Solved

Setting Different Permissions based on which directory you are in.

Posted on 2004-09-24
4
204 Views
Last Modified: 2013-12-16
Hi,

I have a setup with 5 users. All users have their primary group as "fafi"
When ever a user creates a file/directory it gets the permissions 755 (umask 022) whish is exactly what I want. However I want to set up a directory called "work_root" where no matter who creates a file or directory the permissions in this directory and recursively into its sub directories gets 775 (umash 002) but outside of this area/directlry the permissions will be the default 755.

Nice one,
- Troy
0
Comment
Question by:Troyh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 25 total points
ID: 12144561
Short of hacking the source code to the kernel, you can't do this.

What you can do, however, is...
a. Create a new group for each user (easiest if the group name is the same is the login name).  This new per-user group should be each user's primary group, but they should still be members of fafi.
b. 'chgrp -r' everyone's home directories to their new groups
c. Set the default umask to 002
d. Make work_root (and all directories already under it) setgid to fafi (chmod g+s fafi ...)

Now, all files will be 775, but everyone will be in their own group when operating outside of work_root, so it won't matter that files/directories are group-readible since nobody else is in the group. Inside of work_root, all files/directories will be in group fafi, and therefore group-writable.
0
 
LVL 10

Assisted Solution

by:Luxana
Luxana earned 25 total points
ID: 12233024
have you heard about:

Save Text Attribute: (For directories)

    The "sticky bit" also has a different meaning when applied to directories than when applied to files. If the sticky bit is set on a directory, then a user may only delete files that the he owns or for which he has explicit write permission granted, even when he has write access to the directory. This is designed for directories like /tmp, which are world-writable, but where it may not be desirable to allow any user to delete files at will. The sticky bit is seen as a t in a long directory listing.

SUID Attribute: (For Files)

    This describes set-user-id permissions on the file. When the set user ID access mode is set in the owner permissions, and the file is executable, processes which run it are granted access to system resources based on user who owns the file, as opposed to the user who created the process. This is the cause of many "buffer overflow" exploits.

SGID Attribute: (For Files)

    If set in the group permissions, this bit controls the "set group id" status of a file. This behaves the same way as SUID, except the group is affected instead. The file must be executable for this to have any effect.

SGID Attribute: (For directories)

    If you set the SGID bit on a directory (with chmod g+s directory), files created in that directory will have their group set to the directory's group.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question