From owner-freebsd-questions@FreeBSD.ORG Mon May 23 20:14:24 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A722116A41C for ; Mon, 23 May 2005 20:14:24 +0000 (GMT) (envelope-from cs-fbsd@ctzen.com) Received: from mail.ctzen.com (mail.ctzen.com [204.11.33.123]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6C96B43D1F for ; Mon, 23 May 2005 20:14:24 +0000 (GMT) (envelope-from cs-fbsd@ctzen.com) Received: from [10.50.4.40] (unknown [64.94.244.50]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.ctzen.com (Postfix) with ESMTP id 40F991BAC24 for ; Mon, 23 May 2005 16:14:23 -0400 (EDT) Message-ID: <4292399E.30107@ctzen.com> Date: Mon, 23 May 2005 16:14:22 -0400 From: cs User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: FreeBSD References: <42900CC6.4090701@ctzen.com> <44wtpq13lu.fsf@be-well.ilk.org> <20050523093759.M47072@mail.goinet.com> <44u0ktzufo.fsf@be-well.ilk.org> In-Reply-To: <44u0ktzufo.fsf@be-well.ilk.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Is this possible ? inherit group permissions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 May 2005 20:14:24 -0000 Lowell Gilbert wrote: > Tony Shadwick writes: > > >>On Mon, 23 May 2005, Lowell Gilbert wrote: >> >> >>>cs writes: >>> >>> >>>>For a directory, e.g. foo/, if I chmod 775 foo/, is it possible for >>>>newly created files and directories under foo/ to automagically >>>>inherit the group permissions of foo ? >>>> >>>>e.g. >>>>touch foo/test would be rw-rw-r-- >>>>mkdir foo/sub would be rwxrwxr-x >>>> >>>>I am looking for a non umask solution. >>>> >>>>I seem to remember in debian, I was able to make the group permissions >>>>of the parent directory special for this magic to occur. >>>> >>>>I wonder if there is something similar in FBSD. >>> >>>If you set the suid bit, both owner *and* group will be set. > > >>I'll have to remember that one. So if /home is a filesystem unto >>itself, if you set the suid bit on /home, all further creation beneath >>it will inherit the permissions you set above? > > > Only *directly* underneath it. Obviously you wouldn't want to do that > for /home, but I find it quite useful on shared project directories > and the like. If you are talking about inheriting group identity, that is not what I am asking for. I believe this is automagic under fbsd, e.g. mkdir foo chgrp somegroup foo touch foo/foofile mkdir foo/foodir foo/foofile and foo/foodir will have gid somegroup (without any suid or sgid). What I am more interested in is inherting group permissions. For example, I have a directory /var/www/foosite, which allows several different users to maintain it. One way to do it is to use a common account for all the users to maintain foosite. But it is "too loose" in accountability. Going full version control (cvs/subversion) is not really desired for me because it's not a "mission critical" thing. What I would like to do is create a group (say foogroup), assign all maintainers to the group, chgrp foogroup /var/www/foosite, and chmod g+w /var/www/foosite. Here is the "fun" part. User umask is 022 (which I would like to maintain). touch foosite/foofile mkdir foosite/foodir would render those new file/dir NOT group writable. umask 002 would make them group writable BUT it is a "global" setting and would affect other parts of the file system as well (e.g. user's home). Plus not all users are savvy enough to do umask 002 / umask 022 whenever necessary. I am looking for an "elegant" solution which I doubt I will find. After some thoughs, this is my "compromized" solution. The users will maintain foosite via ftp (within a VPN), and I use vsftpd and set the ftp umask to 002. -cs