|
|
|
|
|
|
| Author |
Message |
Lawrence D'Oliveiro
*nix forums Guru
Joined: 25 Mar 2005
Posts: 723
|
 Posted: Fri Jul 21, 2006 10:58 am Post subject:
Re: File and Folder permissions..
|
|
|
In message <20060713214847.79f32fb6@efreet.linux>, Kevin Nathan wrote:
| Quote: | This is probably better handled by ACLs (Access Control Lists). While I
haven't used ACLs, yet, there is quite a bit of info on the web
concerning them . . .
|
Opinion seems to be that ACLs are complicated and error-prone, and liable to
surprise you as to the permissions you thought you were or weren't
allowing. |
|
| Back to top |
|
 |
Birre
*nix forums addict
Joined: 21 Oct 2005
Posts: 64
|
| Posted: Thu Jul 20, 2006 1:52 pm Post subject:
Re: File and Folder permissions..
|
|
|
On 2006-07-19 11:32, Lawrence D'Oliveiro wrote:
| Quote: | In message <pan.2006.07.13.19.49.35.963751@quaalude.net>, Whitey Johnson
wrote:
I have a 10.1 system at home that my wife and I share. I set up a
directory /home/shared where we can put shared stuff like mp3s or
pictures. I changed the group on the directory to users and set the gid
bit so that all files created in that directory will be with the group
users.
Here is my problem. When I put a file in there the user is me the
group is users but the permissions are 644 so she can't delete it or edit
it.
Another solution would be to create a third username, just to own the shared
files. You could set it up with no password, so no-one can log into it
normally. Instead, it has both your and your wife's SSH public keys in its
~/.ssh/authorized_keys file, so you can su to it, and scp to/from it,
without a password, and only from those accounts.
To make it easier to transfer files back and forth in a GUI, you can use
fish:// URLs in Konqueror. For instance, say the shared account is called
"shared". Then opening the URL <fish://shared@127.0.0.1/> in Konqueror
would take you to the shared account's home directory. Open your own home
directory in another window, then you can easily drag files back and forth.
|
This is what we do at my work with project accounts, it's easy to add/remove
members just by adding/removing their public keys, only the project owner
knows the login password.
/birre |
|
| Back to top |
|
|
Lawrence D'Oliveiro
*nix forums Guru
Joined: 25 Mar 2005
Posts: 723
|
| Posted: Wed Jul 19, 2006 9:32 am Post subject:
Re: File and Folder permissions..
|
|
|
In message <pan.2006.07.13.19.49.35.963751@quaalude.net>, Whitey Johnson
wrote:
| Quote: | I have a 10.1 system at home that my wife and I share. I set up a
directory /home/shared where we can put shared stuff like mp3s or
pictures. I changed the group on the directory to users and set the gid
bit so that all files created in that directory will be with the group
users.
Here is my problem. When I put a file in there the user is me the
group is users but the permissions are 644 so she can't delete it or edit
it.
|
Another solution would be to create a third username, just to own the shared
files. You could set it up with no password, so no-one can log into it
normally. Instead, it has both your and your wife's SSH public keys in its
~/.ssh/authorized_keys file, so you can su to it, and scp to/from it,
without a password, and only from those accounts.
To make it easier to transfer files back and forth in a GUI, you can use
fish:// URLs in Konqueror. For instance, say the shared account is called
"shared". Then opening the URL <fish://shared@127.0.0.1/> in Konqueror
would take you to the shared account's home directory. Open your own home
directory in another window, then you can easily drag files back and forth. |
|
| Back to top |
|
|
Birre
*nix forums addict
Joined: 21 Oct 2005
Posts: 64
|
| Posted: Mon Jul 17, 2006 9:00 am Post subject:
Re: File and Folder permissions..
|
|
|
On 2006-07-14 17:27, Whitey Johnson wrote:
| Quote: | On Fri, 14 Jul 2006 13:10:30 +0200, birre wrote:
snip
1. Do not set fixed permissions that may be wrong, use chmod g+w to add write
access for the group.
2. Backup (you do backup I hope) ,,, A cronjob that change ctime every hour
will tag all files as candidates for incremental backup, only change the files
that need to be changed.
What's a backup? j/k
Do not use chmod -R (never) , use :
find /home/shared ! -perm -g+w -exec chmod g+w {} \;
(add g+w to files that NOT has g+w, do NOT touch other files)
nice, Thanks.
And do chmod go-rwx /home/whitey , since that will stop your wife to access
anything there whatever the file permission is,
do as she do with /home/arnold :-)
thanks to both you and kevin for your suggestions. I don't actually have
any pr0n on the pc so it looks like the best (easiest) solution is to
change the umask for our two users.
|
If you will play with ACL's, try:
touch testfile
ls -l testfile
setfacl -m user:<your wife uid>:rw- testfile
Now a ls -l testfile will have the permission
-rw-rw-r--+ (note the +)
check with getfacl testfile
If you get "setfacl: testfile: Operation not supported" , your filesystem don't
support ACL's , then:
mount -o remount,acl /home/shared and try again.
But ACL's is a real pain to admin, only use it in special cases.
You may notice that if you have the screen locked, and someone start a new
session, some devices will get ACL's so the new session has access to them.
/birre |
|
| Back to top |
|
|
Whitey Johnson
*nix forums beginner
Joined: 02 Feb 2005
Posts: 21
|
| Posted: Fri Jul 14, 2006 3:27 pm Post subject:
Re: File and Folder permissions..
|
|
|
On Fri, 14 Jul 2006 13:10:30 +0200, birre wrote:
<snip>
| Quote: |
1. Do not set fixed permissions that may be wrong, use chmod g+w to add write
access for the group.
2. Backup (you do backup I hope) ,,, A cronjob that change ctime every hour
will tag all files as candidates for incremental backup, only change the files
that need to be changed.
|
What's a backup? j/k
| Quote: |
Do not use chmod -R (never) , use :
find /home/shared ! -perm -g+w -exec chmod g+w {} \;
(add g+w to files that NOT has g+w, do NOT touch other files)
|
nice, Thanks.
| Quote: | And do chmod go-rwx /home/whitey , since that will stop your wife to access
anything there whatever the file permission is,
do as she do with /home/arnold :-)
|
thanks to both you and kevin for your suggestions. I don't actually have
any pr0n on the pc so it looks like the best (easiest) solution is to
change the umask for our two users. |
|
| Back to top |
|
|
Birre
*nix forums addict
Joined: 21 Oct 2005
Posts: 64
|
| Posted: Fri Jul 14, 2006 11:10 am Post subject:
Re: File and Folder permissions..
|
|
|
On 2006-07-13 21:49, Whitey Johnson wrote:
| Quote: | I have a 10.1 system at home that my wife and I share. I set up a
directory /home/shared where we can put shared stuff like mp3s or
pictures. I changed the group on the directory to users and set the gid
bit so that all files created in that directory will be with the group
users.
Here is my problem. When I put a file in there the user is me the
group is users but the permissions are 644 so she can't delete it or edit
it. I have two solutions neither of which are what I want.
1. i can change the umask for users to 002 in /etc/profile so all files
are created 664. (but then she can see all my pr0n in /home/whitey)
2. I can cron a shell script to "chmod -R 775 /home/shared" every hour.(as
the directory grows this might get to be time and resource consuming and
it sets everything to executable)
Does anyone know how to set a umask for just one directory? I googled, but
found nothing.
Thanks.
|
If it's possible to delete a file or not depend on the directory permission,
not the file.
If you will make a cronjob that make all files writable for the group, why
making them executable ?
You must think about 2 things.
1. Do not set fixed permissions that may be wrong, use chmod g+w to add write
access for the group.
2. Backup (you do backup I hope) ,,, A cronjob that change ctime every hour
will tag all files as candidates for incremental backup, only change the files
that need to be changed.
The problem are more a single user culture running on a multi user platform.
A file has one owner, and if someone need to change it, just make a copy and
change the copy, so your wife now are the owner of her version.
Unix has no locking system that prevent you and your wife to edit the same file,
it's up to you or your application to make sure you don't trash it.
Since you have the gid bit for /home/shared , all new directories will get that
by default, so you don't need and fix for that, but if the umask i 22, you must
add w if you need it.
Do not use chmod -R (never) , use :
find /home/shared ! -perm -g+w -exec chmod g+w {} \;
(add g+w to files that NOT has g+w, do NOT touch other files)
And do chmod go-rwx /home/whitey , since that will stop your wife to access
anything there whatever the file permission is,
do as she do with /home/arnold :-)
Someone had the idea that 777 is the ultimate permission, but as example,
you added the gid bit to /home/shared 775 , so now it is 2775 , doing
chmod -R 775 will then remove the gid bit, and if you add +x to files
you can get in trouble.
I have seen a Sun with 20GB memory in a fatal loop, where the last 8 MB
was reserved for a root login so we could do chmod -x on a file, since one user
with . first in the $path clicked on a file called "Notes" , with a few 1000
lines of text, and one line had "Notes & <something>" , making 40000 processes
something, don't know since I had no time to wait for ps to finish,
but it's very evil to add the x bit to documents. (and have . in the $path)
/birre |
|
| Back to top |
|
|
Kevin Nathan
*nix forums Guru
Joined: 24 Mar 2005
Posts: 2026
|
| Posted: Fri Jul 14, 2006 4:48 am Post subject:
Re: File and Folder permissions..
|
|
|
On Thu, 13 Jul 2006 14:49:36 -0500
Whitey Johnson <whitey@quaalude.net> wrote:
| Quote: | Does anyone know how to set a umask for just one directory? I
googled, but found nothing.
|
No way of which I am aware (I looked pretty hard about a year ago). This
is probably better handled by ACLs (Access Control Lists). While I
haven't used ACLs, yet, there is quite a bit of info on the web
concerning them . . .
--
Kevin Nathan (Arizona, USA)
Linux Potpourri and a.o.l.s. FAQ -- http://www.project54.com/linux/
Open standards. Open source. Open minds.
The command line is the front line.
Linux 2.6.13-15.10-default
9:47pm up 47 days 2:33, 12 users, load average: 0.10, 0.13, 0.09 |
|
| Back to top |
|
|
Whitey Johnson
*nix forums beginner
Joined: 02 Feb 2005
Posts: 21
|
| Posted: Thu Jul 13, 2006 7:49 pm Post subject:
File and Folder permissions..
|
|
|
I have a 10.1 system at home that my wife and I share. I set up a
directory /home/shared where we can put shared stuff like mp3s or
pictures. I changed the group on the directory to users and set the gid
bit so that all files created in that directory will be with the group
users.
Here is my problem. When I put a file in there the user is me the
group is users but the permissions are 644 so she can't delete it or edit
it. I have two solutions neither of which are what I want.
1. i can change the umask for users to 002 in /etc/profile so all files
are created 664. (but then she can see all my pr0n in /home/whitey)
2. I can cron a shell script to "chmod -R 775 /home/shared" every hour.(as
the directory grows this might get to be time and resource consuming and
it sets everything to executable)
Does anyone know how to set a umask for just one directory? I googled, but
found nothing.
Thanks. |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
|
The time now is Fri Nov 21, 2008 2:23 pm | All times are GMT
|
|
Mortgage Calculator | skincare-istore.com | Property for sale in Spain | Credit Card | Remortgages
|
|
Copyright © 2004-2005 DeniX Solutions SRL
|
|
|
|
Other DeniX Solutions sites:
Unix/Linux blog |
electronics forum |
medicine forum |
science forum |
|
|
Privacy Policy
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
*nix
»
Linux
»
Distributions
»
Suse
