On 2011-06-21 17:22, Todd Cary wrote:
Grasping a full understanding of setting default Users, Groups and Masks has alluded me over the years, but now I find myself in a situation where manually "setting" the file/directory attributes is becoming a pain.
I understand the fundamentals of the file attributes, though from time to time I have to review the "sticky bit"; what I do not understand is where/how the attributes are set when a user creates or modifies a file/directory. Here is my situation:
My /var/www/html files have been manually set by me to apache/apache 774. This allows my PHP applications to access the files, and I assume this is a "good" setting.
Now, my server is connected via Samba to my desktop. If I create a file, it is todd/todd 744, so Apache cannot access them.
If PHP (Apache) creates or modifies a file, it is apache/apache 755, so I cannot access them (Write/Delete).
I use a combination of settings in Unix and Samba.
Add yourself to the apache group.
Set the toplevel folder with the SGID bit: chgrp apache /the/toplevel chmod g+swx /the/toplevel This makes sure that each file/folder created in that folder will inherit the group writeable bit. When you have already subfolders there, you need to change each subfolder as well, once, to get the permissions of the whole tree correct.
In samba, set up the share with: force create mode = 775 force directory mode = 2775 this makes sure that samba does not remove that group-writable bit again, that was added by the kernel obeying the SGID bit of the parent folder.
And then I only have to struggle with some programs, that think they are smarter, and explicitly remove the group writeable settings.