How to set default file permissions for all folders/files in a directory?
Applying default permissions for newly created files within a specific folder
[Log in to get rid of this advertisement]
I've been trying to do this for a while, but I haven't found much info on this so I had to put the pieces together myself, so to speak. In essence, I want to change the umask for only one folder, which you can't really do with umask... This is the only way AFAIK to achieve this. Please let me know if there is a simpler way. 
Here is my objective:
I have a folder which I want to share with rw permissions for a selected group of users. Let's say the folder is /music and I want to share it with the group media. What we want is not only having users accessing files in /music with rw access, but also to ensure that all files created in /music will have ownership username:media and permissions -rw-rw-r-- .
To achieve this, we will use two tools:
1) GID
2) ACL (man acl)
GID
Lets assume the /music directory has the following permissions:
By setting the GID on the directory /music , files created within this directory will have the same group as the /music directory. For example, normally we would expect a newly created file to have the following ownership:
If we set the GID of /music :
Now, newly created files in /music will have the following ownership:
We are one step closer but what we actually want is:
so that other users in the group media will be able to modify/delete the file.
ACL
ACL is included in the default Slackware install (for Ubuntu sudo apt-get install acl should do the trick). To "activate" it, you simply have to remount the drive with the acl option.
My fstab looks something like this (modify yours appropriately - don't mess it up!):
I have used ACL with reiserfs and ext3. I'm not sure how it works with others. Also, it seems that you don't have to specify acl in the options for xfs partitions.
Now remount the drive for it to take effect:
We can now use ACL to create default permissions for for newly created files in /music
Check the new permissions:
The output should look something like this:
We're done. For those who prefer a GUI, you can execute the steps outlined above using Konqueror. Right click -> permissions -> advanced permissions. Mess around with those options at you leisure.
Now, when we create a new file in /music :
Gives us:
The plus sign is to indicate ACL attributes are in effect on the file.
Newly created folders in /music should have:
Applying this idea to an already existing messy /music folder with subdirectories.
Before you do this as root in a valuable folder, its probably a good idea to practice as user in a not so valuable folder in your home directory to avoid potentially disastrous mistakes.
Before using chmod and chown with -R as root, think carefully...
Set GID as described above:
ls -ld music should give us
*** find a way to set the g+s on all subdirectories ***
This is pretty straight forward using konqueror. Select all the directories and right click, permissions, and advanced permissions.
From the command line: ???
We can apply acl recursively:
This creates the default rules for newly created files/dirs within the /music directory and subdirectories.
If the original files in there were created with a "standard" umask, most of them will have permissions similar to:
Assuming this is the case, we can fix this with
That should do it.
Your files in /music should now be group (media) writeable. New files will be created with group media and be group writeable as well.
Here is my objective:
I have a folder which I want to share with rw permissions for a selected group of users. Let's say the folder is /music and I want to share it with the group media. What we want is not only having users accessing files in /music with rw access, but also to ensure that all files created in /music will have ownership username:media and permissions -rw-rw-r-- .
To achieve this, we will use two tools:
1) GID
2) ACL (man acl)
GID
Lets assume the /music directory has the following permissions:
Code:
drwxrwxr-x root media
Code:
-rw-r--r-- 1 matty users 0 2007-12-06 22:46 newfile
Code:
chmod g+s /music
Code:
-rw-r--r-- 1 matty media 0 2007-12-06 22:46 newfile
Code:
-rw-rw-r-- 1 matty media 0 2007-12-06 22:46 newfile
ACL
ACL is included in the default Slackware install (for Ubuntu sudo apt-get install acl should do the trick). To "activate" it, you simply have to remount the drive with the acl option.
My fstab looks something like this (modify yours appropriately - don't mess it up!):
Code:
/dev/hdb1 /music ext3 defaults,acl 1 2
Now remount the drive for it to take effect:
Code:
mount -o remount /music
Code:
setfacl -d -m g::rwx /music setfacl -d -m o::rx /music
Code:
getfacl /music
Code:
# file: /music # owner: matty # group: media user::rwx group::rwx other::r-x default:user::rwx default:group::rwx default:other::r-x
Now, when we create a new file in /music :
Code:
touch newfile ls -l newfile
Code:
-rw-rw-r--+ 1 matty media 0 2007-12-06 22:46 newfile
Newly created folders in /music should have:
Code:
drwxrwsr-x+ 2 matty media 48 2007-12-06 23:15 newfolder/
Before you do this as root in a valuable folder, its probably a good idea to practice as user in a not so valuable folder in your home directory to avoid potentially disastrous mistakes.
Before using chmod and chown with -R as root, think carefully...Set GID as described above:
Code:
chown -R :media /music chmod 775 music chmod g+s /music
Code:
drwxrwsr-x 3 matty media
This is pretty straight forward using konqueror. Select all the directories and right click, permissions, and advanced permissions.
From the command line: ???
We can apply acl recursively:
Code:
setfacl -R -d -m g::rwx -m o::rx /music
If the original files in there were created with a "standard" umask, most of them will have permissions similar to:
Code:
-rw-r--r-- drwx-r-xr-x
Code:
chmod -R g+w /music
Your files in /music should now be group (media) writeable. New files will be created with group media and be group writeable as well.
Last edited by mattydee; 11-07-2009 at 03:37 PM.
Nenhum comentário:
Postar um comentário