On 6/24/2011 6:51 AM, Paul Bijnens wrote: > On 2011-06-21 17:22, Todd Cary wrote: >> Grasping a full understanding of setting default Users, Groups >> and Masks has alluded me over the years, but now I find myself in >> a situation where manually "setting" the file/directory >> attributes is becoming a pain. >> >> I understand the fundamentals of the file attributes, though from >> time to time I have to review the "sticky bit"; what I do not >> understand is where/how the attributes are set when a user >> creates or modifies a file/directory. Here is my situation: >> >> My /var/www/html files have been manually set by me to >> apache/apache 774. This allows my PHP applications to access the >> files, and I assume this is a "good" setting. >> >> Now, my server is connected via Samba to my desktop. If I create >> a file, it is todd/todd 744, so Apache cannot access them. >> >> If PHP (Apache) creates or modifies a file, it is apache/apache >> 755, so I cannot access them (Write/Delete). > I use a combination of settings in Unix and Samba. > > Add yourself to the apache group. > > Set the toplevel folder with the SGID bit: > chgrp apache /the/toplevel > chmod g+swx /the/toplevel > This makes sure that each file/folder created in that folder will > inherit the group writeable bit. > When you have already subfolders there, you need to change each subfolder > as well, once, to get the permissions of the whole tree correct. > > In samba, set up the share with: > force create mode = 775 > force directory mode = 2775 > this makes sure that samba does not remove that group-writable bit > again, that was added by the kernel obeying the SGID bit of the parent folder. > > And then I only have to struggle with some programs, that think they > are smarter, and explicitly remove the group writeable settings. Thank you Paul... Todd -- Ariste Software Petaluma, CA 94952 http://www.aristesoftware.com