file permission inheritance from the above folder

Hello,

I'm user CentOS 4.3 (RHEL 4 clone) ext3 file system.
What need to be done so that new file will inheritance his directory permition.

For example:

user1 and user2 are in group users

ls -l dira
drwxrwx---  1 user1 users     69 Mar 29 20:02 dira

When user user2 or user root will create a file in dira, I would like that this new file permission will be the same as the home directory dira.

How can I set it?

Thanks,
Addady

addadyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ahoffmannCommented:
> new file will inheritance his directory permition.
this will not work,
you only can inherit the directories group setting if the directory permission has set the SGID bit (g+s),
for file premissions you have to use the shells umask

BTW, your requirement is impossible to implement: assume a directory permission of 555 then you cannot create a file, same applies to something like 444 for the directory
0
paullamhkgCommented:
I come to the same problem, what I did may not be a good way, but at lease it's work

I run a cron job which change the owner of that file(s)/directory(ies) say every 1 hr, so when user(s) under same group the can have the right as I assigned.

for example

59 * * * * chown -R user1:users /data/user1

so every hour all the files inside /data/user1 will own by user1:users.




0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ahoffmannCommented:
cron is the quick&dirty way to do it, AFAIK using ACLs might be the proper and clean solution
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

paullamhkgCommented:
lol.... as I mentioned may not be a good way but it's work :o)
0
addadyAuthor Commented:
Thank you ahoffmann,

>you only can inherit the directories group setting if the directory permission has set the SGID bit >(g+s), for file premissions you have to use the shells umask

That can be fine.
Following my example above, what setting need to be done in order that all file/dir under "dira" will have group "users" and permition rwx, no matter how create the file/dirs?

>AFAIK using ACLs might be the proper and clean solution

If the first option will not work I will try acl, how difficult is to implement it?

Thaks,
Addady

0
ahoffmannCommented:
> .."dira" will have group "users" ..
chmod g+s dira

> .. that all file/dir  .. permition rwx, no matter how create the file/dirs?
as I said you need to set proper umask for each user no matter which one you mean

> ..  try acl, how difficult is to implement it?
security is a process not a product
hence you have to get used to ACLs first, then define your requirements and then configure your ACLs
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.