[Leaplist] special dir permission

Kevin Korb kmk at sanitarium.net
Sat Jul 4 12:06:35 EDT 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bryan is right.  Linux completely ignores the SUID bit on directories.
It does that because allowing users to store files as another user is a
major security risk.

chmod g+s or chmod 2... is what you want.

Bryan J Smith wrote:
> Ingo Claro wrote:  
>> Hello all:
>> I'm trying to have a directory with permissions so that any
>> file created inside it has the same owner and group of the
>> directory.  tried with 06770, but when I make a file inside
>> it has my owner and the directory owner. So how can I
>> acomplish that?
> 
> I think the answer to this question is when you step back and recognize
> the non-repudiation issues with allowing any user in a group to create a
> file that is owned by another.  No operating system I know of allows
> this behavior for a reason, hence why GNU and POSIX systems do not.
> 
> The best common practice (BCP) is to use 2770, "2" for setgid, which
> will ensure that files and subdirectories are created with the group.
> The "770" ensures that only users in that same group can write (or read
> in the case the "0" at the end) in the directory tree.
> 
> Access Control Lists (ACL) can offer further control although you'll
> need a filesystem that supports Extended Attributes (EA) and ensure it's
> enabled.
> 
> 
> 

- --
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
	Kevin Korb			Phone:    (407) 252-6853
	Systems Administrator		Internet:
	FutureQuest, Inc.		Kevin at FutureQuest.net  (work)
	Orlando, Florida		kmk at sanitarium.net (personal)
	Web page:			http://www.sanitarium.net/
	PGP public key available on web site.
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,._.,-*~
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkpPfgoACgkQVKC1jlbQAQedeACgkyO6SqzBLT1Yl+iz2O7gNwqf
4IMAn30wne5fRpEiVfRsNi7Umtcl3khy
=KkNX
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Leaplist mailing list