?
Solved

Setting Different Permissions based on which directory you are in.

Posted on 2004-09-24
4
Medium Priority
?
205 Views
Last Modified: 2013-12-16
Hi,

I have a setup with 5 users. All users have their primary group as "fafi"
When ever a user creates a file/directory it gets the permissions 755 (umask 022) whish is exactly what I want. However I want to set up a directory called "work_root" where no matter who creates a file or directory the permissions in this directory and recursively into its sub directories gets 775 (umash 002) but outside of this area/directlry the permissions will be the default 755.

Nice one,
- Troy
0
Comment
Question by:Troyh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 100 total points
ID: 12144561
Short of hacking the source code to the kernel, you can't do this.

What you can do, however, is...
a. Create a new group for each user (easiest if the group name is the same is the login name).  This new per-user group should be each user's primary group, but they should still be members of fafi.
b. 'chgrp -r' everyone's home directories to their new groups
c. Set the default umask to 002
d. Make work_root (and all directories already under it) setgid to fafi (chmod g+s fafi ...)

Now, all files will be 775, but everyone will be in their own group when operating outside of work_root, so it won't matter that files/directories are group-readible since nobody else is in the group. Inside of work_root, all files/directories will be in group fafi, and therefore group-writable.
0
 
LVL 10

Assisted Solution

by:Luxana
Luxana earned 100 total points
ID: 12233024
have you heard about:

Save Text Attribute: (For directories)

    The "sticky bit" also has a different meaning when applied to directories than when applied to files. If the sticky bit is set on a directory, then a user may only delete files that the he owns or for which he has explicit write permission granted, even when he has write access to the directory. This is designed for directories like /tmp, which are world-writable, but where it may not be desirable to allow any user to delete files at will. The sticky bit is seen as a t in a long directory listing.

SUID Attribute: (For Files)

    This describes set-user-id permissions on the file. When the set user ID access mode is set in the owner permissions, and the file is executable, processes which run it are granted access to system resources based on user who owns the file, as opposed to the user who created the process. This is the cause of many "buffer overflow" exploits.

SGID Attribute: (For Files)

    If set in the group permissions, this bit controls the "set group id" status of a file. This behaves the same way as SUID, except the group is affected instead. The file must be executable for this to have any effect.

SGID Attribute: (For directories)

    If you set the SGID bit on a directory (with chmod g+s directory), files created in that directory will have their group set to the directory's group.
0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses
Course of the Month14 days, 6 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question