Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Persistent permissions in a directory
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Gentoo Chat
View previous topic :: View next topic  
Author Message
skiwarz
n00b
n00b


Joined: 23 Feb 2014
Posts: 30

PostPosted: Thu Aug 21, 2014 6:29 pm    Post subject: Persistent permissions in a directory Reply with quote

TLDR: Can you make ALL files in a folder ALWAYS have a certain set of owner/group/permissions, no matter what?

Suppose I have a directory "dir". Normally, when I create, copy, or move a file into "dir," that file will have either its original permissions, or it will inherit my user's default permissions.
I wish to set up "dir" such that any file placed inside of it will have a certain set of permissions, regardless of the user that performed the action, and regardless of the file's original location.
For example, say user root creates a text file in a web server directory. I don't want that file to be owned by root or be in the root group. I want that file to automatically have the owner/group/permissions pre-set for that folder.
Also, the user creating/moving the file should not be required to perform any extra actions. This scheme should just "happen" when the file is placed in "dir."
Is this possible?
Back to top
View user's profile Send private message
TheCubeIsALie
n00b
n00b


Joined: 11 Sep 2013
Posts: 19

PostPosted: Fri Aug 22, 2014 3:41 am    Post subject: Reply with quote

Sounds like a use case for incron. You can set it up to set permissions on a file whenever it is placed in the folder without the user having to do anything else.
Back to top
View user's profile Send private message
skiwarz
n00b
n00b


Joined: 23 Feb 2014
Posts: 30

PostPosted: Sun Aug 24, 2014 6:45 am    Post subject: Reply with quote

Hmm... maybe. I'm not really interested in using a separate program to do it. Anyone know of a way native to linux to accomplish this?
Back to top
View user's profile Send private message
count_zero
Guru
Guru


Joined: 17 May 2004
Posts: 459
Location: Little Rock, Arkansas, USA

PostPosted: Wed Sep 10, 2014 10:02 am    Post subject: Reply with quote

Check out ACL's (Access Control Lists). This is a more flexible permissions system that is built in to your filesystem. It takes some time to understand, but should do what you want with no additional programs needed.
_________________
"We must all hang together, or assuredly we shall all hang separately."
-Ben Franklin
Back to top
View user's profile Send private message
destroyedlolo
Guru
Guru


Joined: 17 Jun 2011
Posts: 445
Location: Close to Annecy (France)

PostPosted: Wed Sep 10, 2014 10:08 am    Post subject: Reply with quote

For owner and group, setting
Code:
set u+s,g+s
on the directory (and only the directory) that holds your files will do the job.

Bye
Back to top
View user's profile Send private message
vaxbrat
l33t
l33t


Joined: 05 Oct 2005
Posts: 610
Location: DC Burbs

PostPosted: Wed Sep 10, 2014 7:58 pm    Post subject: seconded on ACL's Reply with quote

setfacl/getfacl (see man pages) are the best way to do this. You want to set the default acl for the directory to the owner, group and perms that you want to use.

Set the default owner and permissions:
Code:
setfacl -d -m u:someguy:rwx somedir


Set the default group and permissions:
Code:
setfacl -d -m g:somegroup:rwx somedir


This assumes that your filesystem supports the use of ACLs and that the kernel has been built to enable this. Every modern filesystem handles acl attributes, but I don't recall if all of them default to enabling this when you build a kernel. I've made sure that I have ACL support enabled for all of my filesystems in the following kernel config:

Code:
# cd /usr/src/linux
grep ACL .config
CONFIG_EXT3_FS_POSIX_ACL=y
CONFIG_EXT4_FS_POSIX_ACL=y
CONFIG_BTRFS_FS_POSIX_ACL=y
CONFIG_FS_POSIX_ACL=y
CONFIG_GENERIC_ACL=y
CONFIG_TMPFS_POSIX_ACL=y
CONFIG_NFS_V3_ACL=y
CONFIG_NFSD_V2_ACL=y
CONFIG_NFSD_V3_ACL=y
CONFIG_NFS_ACL_SUPPORT=y
CONFIG_CIFS_ACL=y


If I remember right, the default acl setting on a directory will have its perms override whatever you might have set for a UMASK:

Code:
# grep UMASK /etc/login.defs
# UMASK is also used by useradd and newusers to set the mode of new home
UMASK           022



I wouldn't recommend using setuid/setgid as destroyedlolo suggests:

Quote:
For owner and group, setting
Code:
set u+s,gs

on the directory (and only the directory) that holds your files will do the job.


mainly because security oriented folk want to keep that to a bare minimum and actually run audits to look for such settings on files and directories.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo Chat All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum