[vox-tech] Default directory permissions - RESOLVED

Richard S. Crawford richard at underpope.com
Tue Feb 14 12:50:38 PST 2012


On Tue, Feb 14, 2012 at 10:25 AM, <timriley at appahost.com> wrote:

> > -------- Original Message --------
> > Subject: Re: [vox-tech] Default directory permissions
> > From: "Richard S. Crawford" <richard at underpope.com>
> > Date: Tue, February 14, 2012 9:38 am
> > To: "lugod's technical discussion forum" <vox-tech at lists.lugod.org>
> >
> >
> > On Fri, Feb 10, 2012 at 9:05 PM, <timriley at appahost.com> wrote:
> >
> > > > -------- Original Message --------
> > > > Subject: [vox-tech] Default directory permissions
> > > > From: "Richard S. Crawford" <richard at underpope.com>
> > > > Date: Fri, February 10, 2012 5:17 pm
> > > > To: "lugod's technical discussion forum" <vox-tech at lists.lugod.org>
> > > >
> > > >
> > > > I have a directory on my server which has several people that can
> write
> > > to
> > > > it. Each person has their own username but they all belong to the
> same
> > > > group. I would like to make sure that every file and directory that
> is
> > > > created in that directory are group-writable. In other words, if Rita
> > > > (member of group psacln) creates a file or subdirectory, then Ginger
> > > (also
> > > > a member of group psacln) should be able to write to it or delete
> it, and
> > > > vice versa.
> > >
> > > The way to achieve group collaboration is to have new files and
> > > directories
> > > become the group name of the group, not the default group name of the
> > > creator. Also, new files and directories need to have the group's
> > > write bit set. Here are the commands:
> > >
> > > 1) sudo chmod g+wxs .
> > > 2) sudo chgrp psacln .
> > > 3) sudo echo "umask 0002" >> /etc/profile
> > >
> > > The key is the s-bit set on the directory. This has the special meaning
> > > of setting new files' and directories' group name to the group name
> > > of the directory, not the creator.
> > >
> > > The umask command says to always turn on the group's write bit for new
> > > files and directories.
> > >
> >
> > All of the users are members of the group psacln and when they create
> files
> > or upload them via FTP, the files have the correct group assignment.
> > However, even after going through the steps you outlined above, new files
> > are not created with the proper permissions.
>
> > When I FTP test.test with
> > Rita's account, the file has permissions -rw-r--r-- set. I need it to be
> > -rw-rw-r--
>
> The group-write bit is probably not set on the file on the local
> computer.
> Try setting that first, then FTP. Umask doesn't set any bits not already
> set.
> Also, FTP may not source /etc/profile, first -- I don't remember.
>
> Consider using scp (or sftp). You first need to:
> 1) cd /etc/pam.d
> 2) sudo vi sshd
>   ==> session optional pam_umask.so umask=0002
> 3) sudo vi login
>   ==> session optional pam_umask.so umask=0002
>
> TAR files are another problem. The group-write bit must first be set.
>
> <snip>


I was able to get the behavior I wanted by entering the line:

     umask 0002

into .ftpaccess in the directories I needed this to work in.

When I get back from my vacation next week, I'll start the process of
transitioning our users from FTP to SFTP. I'd feel much better with that in
place in general anyway.

-- 
Sláinte,
Richard S. Crawford (richard at underpope.com) http://www.underpope.com
Twitter: http://twitter.com/underpope
Facebook: http://www.facebook.com/underpope
Google+: http://gplus.to/underpope
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.lugod.org/pipermail/vox-tech/attachments/20120214/65d3a7cd/attachment.htm 


More information about the vox-tech mailing list