[CentOS] Using umask

Fri Jun 24 23:37:38 UTC 2011
Todd Cary <todd at aristesoftware.com>


On 6/24/2011 6:51 AM, Paul Bijnens wrote:
> On 2011-06-21 17:22, Todd Cary wrote:
>> Grasping a full understanding of setting default Users, Groups
>> and Masks has alluded me over the years, but now I find myself in
>> a situation where manually "setting" the file/directory
>> attributes is becoming a pain.
>>
>> I understand the fundamentals of the file attributes, though from
>> time to time I have to review the "sticky bit"; what I do not
>> understand is where/how the attributes are set when a user
>> creates or modifies a file/directory.  Here is my situation:
>>
>> My /var/www/html files have been manually set by me to
>> apache/apache 774.  This allows my PHP applications to access the
>> files, and I assume this is a "good" setting.
>>
>> Now, my server is connected via Samba to my desktop.  If I create
>> a file, it is todd/todd 744, so Apache cannot access them.
>>
>> If PHP (Apache) creates or modifies a file, it is apache/apache
>> 755, so I cannot access them (Write/Delete).
> I use a combination of settings in Unix and Samba.
>
> Add yourself to the apache group.
>
> Set the toplevel folder with the SGID bit:
>        chgrp apache /the/toplevel
>        chmod g+swx /the/toplevel
> This makes sure that each file/folder created in that folder will
> inherit the group writeable bit.
> When you have already subfolders there, you need to change each subfolder
> as well, once, to get the permissions of the whole tree correct.
>
> In samba, set up the share with:
>      force create mode = 775
>      force directory mode = 2775
> this makes sure that samba does not remove that group-writable bit
> again, that was added by the kernel obeying the SGID bit of the parent folder.
>
> And then I only have to struggle with some programs, that think they
> are smarter, and explicitly remove the group writeable settings.
Thank you Paul...

Todd

-- 
Ariste Software
Petaluma, CA 94952

http://www.aristesoftware.com