Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
09-13-2006, 01:53 AM
|
#1
|
Senior Member
Registered: Aug 2003
Location: Berkeley, CA
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986
Rep:
|
Trying to get permissions correct with Samba and SSH
I created a directory: /share
/share is being shared at my office with people in the "accounting" group vis Samba.
In the smb.conf file, I put create mask = 0770 and directory mask = 0770
FIne and Dandy! When users using Windows create and move files around, everyone in the Accounting group has permissions to the newly created folders and files.
I also want some users to be able to access this /share folder via ssh/sftp. I set up the respective users to have their home directory set to /share so that is the first place they are taken to when they SSH/SFTP in. The problem is that once they create folders or files, the permissions to the newly created files and folders are 750 RWXR-X---. This means that the group "accounting" cannot modify or delete these files. How do I have it so that files and folders will automatically be 770 (RWXRWX---) when a user modifies and creates folders via SSH/SFTP? Otherwise, I have to keep executing as root 'chmod -R 770 /share' and that is pretty annoying.
Last edited by Micro420; 09-13-2006 at 01:54 AM.
|
|
|
09-13-2006, 02:26 AM
|
#2
|
Member
Registered: Aug 2006
Distribution: Fedora, CentOS, RHEL, Debian
Posts: 978
Rep:
|
chgrp -R accounting /share
this could do it.
|
|
|
09-13-2006, 02:55 AM
|
#3
|
Senior Member
Registered: Aug 2003
Location: Berkeley, CA
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986
Original Poster
Rep:
|
Quote:
Originally Posted by odcheck
chgrp -R accounting /share
this could do it.
|
The thing is that this is effective at the moment. I would have to keep executing chgrp -R accounting /share when a user modifies or creates a new folder, and that would not be practical. I tested it and when I SSH and create a folder, it creates the folder, but gives it an automatic permission of RWXR-X---. This is not good. I need it to be RWXRWX--- so that all users in the accounting group can read, write, and execute
Is this something I am supposed edit in the /etc/fstab?
Last edited by Micro420; 09-13-2006 at 03:05 AM.
|
|
|
09-13-2006, 03:01 AM
|
#4
|
Member
Registered: Mar 2006
Distribution: RedHat, Slackware, Experimenting with FreeBSD
Posts: 222
Rep:
|
You can achive this using ACLs. If your kernel has ACL support built in for your particular type of filesystem, mount the necessary partition with he acl option.
mount -o remount,acl /share
Set the share folder with SGID and permission 770:
chmod 2770 /share
Set the ACL permissions for the group and others:
setfacl -m d:g:accounting:rwx /share
setfacl -m d: o::--- /share
Files will now be created as rw-rw---- and directories as rwxrwx---
Last edited by SlackDaemon; 09-13-2006 at 03:02 AM.
|
|
|
09-13-2006, 03:31 AM
|
#5
|
Senior Member
Registered: Aug 2003
Location: Berkeley, CA
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986
Original Poster
Rep:
|
Thanks for the detailed post! It does, however, get a little more complicated. I failed to mention that within this /share folder, there are other subdirectories that each need to have their own permissions. Example, /share/accounting (accounting group), /share/design (designing group), /share/hr (human resources group), etc...
Can I specify the permissions with the ACL for each of those directories? My filesystem is ext3 and it has ACL support (Kubuntu 6.06). Lastly, if I do this on the current partition, will I lose my important data files messing around with this ACL settings?
Last edited by Micro420; 09-13-2006 at 04:20 AM.
|
|
|
09-13-2006, 04:46 AM
|
#6
|
Member
Registered: Mar 2006
Distribution: RedHat, Slackware, Experimenting with FreeBSD
Posts: 222
Rep:
|
Yes you may specify different group permissions for different groups using ACL. You can check the effective permissions for all groups with the getfacl command.
setfacl -m d:g:group1:rx /share/subfolder
setfacl -m d:g:group2:rwx /share/subfolder
getfacl /share/subfolder
There is no chance that you will lose data applying ACLs. It will only affect metadata.
Last edited by SlackDaemon; 09-14-2006 at 01:55 AM.
|
|
|
09-13-2006, 07:12 AM
|
#7
|
Member
Registered: Aug 2004
Distribution: Slack10 & curr. tried numerous
Posts: 189
Rep:
|
Quote:
Originally Posted by Micro420
I created a directory: /share
I also want some users to be able to access this /share folder via ssh/sftp. I set up the respective users to have their home directory set to /share so that is the first place they are taken to when they SSH/SFTP in.
|
Sounds like these are user accounts setup specifically for this one (SFTP) purpose. In that case try creating a .profile and setting the umask to 007.
In general read about umask and/or lumask for SFTP.
Disclaimer: Theory only have not tested what I wrote.
ppd
|
|
|
09-13-2006, 11:49 PM
|
#8
|
Senior Member
Registered: Aug 2003
Location: Berkeley, CA
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986
Original Poster
Rep:
|
Thanks SlackDaemon and PDock. The ACL works, and so does the umask trick in the .bash_profile file.
The only problem is that I am having remote users connect with a commercial software called SecureShell for Windows. For some reason, it ignores umask, lumask, and the ACL that I create. This is okay as there is an option in the SSH SecureShell program to force permissions that I want. I guess the program just doesn't give a damn about local profiles and settings in Linux.
I did, however, learn about ACL's and umasks! Very helpful. Thank you very much!
Last edited by Micro420; 09-13-2006 at 11:54 PM.
|
|
|
All times are GMT -5. The time now is 08:40 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|