LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   Why do I have to make these files world readable? (https://www.linuxquestions.org/questions/linux-software-2/why-do-i-have-to-make-these-files-world-readable-869315/)

Red Squirrel 03-17-2011 10:57 PM
Why do I have to make these files world readable?
 
Linux permissions have always frustrated me. They are really annoying to work with and very unversatile compared to NTFS.

Here's my current situation, and I don't understand what's going on here.

I have a server with a smb share, a user on another machine is in the group that is assigned to those files. The files are chmodded 770. If the user is in that group then technically that user should have access to those files... but it does not. If I chmod to 775 then the user has access. WTF? Why? I don't care given it's a local server, but still, if I have to make files world readable for a single user to have access even though I granted those rights through the filesystem and through samba, then that's a huge security issue, and it's no wonder we're not seeing Linux used for enterprise file servers.

Another thing that pisses me off with linux permissions is when a new file is created, the permissions arn't inherited. This folder gets lot of data added to it but it defaults to whatever the default permissions are. I need to run a script to periodicly fix all the permissions. To me this is really messy.

Is there not a better way to manage this?

Gethyn 03-18-2011 06:18 AM
If both client and server machines are Linux, BSD or Mac, you will probably have an easier time using NFS than Samba. The problem you're experiencing is probably due to the underlying Linux system and the Samba layer not recognising each other's users and groups. Usually both are kept in sync by configuring them to use LDAP as a backend. This isn't as necessary with NFS, as there are other ways of communicating user and group ids between machines (some have security implications though, so be cautious).

As for the permissions, I don't think there is a way of specifying inheritance, but there are other options. You can use umask (set e.g. via /etc/profile) to set the default permissions for a user. You can set a "create mask" in Samba, which can be configured per share. You can also set the default group of newly created files by setting the group ID on the parent directory (setgid/sgid).

If you want finer grained control like NTFS, you could try setting up ACLs. I've never used them myself though, so don't know how well they work with Samba.

Hope that helps!


All times are GMT -5. The time now is 06:05 PM.