Solved

Setting Different Permissions based on which directory you are in.

Posted on 2004-09-24
4
202 Views
Last Modified: 2013-12-16
Hi,

I have a setup with 5 users. All users have their primary group as "fafi"
When ever a user creates a file/directory it gets the permissions 755 (umask 022) whish is exactly what I want. However I want to set up a directory called "work_root" where no matter who creates a file or directory the permissions in this directory and recursively into its sub directories gets 775 (umash 002) but outside of this area/directlry the permissions will be the default 755.

Nice one,
- Troy
0
Comment
Question by:Troyh
4 Comments
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 25 total points
ID: 12144561
Short of hacking the source code to the kernel, you can't do this.

What you can do, however, is...
a. Create a new group for each user (easiest if the group name is the same is the login name).  This new per-user group should be each user's primary group, but they should still be members of fafi.
b. 'chgrp -r' everyone's home directories to their new groups
c. Set the default umask to 002
d. Make work_root (and all directories already under it) setgid to fafi (chmod g+s fafi ...)

Now, all files will be 775, but everyone will be in their own group when operating outside of work_root, so it won't matter that files/directories are group-readible since nobody else is in the group. Inside of work_root, all files/directories will be in group fafi, and therefore group-writable.
0
 
LVL 10

Assisted Solution

by:Luxana
Luxana earned 25 total points
ID: 12233024
have you heard about:

Save Text Attribute: (For directories)

    The "sticky bit" also has a different meaning when applied to directories than when applied to files. If the sticky bit is set on a directory, then a user may only delete files that the he owns or for which he has explicit write permission granted, even when he has write access to the directory. This is designed for directories like /tmp, which are world-writable, but where it may not be desirable to allow any user to delete files at will. The sticky bit is seen as a t in a long directory listing.

SUID Attribute: (For Files)

    This describes set-user-id permissions on the file. When the set user ID access mode is set in the owner permissions, and the file is executable, processes which run it are granted access to system resources based on user who owns the file, as opposed to the user who created the process. This is the cause of many "buffer overflow" exploits.

SGID Attribute: (For Files)

    If set in the group permissions, this bit controls the "set group id" status of a file. This behaves the same way as SUID, except the group is affected instead. The file must be executable for this to have any effect.

SGID Attribute: (For directories)

    If you set the SGID bit on a directory (with chmod g+s directory), files created in that directory will have their group set to the directory's group.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is the error message I got (CODE) Error caused by incompatible libmp3lame 3.98-2 with ffmpeg I've googled this error message and found out sometimes it attaches this note "can be treated with downgrade libmp3lame to version 3.97 or 3.98" …
Fine Tune your automatic Updates for Ubuntu / Debian
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question