Hi,
I have created a shared directory on /home, where all users on a certain group have read, write and execute permissions.
I did this using
chmod -R g+rwx /home/shared/
The problem is, when a particular user creates a directory within /home/shared, other users are not able to write to that directory. Is there a way to set the permissions such that all users within the group have full permissions in that directory?
Thanks!
Hello,
If I understand correctly, you can use umask option here, as for giving permissions like 755 ,
we can use command like umask 002 so permissions will be set by the inverse of the umask value. When creating files. We can use setfacl option also but that is for
giving a specific user a specific permissions. Kindly try it in a non live environment and let me know if this helps.
EDIT: Adding an example I have given umask 002 and then I have created a test directory as follows.
mkdir test1234
It's permissions will be 755 as follows.
umask 002
mkdir test1234
drwxrwxr-x. 2 singh singh 4096 Oct 18 07:51 test1234
Thanks,
R. Singh
By means of umask 002 the users can run only a limited set of applications. But a desktop (Gnome, KDE) and a Internet browser require a unique (per user) home directory.
The umask 002 seems to do what I want. The problem is, I'm not sure if all users will do it every time they create a new directory.
Is there nothing that can be done as root such that the user doesn't have to enter umask 002?
Put the umask command to the user's login files
cd /home/shared
echo umask 002 >> .profile
echo umask 002 >> .login
Hi putting that umask to the login files did not work. But I've added it to .bashrc for each user which seems to work. Thanks
And you have now set it up so that no user on your system has any private files; every file that they create in any directory on your system will be readable and writeable by every other user in the same group. Fortunately, I use the Korn shell instead of bash , so this wouldn't affect me.
Before you modified everybody'a .bashrc , did you at least warn them that they need to undo what you did or manually chmod every file that they create in any other directory?
Did you consider just asking users in this group to chmod files they create under this shared directory.
Did you consider writing a set-UID application that would allow users in that group to change the mode of any file under that directory (AND ONLY under that direcotry) to something any user in the group could use (and send a note to the offending file's creator and that person's supervisor) when it was needed?
At any company I've ever worked for, what you did would be a fireable offense. Please reconsider this action.
Make every user that is sharing a member of a group, example "shared"
Then change the group ownership of the shared home area to "shared" and make it group writable and change the sticky bit.
Then ensure all access using a umask 0002 (some clients will try to preserve client side perms, so make sure files, etc. on the client side have group write perms.... an example is sftp, if the client file isn't grouip writable, neither will the remote side when copied).
mkdir /home/shared
chgrp shared /home/shared
chmod u+rwx,g+rwxs /home/shared
In order to bypass normal operations and "fix" the bits for any file operation, you'll need an extra level of abstraction to the filesystem (unless somebody knows of something).
Many thanks for the reply Don Cragun.
The idea to have other users files accessible (within the same group) was from our manager, and yes all users are aware of this.