Results 1 to 10 of 10

Thread: File permissions

  1. #1
    Join Date
    Jun 2008
    Location
    Finland
    Posts
    62

    Default File permissions

    Okay, I have this server that I'd like to keep pretty secure and it has multiple users. I have folder /mnt/downloads and it has permissions
    Code:
    drwxrwx--- 10 root files 4096 2008-09-02 22:18 downloads
    All users that I want to have access this folder belongs to group files.
    I also need to have samba access to this folder. I have created smbuser that belongs also in files group. In smb.conf I have forced guest account to be smbuser. And also i have
    Code:
    create mask = 0775
    directory mask = 0775
    I believe that i have solved file permissions problem with samba. But if folder is created from shell it always get's
    Code:
    drwxr-xr-x  2 myusername    users 4096 2008-09-03 20:50 testi
    So how to force file and folder permissions to be for both user and group rwx.

    It's not practical to always 'sudo chown' or 'sudo chmod' and I would be the onlyone to be able to do it.
    If you were to battle an old Sith Lord in a lightsabre duel, you would find that we're only children playing with toys.

  2. #2
    ab@novell.com NNTP User

    Default Re: File permissions

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Set every user's umask to 002 so perms are always set to 775 or 664
    (directory or file)? Vis Samba I'm not as sure... would guess there's
    some option though I don't know it.

    Good luck.





    TheDarthJysky wrote:
    > Okay, I have this server that I'd like to keep pretty secure and it has
    > multiple users. I have folder /mnt/downloads and it has permissions
    >
    > Code:
    > --------------------
    > drwxrwx--- 10 root files 4096 2008-09-02 22:18 downloads
    > --------------------
    > All users that I want to have access this folder belongs to group files.
    > I also need to have samba access to this folder. I have created smbuser
    > that belongs also in files group. In smb.conf I have forced guest
    > account to be smbuser. And also i have
    >
    > Code:
    > --------------------
    > create mask = 0775
    > directory mask = 0775
    > --------------------
    > I believe that i have solved file permissions problem with samba. But if
    > folder is created from shell it always get's
    >
    > Code:
    > --------------------
    > drwxr-xr-x 2 myusername users 4096 2008-09-03 20:50 testi
    > --------------------
    > So how to force file and folder permissions to be for both user and
    > group rwx.
    >
    > It's not practical to always 'sudo chown' or 'sudo chmod' and I would
    > be the onlyone to be able to do it.
    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFIvtHT3s42bA80+9kRApPnAJ42VzowwSNIL4zSEXsSntuty+giRQCfeVMW
    urBWrJF5vfm0e6hvqIOiQ44=
    =NJ4S
    -----END PGP SIGNATURE-----

  3. #3
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: File permissions

    Can't be done outside samba unless you enforce access through some program instead of being able to do anything from the shell. Which is how samba does it.

  4. #4
    Join Date
    Jun 2008
    Location
    Finland
    Posts
    62

    Default Re: File permissions

    What! Really?
    Is unix file permissions really that limited that one can not create folder permission rule that permissions are copied from parent folder?
    If you were to battle an old Sith Lord in a lightsabre duel, you would find that we're only children playing with toys.

  5. #5
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: File permissions

    You have do it with a process. The kernel doesn't do this.

  6. #6
    Join Date
    Jun 2008
    Location
    Brisbane, Australia
    Posts
    207

    Default Re: File permissions

    Quote Originally Posted by TheDarthJysky View Post
    What! Really?
    Is unix file permissions really that limited that one can not create folder permission rule that permissions are copied from parent folder?
    [Samba] SAMBA: umask

    Use umask in smb.conf - see link

    maybe this too? Samba default umask - NOVELL FORUMS

    Just a quick google. HiH
    NVIDIA! Listen to your customers! We want Free drivers.
    Petition #1. Petition #2. Use your VOICE! Sign the petitions!

  7. #7
    Join Date
    Jun 2008
    Location
    Finland
    Posts
    62

    Default Re: File permissions

    I have successfully configured samba permissions as I want them but the problem is that if someone from console, through ssh or by some other means folders and files are created with wrong group permissions
    If you were to battle an old Sith Lord in a lightsabre duel, you would find that we're only children playing with toys.

  8. #8
    Join Date
    Jun 2008
    Location
    Brisbane, Australia
    Posts
    207

    Default Re: File permissions

    Quote Originally Posted by TheDarthJysky View Post
    I have successfully configured samba permissions as I want them but the problem is that if someone from console creates files, through ssh or by some other means, folders and files are created with wrong group permissions
    Have you looked into GUID? I'm not sure *exactly* what you are after, but maybe you can try:
    Code:
    chmod 2755 ./directory
    or
    Code:
    chmod 2644 FILENAME
    Tips For Linux - What are the SUID, SGID and the Sticky Bits?

    hope that helps
    NVIDIA! Listen to your customers! We want Free drivers.
    Petition #1. Petition #2. Use your VOICE! Sign the petitions!

  9. #9
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,686
    Blog Entries
    4

    Default Re: File permissions

    So the solution is that you have to forbid direct access and to interpose a process that ensures that the permissions you want are enforced. This could be done in various ways varying from the hassle of requiring the use of a transfer program, e.g. smbclient, to trying to make it more convenient and transparent with a FUSE (filesystem in userspace).

    Note that you probably don't need to preserve ownership so that you don't have to run with superuser privilege, you just need to make sure that sharing is possible.

    PS: Another way is you could mount the Samba share with smbfs and let Samba do the work.

  10. #10
    Join Date
    Jun 2008
    Location
    Finland
    Posts
    62

    Default Re: File permissions

    Now, lets forget that samba access in this point. I have solved the problem with it in windows computers. Haven't had time to look it in to linux client.

    But the scenario:

    Someone uploads bunch of files and folders to /mnt/download/his_new_files via scp.
    Now file permissions to this folder and i'ts children are 755.
    Now this someone or someone else connects server with samba and wants to write more files or remove folder.
    This can not be done because folder owner is not same that is with samba, and group doesn't have rwx permission.

    What I want is to files and folders have 775 permissions when created.

    Now I could change global umask to 775, but won't that compromise my server security? As I'd like to have privacy to all users and /mnt/downloads to be only folder that all group members have equal rights.
    If you were to battle an old Sith Lord in a lightsabre duel, you would find that we're only children playing with toys.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •