Hi List :)
So, I have a folder1, its owner is user1 who has r+w on the folder. User2 is the group owner who only has read access (when I say user2, I mean the group called user2, because when you make a new user the OS can make them their own group). You can see these permissions below:
[user2@host test]$ ls -l drw-r----- 3 user1 user2 28 Nov 2 16:17 folder1
How ever user2 can not 'cd' into this directory, and gets the following out put form 'ls -l folder1'
[user2@host test]$ ls -l folder1/ total 0 ?--------- ? ? ? ? ? sub-folder
And the sub-folder name is written in white text flashing on a red background. So, it seems to me that there is some permissions problems here. What permissions are required on the group settings to allow a group user to browser folder1 and its sub folders and read the files in side if it isn't 'r' ?
**Note: I have used sudo to replicate permissions through the directy structure:
[user2@host test]$ sudo ls -l folder1/ drw-r----- 2 user1 user2 4096 Jan 24 06:49 sub-folder
Hi :)
On Wed, Jan 26, 2011 at 11:12 AM, James Bensley jwbensley@gmail.com wrote:
Hi List :)
So, I have a folder1, its owner is user1 who has r+w on the folder. User2 is the group owner who only has read access (when I say user2, I mean the group called user2, because when you make a new user the OS can make them their own group). You can see these permissions below:
[user2@host test]$ ls -l drw-r----- 3 user1 user2 28 Nov 2 16:17 folder1
How ever user2 can not 'cd' into this directory, and gets the following out put form 'ls -l folder1'
[user2@host test]$ ls -l folder1/ total 0 ?--------- ? ? ? ? ? sub-folder
And the sub-folder name is written in white text flashing on a red background. So, it seems to me that there is some permissions problems here. What permissions are required on the group settings to allow a group user to browser folder1 and its sub folders and read the files in side if it isn't 'r' ?
**Note: I have used sudo to replicate permissions through the directy structure:
[user2@host test]$ sudo ls -l folder1/ drw-r----- 2 user1 user2 4096 Jan 24 06:49 sub-folder
Directories should have +x permissions. Do a:
chmod 0750 /directory
And see what happens.
HTH
Rafa
On 26 January 2011 10:17, Rafa Griman rafagriman@gmail.com wrote:
Directories should have +x permissions. Do a:
chmod 0750 /directory
And see what happens.
Hi Rafa, like a fool I sent that email and then worked this out shortly after :)
Still, if I hadn't your response was quick so I wouldn't have been waiting long. This leads me onto a new question though;
If user1 writes a file in folder1 will user2 be made the default group owner, is there a way of enforcing this and with the required privileges (r for files, rx for directories?).
User1 accesses folder1 over smb so I could set up a create mask but other folders accessed by users1 not via smb (ssh, rsync etc) I still want user2 to have read only access. Can you implement smb style create masks at a file system level?
Hi :)
On Wed, Jan 26, 2011 at 11:31 AM, James Bensley jwbensley@gmail.com wrote:
On 26 January 2011 10:17, Rafa Griman rafagriman@gmail.com wrote:
Directories should have +x permissions. Do a:
chmod 0750 /directory
And see what happens.
Hi Rafa, like a fool I sent that email and then worked this out shortly after :)
I'm glad you worked it out ;)
Still, if I hadn't your response was quick so I wouldn't have been waiting long. This leads me onto a new question though;
If user1 writes a file in folder1 will user2 be made the default group owner, is there a way of enforcing this and with the required privileges (r for files, rx for directories?).
Ownership doesn't change just by creating files. Ownership of a file is set to the user that creates that file, no matter where the file is. Obviously, root can change file ownership ... so treat him well ;)
In any case, try it out yourself. Create the files and see what happens ;)
User1 accesses folder1 over smb so I could set up a create mask but other folders accessed by users1 not via smb (ssh, rsync etc) I still want user2 to have read only access. Can you implement smb style create masks at a file system level?
Samba is a different story (but related), you can create masks, set default permissions, ...
I usually recommend O'Reilley's Samba book because it starts off with a very simple config and then complicates it little by little.
HTH
Rafa
Hi,
On Jan 26, 2011, at 7:31 PM, James Bensley jwbensley@gmail.com wrote:
On 26 January 2011 10:17, Rafa Griman rafagriman@gmail.com wrote:
Directories should have +x permissions. Do a:
chmod 0750 /directory
And see what happens.
Hi Rafa, like a fool I sent that email and then worked this out shortly after :)
Still, if I hadn't your response was quick so I wouldn't have been waiting long. This leads me onto a new question though;
If user1 writes a file in folder1 will user2 be made the default group owner, is there a way of enforcing this and with the required privileges (r for files, rx for directories?).
Yes. If user1 belongs to the user2 group, that’s how it should [already] work.
User1 accesses folder1 over smb so I could set up a create mask but other folders accessed by users1 not via smb (ssh, rsync etc) I still want user2 to have read only access. Can you implement smb style create masks at a file system level?
man acl
Maybe that’s what you are looking for.
HTH,
On 01/26/2011 04:31 AM, James Bensley wrote:
On 26 January 2011 10:17, Rafa Grimanrafagriman@gmail.com wrote:
Directories should have +x permissions. Do a:
chmod 0750 /directory
And see what happens.
Hi Rafa, like a fool I sent that email and then worked this out shortly after :)
Still, if I hadn't your response was quick so I wouldn't have been waiting long. This leads me onto a new question though;
If user1 writes a file in folder1 will user2 be made the default group owner, is there a way of enforcing this and with the required privileges (r for files, rx for directories?).
Setting the SETGID bit on the directory ("chmod g+s folder1") will cause the GID of that directory to propagate to newly created files and directories therein.
Thanks to all for your replies; the ability to set the group ID (SGID) was the solution I needed, thanks very much guys :D
-
Edo -
James Bensley -
Rafa Griman -
Robert Nichols