Hi,
I have changed directory ownership permissions recursively such that it is owned by username:groupname , where groupname is not the default group, i.e., username. However, when a user creates a new file the default permissions are again username:username.
How can I give ownership permissions on a particular directory so that any files created in that directory will always have specifc username:groupname permissions? Also is there any option that would allow only owner to delete files, even though group has rwx permissions?
Thanks, CS.
Carlos Santana wrote:
How can I give ownership permissions on a particular directory so that any files created in that directory will always have specifc username:groupname permissions?
make the directory setgid chmod g+s
Also is there any option that would allow only owner to delete files, even though group has rwx permissions?
Perhaps via ACLs..
nate
On Tue, 12 Jan 2010, Carlos Santana wrote:
Hi,
I have changed directory ownership permissions recursively such that it is owned by username:groupname , where groupname is not the default group, i.e., username. However, when a user creates a new file the default permissions are again username:username.
How can I give ownership permissions on a particular directory so that any files created in that directory will always have specifc username:groupname permissions?
chmod 2775 /your/directory
This will assign group ownership of any files created in /your/directory to the group that owns that directory.
It won't, however, change user ownership. Allowing that sort of operation would be a great avenue for a denial-of-service attach on any filesystem with quotas.
Also is there any option that would allow only owner to delete files, even though group has rwx permissions?
chmod 3775 /your/directory
This combines the 2775 trick mentioned above with an o+s operation. Setting the "sticky bit" on the all-users permissions allows only owners to dispose of files. See the permissions on /tmp or /var/tmp for an example.
Thanks nate and Paul..
Do I need to use -R recursive option for any of the commands you mentioned?
- CS.
On Tue, Jan 12, 2010 at 3:58 PM, Paul Heinlein heinlein@madboa.com wrote:
On Tue, 12 Jan 2010, Carlos Santana wrote:
Hi,
I have changed directory ownership permissions recursively such that it is owned by username:groupname , where groupname is not the default group, i.e., username. However, when a user creates a new file the default permissions are again username:username.
How can I give ownership permissions on a particular directory so that any files created in that directory will always have specifc username:groupname permissions?
chmod 2775 /your/directory
This will assign group ownership of any files created in /your/directory to the group that owns that directory.
It won't, however, change user ownership. Allowing that sort of operation would be a great avenue for a denial-of-service attach on any filesystem with quotas.
Also is there any option that would allow only owner to delete files, even though group has rwx permissions?
chmod 3775 /your/directory
This combines the 2775 trick mentioned above with an o+s operation. Setting the "sticky bit" on the all-users permissions allows only owners to dispose of files. See the permissions on /tmp or /var/tmp for an example.
-- Paul Heinlein <> heinlein@madboa.com <> http://www.madboa.com/ _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Tue, 12 Jan 2010, Carlos Santana wrote:
Thanks nate and Paul..
Do I need to use -R recursive option for any of the commands you mentioned?
I'd be leery of doing that unless the only items below the top directory are other directories (i.e., no regular files).
If you have subdirectories you want to alter, but you also have regular files sprinkled through the tree, it'd be best to run find instead, e.g.,
find /your/directory -type d -exec chmod 3775 {} ;
Carlos Santana wrote:
Thanks nate and Paul..
Do I need to use -R recursive option for any of the commands you mentioned?
CS.
On Tue, Jan 12, 2010 at 3:58 PM, Paul Heinlein heinlein@madboa.com wrote:
On Tue, 12 Jan 2010, Carlos Santana wrote:
Hi,
I have changed directory ownership permissions recursively such that it is owned by username:groupname , where groupname is not the default group, i.e., username. However, when a user creates a new file the default permissions are again username:username.
How can I give ownership permissions on a particular directory so that any files created in that directory will always have specifc username:groupname permissions?
chmod 2775 /your/directory
This will assign group ownership of any files created in /your/directory to the group that owns that directory.
It won't, however, change user ownership. Allowing that sort of operation would be a great avenue for a denial-of-service attach on any filesystem with quotas.
If you need to sort out sub-directories try - where tld is top level directory $ find tld -type d -print0 | xargs -0 chmod 2775 if you need to clean up files (ie not directory) $ find tld -type f -print0 | xargs -0 chmod 664 I find that openoffice chokes on files with the sticky bit set - it will not save!
Also is there any option that would allow only owner to delete files, even though group has rwx permissions?
chmod 3775 /your/directory
This combines the 2775 trick mentioned above with an o+s operation. Setting the "sticky bit" on the all-users permissions allows only owners to dispose of files. See the permissions on /tmp or /var/tmp for an example.
-- Paul Heinlein <> heinlein@madboa.com <> http://www.madboa.com/ _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Carlos Santana -
nate -
Paul Heinlein -
Rob Kampen