Sticky bits and umasks

felix001 · April 12, 2009, 10:03am

ive been looking at sticky masks and umasks but still slighty unclear how i can use them my enviroment.
I currently have 1 folder for which any file that is copied to this or moved here has its permissions set to 555.

Ive tried setting the sticky bit on the folder by using chmod -t and chmod 1555 but when i try and create a new file within this folder the permissions are still incorrect...

Can anyone help me out ??

TonyFullerMalv · April 12, 2009, 10:30am

A chmod of 555 on a folder means no one can write to it, I think you want a chmod of 1777 like /tmp has so that anyone can write to the folder but only the owner of a file or directory may delete it, is that what you are after?

felix001 · April 12, 2009, 11:41am

the folder is for my file sevrer so i need everyone to have read / execute access to it and the child files but i only want root to be able to write files to the folder....

And when i add a file to this folder i want the folder to have the same permissions...

TonyFullerMalv · April 12, 2009, 3:50pm

If you want files to have the same group owner as the directory then you can set the group sticky bit (chmod g+s), if the folder is not world writeable then the user has to be a member of that group (secondary or primary), I can't think how you can allow users to write files into a folder without them having permissions to create subfolders.

If you have a directory /export/foo with a subdirectory called bar:

You want users to be able to create files in foo.
Only root may create files in bar.
Users to be able to only read/list/access files in bar.
Files in bar have the only read/execute permissions for non-root users.
then:

# chown root:groupname /export/foo
# chmod 1770 /export/foo
# chmod g+s /export/foo
# chown root:root /export/foo/bar
# chmod 750 /export/foo/bar
# chmod g+s /export/foo/bar

The umask for the root account will need to be 027 and its primary group should be root or else it should run "newgrp root" before creating files in /export/foo/bar.
I am assuming all your users requiring access to this folder will be in a common group (called groupname in this example ).

felix001 · April 13, 2009, 5:08am

ok cool... in the case of what im looking for what would commands would i need...

the directory in question is straight from root ... /datafarm

chown root:root /datafarm
chmod 750 /datafarm
chmod g+s /datafarm

ive add these commands but new files created in this folder still arent beng set with the required permissions.. ???