[SOLVED] Changing permissions for new files, but only for one directory
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Changing permissions for new files, but only for one directory
I have a customer requirement that is giving me a tough time. I have a shared volume between three servers (locally mounted to one and NFS mounted to the others). The two NFS mounted servers have the Xuser user reading and writing files into the shared directory. On the third server, there is user Yuser who is also reading and writing files in the directory. Sometimes files written by Yuser will be updated by files written by Xuser. Maybe vice versa, but not sure. Both users are in the same 'grp1' group with the same group id on all three servers. The Xuser and Yuser UIDs are different. Problem is, the umask for both users is 0022. New files created by both users have 755 permissions (o:rw,g:r,w:r) on each file created. Even though both users have write permissions to the directory, they don't have write permission to the files. We don't want to change the umask for the users, because that creates vulnerabilities for too many files in other directories. How do we change the directory such that any new file created in the directory has 664 permissions?
This is what we get when the two users create files. This is good everywhere except for within the problem directory.
-rw-r--r-- 1 Xuser grp1 0 Sep 18 20:11 Xuser_created
-rw-r--r-- 1 Yuser grp1 0 Sep 18 20:10 Yuser_created
This is what we want when the two users create files in the directory, but only in this directory:
-rw-rw-r-- 1 Xuser grp1 0 Sep 18 20:11 Xuser_created
-rw-rw-r-- 1 Yuser grp1 0 Sep 18 20:10 Yuser_created
They're both in the same group, you could change the umask to 0012. Yes, I realize you said you don't want to do that. There are some possibilities to use extended ACLs, but I don't know how to accomplish that as well as just changing the umask.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.