posts: 222

Rep: Reputation: 30
Yes you may specify different group permissions for different groups using ACL. You can check the effective permissions for all groups with the getfacl command.

setfacl -m d:g:group1:rx /share/subfolder
setfacl -m d:g:group2:rwx /share/subfolder

getfacl /share/subfolder


There is no chance that you will lose data applying ACLs. It will only affect metadata.

Last edited by SlackDaemon; 09-14-2006 at 12:55 AM.
 
Old 09-13-2006, 06:12 AM   #7
PDock
Member
 
Registered: Aug 2004
Distribution: Slack10 & curr. tried numerous
Posts: 189

Rep: Reputation: 37
Quote:
Originally Posted by Micro420
I created a directory: /share


I also want some users to be able to access this /share folder via ssh/sftp. I set up the respective users to have their home directory set to /share so that is the first place they are taken to when they SSH/SFTP in.
Sounds like these are user accounts setup specifically for this one (SFTP) purpose. In that case try creating a .profile and setting the umask to 007.

In general read about umask and/or lumask for SFTP.
Disclaimer: Theory only have not tested what I wrote.
ppd
 
Old 09-13-2006, 10:49 PM   #8
Micro420
Senior Member
 
Registered: Aug 2003
Location: Berkeley, CA
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986

Original Poster
Rep: Reputation: 45
Thanks SlackDaemon and PDock. The ACL works, and so does the umask trick in the .bash_profile file.

The only problem is that I am having remote users connect with a commercial software called SecureShell for Windows. For some reason, it ignores umask, lumask, and the ACL that I create. This is okay as there is an option in the SSH SecureShell program to force permissions that I want. I guess the program just doesn't give a damn about local profiles and settings in Linux.

I did, however, learn about ACL's and umasks! Very helpful. Thank you very much!

Last edited by Micro420; 09-13-2006 at 10:54 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
automounting fat32 drive with correct permissions johannlo Linux - General 1 07-05-2005 08:37 PM
Vsftpd changes file permissions....how to correct? 88guy Linux - Software 1 05-25-2004 05:17 PM
Setting correct permissions for my ~/ ShadyCharacter Linux - General 2 04-14-2004 11:06 PM
What are the correct permissions for /etc? KingofBLASH Slackware 1 01-31-2004 08:56 PM
giving apache the correct permissions dflorence Linux - Newbie 3 11-06-2003 08:27 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 02:18 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration