File Permissions

Latest response

Hello,

I've been trying to figure out the best way for configuring file permissions on Red Hat 5.3 and above but I'm having no luck.

What I want to do is create a directory which will have hundereds and hundreds of files and sub-directories.
On the top level I want to set the UID, GID and permissions and have it go through and change every sub-directory and file. Obviously the -R option will do this for me.
But what I need to happen is whenever a new file or sub-durectory gets created by a user I want it to inherit the permissions/ownership from the upper levels.
Our .cshrc/.bashrc are configured for a umask of 2 so we cannot use Sticky Bits in this situation.
I've looked at ACLs and it doesn't seemt o ahve an option for inheriting permissions/ownerships.

Does anyone have any suggestions?

Thanks,

Matt

MJ
Log in to join the conversation

Responses

AP Red Hat Pro 630 points
1 February 2013 9:03 PM

Hi Mathew,

You should be able to use the default acl on the parent directory like this. Here testdir is your parent directory and test is user.

setfacl -m d:test:rwx testidr/
setfacl -m d g:test:rwx testidr/

now when you run create a new file and run getfacl on that file , you should be able to see the acl set by default on those files.

https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/s1-acls-setting-default.html

Regards,
Antony

MJ Active Contributor 202 points
5 February 2013 3:28 PM

Hey Antony,

Thank you for the suggestion but it does not seem to be working.
Maybe I'm doing something wrong though.

setfacl -m d:user1:rwx testdir/
setfacl -m d:user2:rwx testdir/
setfacl -m d:user3:rwx testdir/

setfacl -m d:g:group1:rwx testdir/

So user1 creates a file under the testdir and it takes the permissions from umask2 which is set in .cshrc which sets the files permissions as the following;
rw-rw-r--+ and keeps it as the users default group which is different from group1 which was set above.
User2 tries to modify the file created by user1 but cannot do it due to not enough permissions. Both users are in group1 which has rwx so user2 has enough permissions.

Here is the getfacl permissions listed above for that file.
user::rw-
user:root:rwx
user:user1:rwx
user:user2:rwx
user:user3:rwx
group::r-x
group:group1:rwx
mask::rw-
other::r--

Am I doing something wrong here?

Thanks,
Matt

NB Red Hat Pro 632 points
6 February 2013 9:44 AM

Hello Matt,

Could something like this fit in here:

[root@vm ~]# mkdir /testdir
[root@vm ~]# chown root.group1 /testdir/
[root@vm ~]# chmod g+s /testdir/

[root@vm ~]# ll -d /testdir/
drwxrwsr-x+ 2 root group1 4096 Feb  6 15:02 /testdir/
[root@vm ~]# setfacl -m g:group1:rwx /testdir/
[root@vm ~]# su - user1
[user1@vm ~]$ touch /testdir/test.out
[user1@vm ~]$ ll /testdir/test.out
-rw-rw-r--+ 1 user1 group1 0 Feb  6 15:01 /testdir/test.out
[user1@vm ~]$ logout
[root@vm ~]# su - user2
[user2@vm ~]$ touch test1.out
[user2@vm ~]$ touch /testdir/test2.out
[user2@vm ~]$ echouser2
[user2@vm ~]$ echo user2 > /testdir/test.out
[user2@vm ~]$ ll /testdir/
total 12
-rw-rw-r--+ 1 user2 group1 0 Feb  6 15:02 test2.out
-rw-rw-r--+ 1 user1 group1 6 Feb  6 15:02 test.out
 

It might not be exactly what you want i.e. inhareting permissions from parent directory but with this configurations users should be able to inherit the group ownerships and should be able to modify the files created by other users.

Thanks.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.