Greetings all-
I have a system running CentOS 5.5 x86_64. It's serving NFS for several 'frontend' boxes in a web application setup. All data is stored in specific dir but written by different users. When the webapp attempts to read this information, it may or may not have permissions to this data. What I'd like to do is set 'default permissions' on the data storage directory (lets call this /var/appdata) so that any file or directory created under this is assigned a default set of permissions, and if possible, ownership.
I've looked at and tested umask but it only seems to allow/disallow specific permissions, not force permissions. Am I missing something? How can I force all files/dirs created under a specific directory to have the permissions (and ownership if possible) that I specify?
Thanks!
Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105
On Thu, Aug 26, 2010 at 10:35 AM, Tim Nelson tnelson@rockbochs.com wrote:
Greetings all-
I have a system running CentOS 5.5 x86_64. It's serving NFS for several 'frontend' boxes in a web application setup. All data is stored in specific dir but written by different users. When the webapp attempts to read this information, it may or may not have permissions to this data. What I'd like to do is set 'default permissions' on the data storage directory (lets call this /var/appdata) so that any file or directory created under this is assigned a default set of permissions, and if possible, ownership.
I've looked at and tested umask but it only seems to allow/disallow specific permissions, not force permissions. Am I missing something? How can I force all files/dirs created under a specific directory to have the permissions (and ownership if possible) that I specify?
Thanks!
The SUID on the directory is what you need.
On Thursday 26 August 2010 10:35:08 Tim Nelson wrote:
I've looked at and tested umask but it only seems to allow/disallow specific permissions, not force permissions. Am I missing something? How can I force all files/dirs created under a specific directory to have the permissions (and ownership if possible) that I specify?
Hi,
You need to jump into ACLs. You'll do something like:
If you don't want to deal with ACLs and your requirements aren't too specific you could set the SGID, bit (Set Group ID) so that every file created under the directory will be owned by the group owner of that directory:
chown myGroup /var/appdata chmod g+s /var/adppdata
HTH, Jorge
----- "Jorge Fábregas" jorge.fabregas@gmail.com wrote:
On Thursday 26 August 2010 10:35:08 Tim Nelson wrote:
I've looked at and tested umask but it only seems to allow/disallow specific permissions, not force permissions. Am I missing something?
How
can I force all files/dirs created under a specific directory to
have the
permissions (and ownership if possible) that I specify?
Hi,
You need to jump into ACLs. You'll do something like:
If you don't want to deal with ACLs and your requirements aren't too specific you could set the SGID, bit (Set Group ID) so that every file created under the directory will be owned by the group owner of that directory:
chown myGroup /var/appdata chmod g+s /var/adppdata
ACL's do indeed look like the method I'd prefer. Are ACL's part of the filesystem (dependent on ext{2,3,4} etc?) or are they part of the file/inode? My primary reason for asking is I'd like to know if when backing up this data, will the ACL's be included in the backup or will they be lost?
--Tim
On Thu, Aug 26, 2010 at 11:56 AM, Tim Nelson tnelson@rockbochs.com wrote: [snip]
ACL's do indeed look like the method I'd prefer. Are ACL's part of the filesystem (dependent on ext{2,3,4} etc?) or are they part of the file/inode? My primary reason for asking is I'd like to know if when backing up this data, will the ACL's be included in the backup or will they be lost?
--Tim
tar and rsync both have ACL preservation options. I don't run many ACL filesystems, but those I do use backup fine with tar.
On Thursday 26 August 2010 11:56:41 Tim Nelson wrote:
ACL's do indeed look like the method I'd prefer. Are ACL's part of the filesystem (dependent on ext{2,3,4} etc?) or are they part of the file/inode? My primary reason for asking is I'd like to know if when backing up this data, will the ACL's be included in the backup or will they be lost?
Yes, they are part of the filesystem's extended attributes and you are right: you need to make sure the tools you use to backup/restore are "aware" of these extended attributes. AFAIK, the "tar" command on CentOS 5 is not aware of these and you need to use one called "star". Check that one.
You could still use your backup program or the regular tar command along with "getfacl -R" to create a text dump of all the permissions (so that you can easily reapply them when you untar/restore on the destination filesystem).
HTH, Jorge
On Thursday 26 August 2010 12:17:05 Jorge Fábregas wrote:
AFAIK, the "tar" command on CentOS 5 is not aware of these and you need to use one called "star"
Check your CentOS release level. I just checked now and on 5.5 the tar command (man tar) shows some options for acl and selinux (you need to be explicit about these in order to get these attributes).
-
Jorge Fábregas -
Kwan Lowe -
Tim Nelson