Date: Wed, 11 May 2005 15:15:40 -0400 From: Chuck Swiger <cswiger@mac.com> To: Lewis Thompson <lewiz@compsoc.man.ac.uk> Cc: freebsd-questions@freebsd.org Subject: Re: user owned groups Message-ID: <428259DC.9050802@mac.com> In-Reply-To: <20050511185620.GA91019@noisy.compsoc.man.ac.uk> References: <20050511165506.GC10213@asu.edu> <428242D7.6040103@mac.com> <20050511174702.GA23222@noisy.compsoc.man.ac.uk> <42824FFA.4080603@mac.com> <20050511185620.GA91019@noisy.compsoc.man.ac.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Lewis Thompson wrote: > On Wed, May 11, 2005 at 02:33:30PM -0400, Chuck Swiger wrote: >>setgid on directories won't help, but maybe the behavior of the sticky bit >>is what you are looking for? Is how stuff in /tmp handled OK >>permission-wise for your expectations? > > No, I was thinking more along the lines of inheriting permissions on new > files from the directory they are in, i.e. > > umask 22 > mkdir inherit && chmod 5700 inherit (let's pretend 5 is my inherit mode) > cd inherit && touch test > > The end result would be that test would be created 0600 (or maybe 0700 > but that's not very handy). > > Does that make sense? Is it possible? Heh, good questions. Yes, and it is probably not needed. If "inherit" has 700 permissions, nobody who is not root or has the same UID can traverse down into inherit in order to look at or try to access test. If you "mkdir private && chmod 700 private", any files created under private will be safely[1] hidden away from anyone else but you, regardless of their permissions or what your umask is. -- -Chuck [1]: Within the limits of the security of the filesystem, anyway. If someone steals the hard drive, that's a different problem domain. If you want to keep files truely secret, consider encryption, or avoid keeping them on a computer in the first place.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?428259DC.9050802>