LinuxQuestions.org - inheritable permissions

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - inheritable permissions (https://www.linuxquestions.org/questions/linux-security-4/inheritable-permissions-340137/)

inheritable permissions

Hello,
I have a problem with permissions and not sure how to resolve it.
this is the scenario:
two users
test1, test2
part of a group called test

each user is logged onto a Samba domain, the client machines are win2k

a folder called "test folder" which is shared, root user created the folder and is owner, the group permissions are set to rwx for "test" group.

test1 creates a folder called "new folder"
test2 has access to it but can not create or modify the contents of it.

is there a way to get the permissions to filter down from the main folder (test folder) so that if user test1 creates a folder all users in the test group from the main directory group has rwx permissions. can i also retain the owner as root and not the person who created the folder?
i have used the GUI to set the set gid and set uig bits but that doesnt seem to make any difference. i dont know the command way for that, but it shouldnt make any difference should it?

if you need any further information please ask.

Steve

You might want to examine the manpage for chmod,
in particular the 't' sticky option and the
'STICKY DIRECTORIES' section.
I'd imagine there should be a way of setting this with a umask in
your smb.conf.

how do i see the man pages? are they in my distro or on the net? how do i get to them?

man chmod

they are usually installed by default in each distro

ooooo thank you, sorry being a bit slow, im quite new to linux

Despite reading the Man pages on this it has still not helped me do the permissions I wanted, Is it possible to do what I want in Linux or not? I am still stuck with this.

permissions on user level are not possible in case of linux u have to go with the group permission what you ca do is create a new group make test1 a user of that group then assign a permission to that group and then assign a permission to others for that directory.

I think this helps out

Inheritable permissions are done by setting the setuid or setgid permission on directories. Setting the sticky bit on a directory means that users cannot delete other users files, even if they have write permissions to the directory, and has nothing to do with inheritable permissions.

Set the uid and gid bits on the top level folder 'test folder' and any files or folders created under that folder will have the same ownership as that folder. Example:

On my computer I have a directory called multimedia that I want everyone in the multimedia group to be able to access.

Code:

chown :multimedia /multimedia #make multimedia owned by group multimedia

chmod g+s /multimedia #setgid on multimedia

touch /multimedia/test

mkdir /mnt/share2/multimedia/testdir

ls -l /mnt/share2/multimedia/

-rw-r-----  1 tim    multimedia    0 Jul 12 11:33 test

drwxr-s---  2 tim    multimedia  48 Jul 12 11:35 testdir/

So you can see that the file 'test' and the directory 'testdir' I created have both inherited the group onwership - they are both owned by the multimedia group. However you'll notice that the permissions aren't inherited - in this example the multimedia group only got read permission. To fix this you'll have to change the umask of each user to a less strict value such as 007 or 002 (instead of the more common 022 or 027) so that by default the group has write access to files created by those users.

thats very useful thanks, how do you set the umask?

If you're using Mandrake go into the Mandrake Control Centre->Security->"Set the system Security Level..."->System Options->User Umask.

For most other distros use the /etc/bashrc file (to set it for all users) or put it in the ~/.bashrc file for each of the users in question

Code:

umask 0007