Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 11-02-2010, 04:06 PM   #1
Registered: Sep 2010
Posts: 46

Rep: Reputation: 7
How to setup file permissions for multiple groups/users that use Windows AND Linux

So, Ive been pounding my head on some File permissions in linux the last couple of days. I've found a solution that works and thought I'd share with everyone.

Ok so, heres my situation:

I have a remote directory shared over NFS called tech with perms set as 0750 and owner set to root:tech.
I have 2 groups: tech, and techAdmin. tech can read and execute within tech/. techAdmin can read, write, execute.
I have 4 users: user1, user2, user3, user4. user1 and user2 is a member of techAdmin, user3 and user4 are members of tech.

simple so far...but wait here's the problem. If user1 creates a file inside tech, user2 cant read or modify it because user1 owns it. Here's a few sites that reference this problem:,-umask-an...d27820947.html

Trying to fix this problem i found literally HUNDREDS of these thread and this same question posted EVERYWHERE. And every answer was the do it with umask. by changing EVERYONES umask in /etc/profile to 027 and create a cronjob that fixes all permissions to 0750 every minute. Changing a umask to 027 can be a dangerous thing and I would NOT recommend doing this...and seriously!?! making a crontab entry that recursively changes the perms to 0750 every 5 minutes on a multi terabyte file server This is BS. I aint doing that...

Here's how to do it.

#mkdir tech
#chown root:tech tech/
#chmod g+s tech/
#chmod 0750 tech/
#setfacl -d -m g:techAdmin:rwx tech/
#setfacl -m group:techadmin:rwx tech/ - not sure why this needed to be there as the above code I though would take care of it.  if anyone knows why, please post in the comments.
when you run getfacl tech, you should see:

# linux-host># getfacl tech
#file: tech/
# owner: root
# group: tech
# flags: -s-
BUT WAIT THERES MORE! This company uses Windows clients we need essentially the SAME setup for them too. This can be accomplished in SAMBA. Your smb.conf file tech share should look like this:

        comment = Tech department only
        inherit acls = Yes
        path = /mnt/tech
        guest ok = no
        browseable = yes
        create mask = 0750           #this forces all created documents to have 750 perms
        directory mask = 0750       #same for directories
        force group = tech              #this is so that all files written to the share will be set to "chgrp tech" if you dont do this only the user that created the file will have access to it.
        write list = @techAdmin     #only the group that has write privileges
        valid users = @tech
user1 and user2 can now log into Windows OR linux, create or modify existing files within the tech directory. user3 and user4 can also log into Windows OR linux, but only have read access...they cannot create, modify, delete.

I know theres room for improvement on this, and if anyone has a solution that worked for them, please share it for future googlers!


Last edited by unassassinable; 11-02-2010 at 10:23 PM. Reason: misinformation
Old 11-02-2010, 06:18 PM   #2
Senior Member
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 335Reputation: 335Reputation: 335Reputation: 335
Thank you.
Old 11-02-2010, 07:35 PM   #3
Registered: Sep 2010
Posts: 46

Original Poster
Rep: Reputation: 7
Yup! if you found this helpful, dont forget to click rep

Old 11-02-2010, 08:40 PM   #4
LQ Newbie
Registered: Oct 2010
Posts: 25

Rep: Reputation: -14
thats reall sweet assas trouble with me is i forget what im doing real quick,i think ill have to have a blood transfusion sorta clean my dead cells away!
Old 11-02-2010, 09:00 PM   #5
Registered: Sep 2010
Posts: 46

Original Poster
Rep: Reputation: 7
It can also be done in KDE (gnome too?) in suse, if you right click on the folder > permissions > advanced permissions and add your groups and custom permissions there. Not so bad...


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba File permissions for multiple groups in the same general path hmendoza Linux - General 1 11-06-2009 04:43 AM
Sync Multiple Linux Servers Users, groups and passwords waddy Linux - Server 6 02-29-2008 07:28 AM
Expanding on File Permissions with multiple groups boardo Linux - General 1 01-24-2006 03:14 PM
multiple groups permissions steve007 Linux - Newbie 2 07-01-2005 01:24 PM
users, groups, and permissions mcd Linux - Newbie 3 05-26-2004 10:06 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:30 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration