Security :: Group Write Access For Newly Created Files / Directories Without Changing Umask
Apr 3, 2009
I have several directories, each owned by root and a group of the same name,By setting the sgid bit, I made sure that newly created files and directories are owned by the correct group, and that directories have the sgid bit set too.On each newly created directory or file, the permissions are set to 755. This is because this is the default umask, and I cannot change a users umask. I actually only want files created below a particular directory to have group write access, inheriting this behaviour to newly created directories properly.I'm not on samba or NFS, I have to do this for SSH users.The filesystem is ext3.I started to fool around with ACLs, but couldn't find what I was looking for.
I have a fileserver running openSUSE 11.2 and samba services for file access from MS Windows based workstations. My question relates to changing default permissions on files and directories created from the windows clients.
Following are extracts of the /etc/samba/smb.conf file :
Even with the above entries, sometimes there are files and directories created by the windows clients having permission
I have ext3 partition mounted on /mnt/shared/ as follows
Permissions above are of the actual mounted fs.
Goal is to have all files created on the fs 1) to belong to group 'users' 2) to have this groups permissions set to rw (rwx for directories) so that all users who belong to group 'users' have full read/write access to data and everyone else to have only read access.
Now because of setgid bit (s) in group permissions every file created has group 'users' and additionally setgid bit is set for directories. Because every users umask by default (on my system) is set to 0022 all created files will have permissions 644 for ordinary files and 755 for directories.
Net result of above means that users A and B who both belong to group 'users' won't be able to modify files created by the other.
So how can I make files created on the fs to be created always with umask 0002 WITHOUT changing default umask for users that is used elsewhere (like in their home directory) ?
I have a site hosted with a cheap hosting company and limited control of the site. I need to allow some other users all over the world to have write access to files or complete directories and I have no idea how to do that. Initially I thought I could use "chown" somehow but it looks like it's a no-go with ftp and others. By default, there is a .htaccess file and a .htpasswd file in the root directory of the site and the hosting company suggested to use .htaccess file with something like below:
and put it in a .htaccess file in the directory of user1 but the server does not like something since I inserted that file. Is it an error in the script or is there more to it than that? Can someone point me to a suitable tutorial or explain what to do?
I'm using CentOS 5.5. I am trying to write a script that will find recently created directories (touched within 30 days) and create a symbolic link to those directories in another folder. Here is the script:
i am facing a problem regarding permissions. how can i set 775 permission for all newly created files and folders. when i give chmod -R 775 /data permission is getting to all files and folders. but when i create a folder i wont get that permission. i want this 755 permission should be permanent for all old and newly create files
I am setting up a samba server to operate in a windows AD domain. I want to set permissions for multiple groups to have different levels of access to one group of files, and it looks to me like unix permissions will not do that? I always hear about how robust linux is, and it seems to me that their file permissions model is WEAK compared to microsoft's?
CentOS 5.4 install, likewise open standard install (For active directory authentication).I have a license service which requires a license.txt be in the users home directory.The group owner for license.txt must be the same as the license service. Whenever a new domain user logs in, it creates the all the appropriate files but the group owner for license.txt is the users domain group. My current workaround seems like more effort than it's worth, is there another way to get this process solved easier/more secure?
- copy the license.txt into /etc/skel
- created a script to check for the presence of license.txt, check it's permissions and change them if necessary
- gave the domain's group sudo [nopasswd] access to the script (the script is not writable)
Using C++, I want to process sub-folders on my home folder sequentially each with a special naming format and containing some binary files in it:
Code: 1/ 2/ 3/ 4/ 5/ 6/ ...
Give above folders, I will process files in 1/ at first, 2/ at second, 3/ at third, and so on.
For some n/ folder, if I realize that n/ actually does not exist in local file system, I do not want to wait for it. Hence I will keep processing (n+1)/ folder, and so on.
However, when processing some (n+m)/ folder, previously not processed n/ folder may have been created on local file system. In this case, I do not want to miss processing it, but somehow detect its creation and process it. After processing n/ folder, I want to continue from (n+m+1)/.
I had to reinstall Ubuntu (Natty) on a brand new computer and while installing I setup the datas partition to be mounted in /usr but now I can't have access to files I put in there even if I setup the group/user permission! I can accezz /usr/Music but all files are locked
Does anyone have a solution for cron file permissions. I need them to be automatically generated 640, right not I believe they are 0644. Could I add a umask varible to the syslog.conf file to set the umask for cron generated files? Or is there a better way to do this. I am speaking only of logs generated by root.
To create a daemon, you need to execute these 2 lines (among others):Code: init log umask 0 What do each of these do?I didn't find anything on the 1st line. (The queries returned mostly "the log of the init (process)".)Google cast some light on the 2nd line: By setting the umask to 0, we will have full access to the files generated by the daemon. Even if you aren't planning on using any files, it is a good idea to set the umask here anyway, just in case you will be accessing files on the filesystem.
Long time reader, first time poster. I've got, what has become to me, a brain bender. It seems ACL's are the best way to go, but I am not 100% sure. Each user should be able to create files and modify each others'files, but should not be able to delete any one elses files in a directory.chmod -1777?setfacl?
I was running '# ls -l' in '/' directory and I noticed all directories in '/' have the following permeation 'drwxr-xr-x' [except root's home which is 'drwx------' (after I change it from 'drwxr-xr-x' )]
I don't want all the user (except root) to be able to read and execute (in) any directory, I just want every user to be abel to read/write/execute only in his/her home directory.
my question is, is it ok to change file and directory permeation of the following directories in '/' from 'drwxr-xr-x' to 'drwxr-x---' or 'drwx------' recursively?
/bin /boot /dev /etc
-I and the other users use the pc for internet, open office and email mainly.
-It does not run server(s) like smb/cif or NFS.
-There are 5 usernames (created by me, non of them are superusers) in th pc, only one user is required to login at any one time.
I've decided to move this question into a new thread since i haven't received an answer for 3 days. This question was originaly posted here: [URL]... I've already searched in google, however i wasn't able to find an answer that solves my problem... How can i change the umask on a per user basis so that each user can have its own umask to fit his needs? For example: I have four accounts on my system ex.
-So now I want everything from the admin group to be by default set to 002 (so that every user that is in the admins group can have a full share (-rwx rwx r--) of everything that is created by the admins).
-Then the similar to the above managers shoud have 022 umask.
-And each of the regular users should have 002 or 022 or 077 it is up to the users choice.
I hope that i have provided enough info thorough the example.
created a user but i forgot to change the home directory permission.so after user created when i go to the user and group mangement i cant see that permission filed related to the home permission directory.my purpose is to stop accessing other user to my home directory,how it can be possible??
We are running Oracle 10.2.04 RAC on Red Hat Linux 5 and when ever our SAN storage admin created new LUNS we have to reboot the servers so that server can see newly created LUNS. This causing downtime to our application. How we can add LUNS dynamically without rebooting servers. We are using device mapper mulitpath from red hat version 0.4.7-30.el5 and we have QLOGIC HBA's.
i've written a bash script to add new users to our system. the script works so I won't bother you all about that. when a new user is created with it, they can immediately login to our domain from any terminal, which is good. However, the newly created user is unable to login to debian at all, and so cannot access the server. when attempting to do so, they get a message like "the system administrator has disabled your account". This is a good thing really as normal users have no need for debian login, but I do need to add a few admin users who will need direct access to the server machine.
This is the code I'm using to add the user. The rest of my script is just a wrapper and GUI. I figure the login shell may have something to do with it, so I tried changing the shell of a user to the default /bin/bash. This resulted in the user being able to login - sort of. Gnome doesn't load though, and there's a cascade of errors across the screen about things failing to save or load settings. mostly stuff like nautilus, X, and gnome. the desktop background is black and there's no interface. Logging in with a previously existing account works fine though. Clearly I have an issue somewhere.
I have an Intel setup with 64bit Ubuntu. I have an NVIDIA graphics card. When I used compiz, I found that my mouse would follow newly created windows. (e.g, I would bring up terminal and if I hit F1, the mouse would move to the upper right of the screen by itself. I have since turned off compiz which resolves the issue. where I can turn it off/on.
I just created a LUKS filesystem following these instructions. Everything seemed okay at first. It mounted with no problem and I moved some files there. I then unmounted it and remounted it to see if I would need to use a special command. It mounted right away and even allowed access to normal users. So, I rebooted to see if anything would change. Before I go on I should say that my partitioning scheme is weird. Not knowing any better I 'upgraded' to 11.04 when my update manager told me a new version was out. This didn't go well and I had to do a fresh install to put 10.10 back on my machine. After this the way it partitions the drive has been weird. What I had was /dev/sda1 which has my installation on it including /home. But, where it gets weird is /dev/sda2 would not manually mount. Looking at the disk in gparted it showed /dev/sda2 THEN under that, as if they were sub partitions or something, I had sda6 and sda7. I had been using 6 and 7 for various things and they mounted fine, so I decided to encrypt 7. After reboot I only have sda1. Everything else shows up as unallocated and ever way I try to mount I get device does not exist.
I only did the procedure for sda7 but 6 has been affected as well. There is no longer a sda2 the way there was before. This always bothered me anyway since I wanted sda2 for my /home but it wanted to call it sda6 and put it under sda2 like I said, I could never fix that, now this.
I just want to know how the default size of a newly created file or folder is 4.0 kb.Does this value is mentioned in any configuration file,if that is the case can we edit that file and can we change this default value.
I have a group (GROUP) with a number of users. I recently added a new user (NEW). NEW is able to read but not write group files, whereas all the other users in the group can read and write to the group files. The permissions for the group files indicate that all members of group should have write permission -rwxrwxr-x
/etc/group indicates that NEW is a member of GROUP ... GROUP:x:501:GROUP,OLD,OLD2,OLD3,OLD4,....,NEW
Don't know if it matters, but both OLD and NEW write to the GROUP files over an internet connection. why NEW can't write to GROUP files? Is there a maximum number of members in a group that I might have exceeded?