[CentOS] sticky folder permissions

Tue Jul 22 15:36:18 UTC 2008
Tom Brown <tom at ng23.net>

>
> What are the applications? What is the directory structure? Is the
> permission problem on a directory or a file? What user account owns
> the application process? Is the app un-doing your manual permission
> changes on existing files and directories, or just not granting read
> permission to new objects?
>
>   

in house apps running out of /opt/<appname> and logging into 
/opt/<appname>/logs and are running as user <appname>

need to have world read on /opt/<appname>/logs

when permissions are 'manually' set when the app is redeployed it seems 
that the world read is removed (i am investigating why this is)
> If an application so chooses, it can set whatever permissions it wants
> on newly created files. It may even have logic to alter the
> permissions on existing files. You may not be able to control it from
> the OS level.
>
> Or, it could be as simple as setting (or changing) the umask in the
> application startup script.
>
>   

i was hoping at the OS level i could limit what the app could do with 
the permissions as the app is not running as root. it seems i cant do 
that so i will need to look at how the app is deployed and why the perms 
are being reset/overwritten.