LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   Write permission to every user in ext4 (fstab) (https://www.linuxquestions.org/questions/linux-general-1/write-permission-to-every-user-in-ext4-fstab-831446/)

the98 09-10-2010 03:07 PM
Write permission to every user in ext4 (fstab)
 
Hi everybody, how are you?

I wanted to ask you one question. The thing is, I used to have 3 NTFS partitions which I've recently formatted into ext4 partitions. This are data partitions that are supposed to be read and written by every user (I have two users). The thing is that both users can read and write the partitions, but if user Carl creates a directory, user Lenny can't delete that directory, because that directory is owned by Carl. Of couse, as root I can change the permissions, but I don't want to do that every time.

When the partitions where NTFS, if either Carl or Lenny created a directory or file, the owner was immediately root, but both of them had all the permissions to modify things as they like. I wonder if there is something I can modify in /etc/fstab to make the partitions behave that way. I've read the mount man, but didn't find a solution.

Anyway, I'm open for suggestions.

Thanks.

suprstar 09-10-2010 03:28 PM
Check out the umask command. It's to set the initial permissions on all new files and directories.

umask u=rwx,g=rwx,o=rwx

would give everyone full permissions on all files created.

the98 09-10-2010 04:11 PM
I've tried with umask. I think it only works in FAT partitions. At least that's what it says in the man pages of mount.

When I try to do it with mount using -o umask I get:

mount: wrong fs type, bad option, bad superblock on /dev/sdb2,
missing codepage or helper program, or other error
In some cases useful info is found in syslog - try
dmesg | tail or so

GazL 09-10-2010 04:38 PM
You'll need to use a group and assign it to the directory they're going to share by setting SGID on it.

mkdir /shared
chown root:sharedg /shared
chmod u=rwx,g=rwxs,o=--- /shared

Add carl and lenny to group 'sharedg' and as long as they each use a umask of 007 when adding new files or directories you should be fine.

the98 09-11-2010 11:36 AM
I like the idea of having a shared group. I think umask doesn't work in ext4 partitions, does it work for you? How do you make it work?

I've investigated about SGID and I think I've solved it. This is what a I did:

1. Make sure the group name is set first on the directory.
2. Give the group write permission on the directory.
3. Issue the command chmod g+s directory_name

I've used group "plugdev", so...

# chgrp plugdev -R /media/Shared
# chmod g+rwxs -R /media/Shared

This is working for me (for now). However there's something weird. If a user creates a dir, if you list the properties you can see that the group does not have writing permissions, but the other user can modify the dir (erase, rename, etc). The only thing that makes it not that crazy is the "s" flag:

drwxr-sr-x 2 lenny plugdev 4096 sep 11 13:35 New Directory

Thanks for the help.

GazL 09-11-2010 08:02 PM
As you say, the umask= mount option doesn't work for ext filesystems, it's intended to be used in order to simulate permissions with non native filesystems like FAT that don't support the UNIX permissions system. What I was referring to is the 'umask' command (it's usually a shell builtin command, so if you look in the man page for bash you'll find a description, although a "man umask" will also provide some good background.

Setting a default umask is normally something that gets done in /etc/profile when you login.


As for the permissions not doing quite what you expect: it's best to think of it as the permissions controlling what you can do to the content of the thing the permissions are on. i.e.
The permissions on a file allow you to change the contents of a file, but file deletion and renaming are changes to a directory and not the file itself.

The permissions on a directory allow you to change the contents of the directory, i.e. what files are in it and their names.

If /dir1/file1 is read only, but /dir1 is read/write, then you won't be able to change the contents of file1 but you will be able to rename or delete file1! (However someone sneaky could cheat by creating a file1.new and then mv file1.new file1 to change the contents indirectly, so that's one to watch out for).

If /dir1 is read only, but /dir1/file1 is rw, then you won't be able to rename or delete file1 as both rename and delete are changes to the directory and not to the file.

The same concept applies to sub-directories.

BTW, Paul Sheer's rute tutorial is a good resource for this sort of stuff if you're not familiar with it.


Finally, I'd really recommend creating your own custom group for this purpose rather than reusing an existing group such as plugdev, which already has it's own defined purpose.


Hope you find some of that useful.

the98 09-12-2010 02:00 PM
You're right. I can't modify a file created by the another user. I've been playing around with umask, reading information, but I don't know how to make it work. I've tried a few things with umask, but it's like I don't do anything.

I think the problem would be simply solved if anything created in these partitions (directories and files) would have write permissions for group "partitions" automatically (I've changed plugdev for partitions). I'm guessing that's were umask enters...

So this the /etc/profile I've tried out.

Code:
# /etc/profile: system-wide .profile file for the Bourne shell (sh(1))
# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...).

if [ "`id -u`" -eq 0 ]; then
  PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
else
  PATH="/usr/local/bin:/usr/bin:/bin:/usr/games"
fi

if [ "$PS1" ]; then
  if [ "$BASH" ]; then
    PS1='\u@\h:\w\$ '
  else
    if [ "`id -u`" -eq 0 ]; then
      PS1='# '
    else
      PS1='$ '
    fi
  fi
fi

export PATH

#umask 022
umask u=rwx g=rwx o=r
I don't know if it's ok.

Thanks again!

GazL 09-12-2010 03:18 PM
I'm not aware of any way to force permissions on a per filesystem level like you can do with FAT mounts.

The users umask and SGID on the directory in combination with a specific group assigned for the purpose are the only way I know to do this sort of thing (outside of ACLs, which I avoid because they have a tendency to be hard to manage and get messy).

BTW, that umask you added is a bit dodgy as it lacks 'x' on others which may cause problems with directories.
u=rwx,g=rwx,o=rx (umask 002) is the more usual way of doing that.

the98 09-13-2010 09:28 AM
Ok, thanks for everything. You've been really helpful!

I'm going to investigate a little more if I can fix it and post the solution if that's the case.

If you find out anything, let me know.

Cheers.

GazL 09-13-2010 11:32 AM
You're welcome. Hope you find a satisfactory solution. Best of luck.

the98 09-14-2010 09:23 AM
Ok, so now it's working!

I've changed umask to 002 as you said. When I rebooted, everything was working as I hoped for.

So, what I did was...

1- Created a Group called partitions with: # addgroup partitions
2- Added both users to that group: # adduser USER partitions
3- Changed the group in the partitions I wanted: # chgrp partitions -R /media/Shared
4- Changed the permissions in these directories: # chmod g+rwxs -R /media/Shared
5- Finally edit /etc/profile and change umask value (022) with 002.

I consider this topic solved.

Thanks to everyone.

Cheers.


All times are GMT -5. The time now is 01:08 AM.