Solved

Setting Different Permissions based on which directory you are in.

Posted on 2004-09-24
4
200 Views
Last Modified: 2013-12-16
Hi,

I have a setup with 5 users. All users have their primary group as "fafi"
When ever a user creates a file/directory it gets the permissions 755 (umask 022) whish is exactly what I want. However I want to set up a directory called "work_root" where no matter who creates a file or directory the permissions in this directory and recursively into its sub directories gets 775 (umash 002) but outside of this area/directlry the permissions will be the default 755.

Nice one,
- Troy
0
Comment
Question by:Troyh
4 Comments
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 25 total points
ID: 12144561
Short of hacking the source code to the kernel, you can't do this.

What you can do, however, is...
a. Create a new group for each user (easiest if the group name is the same is the login name).  This new per-user group should be each user's primary group, but they should still be members of fafi.
b. 'chgrp -r' everyone's home directories to their new groups
c. Set the default umask to 002
d. Make work_root (and all directories already under it) setgid to fafi (chmod g+s fafi ...)

Now, all files will be 775, but everyone will be in their own group when operating outside of work_root, so it won't matter that files/directories are group-readible since nobody else is in the group. Inside of work_root, all files/directories will be in group fafi, and therefore group-writable.
0
 
LVL 10

Assisted Solution

by:Luxana
Luxana earned 25 total points
ID: 12233024
have you heard about:

Save Text Attribute: (For directories)

    The "sticky bit" also has a different meaning when applied to directories than when applied to files. If the sticky bit is set on a directory, then a user may only delete files that the he owns or for which he has explicit write permission granted, even when he has write access to the directory. This is designed for directories like /tmp, which are world-writable, but where it may not be desirable to allow any user to delete files at will. The sticky bit is seen as a t in a long directory listing.

SUID Attribute: (For Files)

    This describes set-user-id permissions on the file. When the set user ID access mode is set in the owner permissions, and the file is executable, processes which run it are granted access to system resources based on user who owns the file, as opposed to the user who created the process. This is the cause of many "buffer overflow" exploits.

SGID Attribute: (For Files)

    If set in the group permissions, this bit controls the "set group id" status of a file. This behaves the same way as SUID, except the group is affected instead. The file must be executable for this to have any effect.

SGID Attribute: (For directories)

    If you set the SGID bit on a directory (with chmod g+s directory), files created in that directory will have their group set to the directory's group.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
Fine Tune your automatic Updates for Ubuntu / Debian
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now