Help with file permissions

dominic7il · 2015-10-12 21:07:27

I'm trying to create a shared folder on my root partition that anyone in a particular group can read and write to and any new files within that folder are also read writeable by anyone in that group no matter what. I've managed to create a folder whereby new users can write to it - but any new files are read only to the group.

Steps I've taken:

mkdir /storage
chown -R root:storage-public /storage
chmod -R 2775 /storage
touch test.txt

But these are the permissions I'm getting from my test file:

-rw-r--r-- 1 root storage-public 13 Oct 12 21:59 test.txt

Can anyone help?

jasonwryan · 2015-10-12 21:12:10

Not a Sysadmin issue, moving to NC...

ayekat · 2015-10-12 21:30:53

You could use Access Control Lists.

In particular,

setfacl -m group:storage-public:rwx /storage
setfacl -d -m group:storage-public:rwx /storage

Otherwise, setting the umask to 002 would be an idea, but I don't know if that's considered best practice (especially on Arch, where it seems to be common practice to put all users in the `users` group).

nixpunk · 2015-10-12 21:35:55

https://wiki.archlinux.org/index.php/Ac … trol_Lists

ayekat beat me to it.

Last edited by nixpunk (2015-10-12 21:41:08)

dominic7il · 2015-10-12 21:56:18

Thanks I had tried ACLs, but wasn't quite achieving the desired effect for instance when extracting a tar archive as root it does not enforce the acl rules; instead the posix permissions seem to override. When I extract a tar archive as a standard user the acls are still not enforced, but this time the folder is owned by the parent group.

As root

[root@hell-serv www]# getfacl owncloud
# file: owncloud
# owner: nobody
# group: nfsnobody
user::rwx
group::rwx			#effective:r-x
group:storage-public:rwx	#effective:r-x
mask::r-x
other::r-x
default:user::rwx
default:group::rwx
default:group:storage-public:rwx
default:mask::rwx
default:other::r-x

As user

[dominic@hell-serv www]$ getfacl owncloud
# file: owncloud
# owner: dominic
# group: storage-public
# flags: -s-
user::rwx
group::rwx			#effective:r-x
group:storage-public:rwx	#effective:r-x
mask::r-x
other::r-x
default:user::rwx
default:group::rwx
default:group:storage-public:rwx
default:mask::rwx
default:other::r-x

Essentially I want to force every new and existing file to be owned by storage-public and for that group to have read/write permission across the board. So far I've not been able to accomplish this - I've even set the default acl mask to 0002 but that get's overridden as well.

ayekat · 2015-10-13 13:46:18

Oh, I see that this only applies to files that are created inside the directory tree (e.g. vim, touch, mkdir, ...), but not to files that are moved/copied, as they usually preserve their permissions.

(`cp` can take an option `--no-preserve=all`, but I don't know to what extent you are willing to pass that option everytime you copy something to the shared folder...)

Arch Linux

#1 2015-10-12 21:07:27

Help with file permissions

#2 2015-10-12 21:12:10

Re: Help with file permissions

#3 2015-10-12 21:30:53

Re: Help with file permissions

#4 2015-10-12 21:35:55

Re: Help with file permissions

#5 2015-10-12 21:56:18

Re: Help with file permissions

#6 2015-10-13 13:46:18

Re: Help with file permissions

Board footer