Special File Permissions Setgid and setuid ..HELP

kilobyter · September 19, 2013, 12:18pm

I have a user AAA who's who is part of a group call clserv and techsupp, His userfiles have the following permissions:-

drwxrwx---  16 AAA     clserv      1858 Aug 22 12:48 UserFiles

he has a link in his UserFiles/

lrwxrwxrwx   1 root     root          36 Mar  9  2013 TECHSUPP_GLOBAL -> /home/files/techsupp/TECHSUPP_GLOBAL

he saves pdf's from a scanner in the following

drwxrws---  10 AAA     techsupp      10 Jul  2 13:03 COMPLAINT-DOCUMENTS-LIBRARY

drwxrwsr-x   2 AAA     techsupp       3 Jun 21 15:28 A
drwxrwsr-x   4 AAA     techsupp       4 Jul  2 13:04 B
drwxrwsr-x   4 AAA     techsupp       4 Jul  2 13:04 C

When saving the pdf from the scanner in the above directories the other people in his dept 'techsupp' can not open the files????? even though they are a part of the same group and the s for 'others' ....still dont work??? HELP...is it some sort UMASK issues?? ...newbie lost

Why isn't Sticky/suid working? I would like all members of �techsupp� to be able to open pdf's in the A,B,C Directories which is own by user AAA

Can any of you tell me what im doing wrong or why this setup isnt working?? thanks in advance

Thanks

Corona688 · September 19, 2013, 1:51pm

What permissions and owners do the PDF's end up as?

MadeInGermany · September 19, 2013, 7:59pm

Can the other users cd to the A B C directories?
If not, ensure the parent directory permission is at least 711 (x bit for all).

kilobyter · September 20, 2013, 6:22am

the permissions are 600 (rw-------) when saved from xerox workcentre to his userfiles... However when he puts the pdf in directory A B C they should inherit the sticky and group permissions... ???

all other users can cd into A B C see the files but cant view the pdfs ??

thanks for your replies

how comes the scanners default permissions override the systems permission>??

gacanepa · September 20, 2013, 10:18am

I believe this issue is caused by a misunderstanding of the sticky bit, SUID, SGID, and the like. If I am not mistaken, you are just trying to allow the users of the techsupp group to open the PDF files owned by the user AAA, which are created using a scanner. Am I correct?

The sticky bit here should be set if you don't want to allow other users (except for root and the owner of the files) to delete / rename those files.
SUID and SGID are typically set for executables --> So a workaround that you could try is setting them for the executable that OPENS the PDF files instead for the files themselves.

In this link you can find a good reference on SUID, SGID, and the sticky bit.
Other than that, I would check the samba configuration file (if this is a shared printer over a network) and make sure the create mask and the directory mask are correctly set.

[PDF]
        comment = Print to create PDF
        path = /var/spool/samba
        create mask = 0644
        directory mask = 0755

Hope any of this helps :).

Corona688 · September 20, 2013, 11:39am

You forgot to tell me what the ownerships were... That's what the group-sticky bit on directories is supposed to do. It doesn't have anything to do with rwx------, because it's possible for it to be the right owner and group and set unreadable.

umask, which gets set on login in various ways. What's your FTP daemon?