Date: Mon, 8 Mar 2010 23:11:03 +1030 From: Rob <listone@deathbeforedecaf.net> To: freebsd-questions@freebsd.org Subject: ACLs, umask and shared directories Message-ID: <4A9C0B24-04BA-418D-81B6-99897FCC9E16@deathbeforedecaf.net>
next in thread | raw e-mail | index | archive | help
Hi Folks, I need to give a group of users write access to a shared directory. The = problem is, when one user creates a file, www1$ touch file1 www1$ ll total 8 drwxrwxr-x 2 root domain_users 512 Mar 8 03:11 . drwxr-xr-x 4 root wheel 512 Mar 8 03:10 .. -rw-r--r-- 1 www1 domain_users 0 Mar 8 03:11 file1 other users can't edit it. Solution 1 ---------- Change everyone's umask to 002. Unfortunately, these users are defined = in Active Directory and they're all in the same primary group - 002 is = not secure in this scenario. Solution 2 ---------- Set a default ACL on the parent directory,=20 www1$ getfacl -d . # file: . # owner: root # group: domain_users user::rwx group::rwx mask::rwx other::r-x but it doesn't have the desired effect, www1$ touch file1 www1$ getfacl file1 # file: file1 # owner: www1 # group: domain_users user::rw- group::rwx # effective: r-- mask::r-- other::r-- as the umask seems to override it - this was confirmed by Robert = Watson[1] in 2005. So does anyone have a better idea? Thanks Rob. [1] = http://lists.freebsd.org/pipermail/freebsd-fs/2005-October/001382.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A9C0B24-04BA-418D-81B6-99897FCC9E16>