View previous topic :: View next topic |
Author |
Message |
skiwarz Apprentice
Joined: 23 Feb 2014 Posts: 263
|
Posted: Thu Aug 21, 2014 6:29 pm Post subject: Persistent permissions in a directory |
|
|
TLDR: Can you make ALL files in a folder ALWAYS have a certain set of owner/group/permissions, no matter what?
Suppose I have a directory "dir". Normally, when I create, copy, or move a file into "dir," that file will have either its original permissions, or it will inherit my user's default permissions.
I wish to set up "dir" such that any file placed inside of it will have a certain set of permissions, regardless of the user that performed the action, and regardless of the file's original location.
For example, say user root creates a text file in a web server directory. I don't want that file to be owned by root or be in the root group. I want that file to automatically have the owner/group/permissions pre-set for that folder.
Also, the user creating/moving the file should not be required to perform any extra actions. This scheme should just "happen" when the file is placed in "dir."
Is this possible? |
|
Back to top |
|
|
TheCubeIsALie n00b
Joined: 11 Sep 2013 Posts: 19
|
Posted: Fri Aug 22, 2014 3:41 am Post subject: |
|
|
Sounds like a use case for incron. You can set it up to set permissions on a file whenever it is placed in the folder without the user having to do anything else. |
|
Back to top |
|
|
skiwarz Apprentice
Joined: 23 Feb 2014 Posts: 263
|
Posted: Sun Aug 24, 2014 6:45 am Post subject: |
|
|
Hmm... maybe. I'm not really interested in using a separate program to do it. Anyone know of a way native to linux to accomplish this? |
|
Back to top |
|
|
count_zero Guru
Joined: 17 May 2004 Posts: 460 Location: Little Rock, Arkansas, USA
|
Posted: Wed Sep 10, 2014 10:02 am Post subject: |
|
|
Check out ACL's (Access Control Lists). This is a more flexible permissions system that is built in to your filesystem. It takes some time to understand, but should do what you want with no additional programs needed. _________________ "We must all hang together, or assuredly we shall all hang separately."
-Ben Franklin |
|
Back to top |
|
|
destroyedlolo l33t
Joined: 17 Jun 2011 Posts: 846 Location: Close to Annecy (France)
|
Posted: Wed Sep 10, 2014 10:08 am Post subject: |
|
|
For owner and group, setting
on the directory (and only the directory) that holds your files will do the job.
Bye |
|
Back to top |
|
|
vaxbrat l33t
Joined: 05 Oct 2005 Posts: 731 Location: DC Burbs
|
Posted: Wed Sep 10, 2014 7:58 pm Post subject: seconded on ACL's |
|
|
setfacl/getfacl (see man pages) are the best way to do this. You want to set the default acl for the directory to the owner, group and perms that you want to use.
Set the default owner and permissions:
Code: | setfacl -d -m u:someguy:rwx somedir |
Set the default group and permissions:
Code: | setfacl -d -m g:somegroup:rwx somedir |
This assumes that your filesystem supports the use of ACLs and that the kernel has been built to enable this. Every modern filesystem handles acl attributes, but I don't recall if all of them default to enabling this when you build a kernel. I've made sure that I have ACL support enabled for all of my filesystems in the following kernel config:
Code: | # cd /usr/src/linux
grep ACL .config
CONFIG_EXT3_FS_POSIX_ACL=y
CONFIG_EXT4_FS_POSIX_ACL=y
CONFIG_BTRFS_FS_POSIX_ACL=y
CONFIG_FS_POSIX_ACL=y
CONFIG_GENERIC_ACL=y
CONFIG_TMPFS_POSIX_ACL=y
CONFIG_NFS_V3_ACL=y
CONFIG_NFSD_V2_ACL=y
CONFIG_NFSD_V3_ACL=y
CONFIG_NFS_ACL_SUPPORT=y
CONFIG_CIFS_ACL=y
|
If I remember right, the default acl setting on a directory will have its perms override whatever you might have set for a UMASK:
Code: | # grep UMASK /etc/login.defs
# UMASK is also used by useradd and newusers to set the mode of new home
UMASK 022
|
I wouldn't recommend using setuid/setgid as destroyedlolo suggests:
Quote: | For owner and group, setting
on the directory (and only the directory) that holds your files will do the job.
|
mainly because security oriented folk want to keep that to a bare minimum and actually run audits to look for such settings on files and directories. |
|
Back to top |
|
|
skiwarz Apprentice
Joined: 23 Feb 2014 Posts: 263
|
Posted: Wed Sep 24, 2014 11:46 pm Post subject: |
|
|
Just saw this post. Looking into it now. Will let you know. |
|
Back to top |
|
|
|