Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Setting Different Permissions based on which directory you are in.

Posted on 2004-09-24
4
Medium Priority
?
207 Views
Last Modified: 2013-12-16
Hi,

I have a setup with 5 users. All users have their primary group as "fafi"
When ever a user creates a file/directory it gets the permissions 755 (umask 022) whish is exactly what I want. However I want to set up a directory called "work_root" where no matter who creates a file or directory the permissions in this directory and recursively into its sub directories gets 775 (umash 002) but outside of this area/directlry the permissions will be the default 755.

Nice one,
- Troy
0
Comment
Question by:Troyh
2 Comments
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 100 total points
ID: 12144561
Short of hacking the source code to the kernel, you can't do this.

What you can do, however, is...
a. Create a new group for each user (easiest if the group name is the same is the login name).  This new per-user group should be each user's primary group, but they should still be members of fafi.
b. 'chgrp -r' everyone's home directories to their new groups
c. Set the default umask to 002
d. Make work_root (and all directories already under it) setgid to fafi (chmod g+s fafi ...)

Now, all files will be 775, but everyone will be in their own group when operating outside of work_root, so it won't matter that files/directories are group-readible since nobody else is in the group. Inside of work_root, all files/directories will be in group fafi, and therefore group-writable.
0
 
LVL 10

Assisted Solution

by:Luxana
Luxana earned 100 total points
ID: 12233024
have you heard about:

Save Text Attribute: (For directories)

    The "sticky bit" also has a different meaning when applied to directories than when applied to files. If the sticky bit is set on a directory, then a user may only delete files that the he owns or for which he has explicit write permission granted, even when he has write access to the directory. This is designed for directories like /tmp, which are world-writable, but where it may not be desirable to allow any user to delete files at will. The sticky bit is seen as a t in a long directory listing.

SUID Attribute: (For Files)

    This describes set-user-id permissions on the file. When the set user ID access mode is set in the owner permissions, and the file is executable, processes which run it are granted access to system resources based on user who owns the file, as opposed to the user who created the process. This is the cause of many "buffer overflow" exploits.

SGID Attribute: (For Files)

    If set in the group permissions, this bit controls the "set group id" status of a file. This behaves the same way as SUID, except the group is affected instead. The file must be executable for this to have any effect.

SGID Attribute: (For directories)

    If you set the SGID bit on a directory (with chmod g+s directory), files created in that directory will have their group set to the directory's group.
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses
Course of the Month14 days, 1 hour left to enroll

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question