[Leaplist] special dir permission
Bryan J Smith
b.j.smith at ieee.org
Sat Jul 4 12:03:16 EDT 2009
Ingo Claro wrote:
> Hello all:
> I'm trying to have a directory with permissions so that any
> file created inside it has the same owner and group of the
> directory. tried with 06770, but when I make a file inside
> it has my owner and the directory owner. So how can I
> acomplish that?
I think the answer to this question is when you step back and recognize
the non-repudiation issues with allowing any user in a group to create a
file that is owned by another. No operating system I know of allows
this behavior for a reason, hence why GNU and POSIX systems do not.
The best common practice (BCP) is to use 2770, "2" for setgid, which
will ensure that files and subdirectories are created with the group.
The "770" ensures that only users in that same group can write (or read
in the case the "0" at the end) in the directory tree.
Access Control Lists (ACL) can offer further control although you'll
need a filesystem that supports Extended Attributes (EA) and ensure it's
enabled.
--
Bryan J Smith Professional, Technical Annoyance
b.j.smith at ieee.org http://www.linkedin.com/in/bjsmith
--------------------------------------------------------
I don't have a "favorite Linux distro." I use, develop
and support community efforts, often built around Linux.
Technology and solutions are my focus, not dragging in
assumptions, marketing and other concepts which dominate
non-community developed software, which I left long ago.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Leaplist
mailing list