[SOLVED] file permissions

hopeless_n00b · 10-27-2016, 11:35 AM

Let me be user_A who executes:

> sudo -u user_B rm /home/user_B/foo
> sudo -u user_B touch /home/user_B/foo

All seemingly works well; the file is created as evidenced by

> sudo -u user_B ls -l /home/user_B/foo
-rw------- 1 user_B user_B 0 Oct 27 14:52 /home/user_B/foo

The question is: How can I make it happen (assuming I have root access) that when /home/user_B/foo is created, the user_B group automagically has read and write permissions... i.e., the following would happen

> sudo -u user_B ls -l /home/user_B/foo
-rw-rw---- 1 user_B user_B 0 Oct 27 14:52 /home/user_B/foo

Habitual · 10-27-2016, 01:05 PM

Maybe tell us what you are willing to do?

Turbocapitalist · 10-27-2016, 01:14 PM

I wrote up something similar to this in a blog post, https://www.linuxquestions.org/quest...e-users-37043/

How close does that get you to your goal? The changes there apply only to the directories you choose and then only the users in the designated group would get write access, not all of the users.

hopeless_n00b · 10-27-2016, 02:13 PM

I figured out how to edit my question, and so moved the revision (which was here) to the top so that people reading the post would have a more accurate idea of my issue.

Upon following the link in the third post above, I came to appreciate that when user_A executes

> sudo -u user_B touch /home/user_B/foo

it is the umask of user_A that has an influence on the result: if the umask of user_A is 0000 then

> sudo -u user_B ls -l /home/user_B/foo
-rw-r----- 1 user_B user_B 0 Oct 27 14:52 /home/user_B/foo

I remain mystified as to why write access is denied the user_B group (by the way, I did chmod g+s on directories as advised).

Moreover, User_A does not wish to have umask 0000 . Is there a way around that without Access control lists?

Turbocapitalist · 10-27-2016, 02:16 PM

Quote:

Originally Posted by hopeless_n00b

The question is: How can I make it happen (assuming I have root access) that when /home/user_B/foo is created, the user_B group automagically has read and write permissions... i.e., the following would happen

> sudo -u user_B ls -l /home/user_B/foo
-rw-rw---- 1 user_B user_B 0 Oct 27 14:52 /home/user_B/foo

The gist is that you set the setGID bit for that directory and that the directory is using a group that user_B is a member of. But depending on your umask, you might have to do other tricks. Try the link in #3 above.

BW-userx · 10-27-2016, 03:51 PM

Quote:

Originally Posted by Habitual

Maybe tell us what you are willing to do?

what he is willing to do?

what you got in mind. yo?

hopeless_n00b · 10-27-2016, 04:21 PM

I'm trying to do that which is described in the top post

hopeless_n00b · 10-27-2016, 05:00 PM

O.K., user_A can have whatever umask wanted, but have it temporarily set to 0000 as follows

> ( umask 0000 ; sudo -u user_B touch /home/user_B/foo )

When the above command finishes the umask for user_A is unchanged, and

> sudo -u user_B ls -l /home/user_B/foo
-rw-r--r-- 1 user_B user_B 0 Oct 27 17:53 /home/user_B/foo

So I almost have a solution... But how can I automagicaly get write permission for the user_B group ?

hopeless_n00b · 10-27-2016, 05:55 PM

FINALLY !!!

The following succeeds:

> ( umask 0000 ; sudo -u ff -- sh -c '( umask 0000 ; touch /home/ff/foo )' )

Thanks to Turbocapitalist who got me thinking in the right direction

Turbocapitalist · 10-27-2016, 10:23 PM

Quote:

Originally Posted by hopeless_n00b

> ( umask 0000 ; sudo -u ff -- sh -c '( umask 0000 ; touch /home/ff/foo )' )

That'll give write access to everybody, not just those in your group. Setting the umask is only incidental to using the right group name and using the SetGID bit. If you do set it, it might be 0002 or something. It is the group and SetGID bit that do the work here.