<div class="gmail_quote">On Tue, Feb 14, 2012 at 10:25 AM, <span dir="ltr"><<a href="mailto:timriley@appahost.com">timriley@appahost.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">> -------- Original Message --------<br>
> Subject: Re: [vox-tech] Default directory permissions<br>
> From: "Richard S. Crawford" <<a href="mailto:richard@underpope.com">richard@underpope.com</a>><br>
</div><div><div class="h5">> Date: Tue, February 14, 2012 9:38 am<br>
> To: "lugod's technical discussion forum" <<a href="mailto:vox-tech@lists.lugod.org">vox-tech@lists.lugod.org</a>><br>
><br>
><br>
> On Fri, Feb 10, 2012 at 9:05 PM, <<a href="mailto:timriley@appahost.com">timriley@appahost.com</a>> wrote:<br>
><br>
> > > -------- Original Message --------<br>
> > > Subject: [vox-tech] Default directory permissions<br>
> > > From: "Richard S. Crawford" <<a href="mailto:richard@underpope.com">richard@underpope.com</a>><br>
> > > Date: Fri, February 10, 2012 5:17 pm<br>
> > > To: "lugod's technical discussion forum" <<a href="mailto:vox-tech@lists.lugod.org">vox-tech@lists.lugod.org</a>><br>
> > ><br>
> > ><br>
> > > I have a directory on my server which has several people that can write<br>
> > to<br>
> > > it. Each person has their own username but they all belong to the same<br>
> > > group. I would like to make sure that every file and directory that is<br>
> > > created in that directory are group-writable. In other words, if Rita<br>
> > > (member of group psacln) creates a file or subdirectory, then Ginger<br>
> > (also<br>
> > > a member of group psacln) should be able to write to it or delete it, and<br>
> > > vice versa.<br>
> ><br>
> > The way to achieve group collaboration is to have new files and<br>
> > directories<br>
> > become the group name of the group, not the default group name of the<br>
> > creator. Also, new files and directories need to have the group's<br>
> > write bit set. Here are the commands:<br>
> ><br>
> > 1) sudo chmod g+wxs .<br>
> > 2) sudo chgrp psacln .<br>
> > 3) sudo echo "umask 0002" >> /etc/profile<br>
> ><br>
> > The key is the s-bit set on the directory. This has the special meaning<br>
> > of setting new files' and directories' group name to the group name<br>
> > of the directory, not the creator.<br>
> ><br>
> > The umask command says to always turn on the group's write bit for new<br>
> > files and directories.<br>
> ><br>
><br>
> All of the users are members of the group psacln and when they create files<br>
> or upload them via FTP, the files have the correct group assignment.<br>
> However, even after going through the steps you outlined above, new files<br>
> are not created with the proper permissions.<br>
<br>
> When I FTP test.test with<br>
> Rita's account, the file has permissions -rw-r--r-- set. I need it to be<br>
> -rw-rw-r--<br>
<br>
</div></div>The group-write bit is probably not set on the file on the local<br>
computer.<br>
Try setting that first, then FTP. Umask doesn't set any bits not already<br>
set.<br>
Also, FTP may not source /etc/profile, first -- I don't remember.<br>
<br>
Consider using scp (or sftp). You first need to:<br>
1) cd /etc/pam.d<br>
2) sudo vi sshd<br>
==> session optional pam_umask.so umask=0002<br>
3) sudo vi login<br>
==> session optional pam_umask.so umask=0002<br>
<br>
TAR files are another problem. The group-write bit must first be set.<br>
<br>
<snip></blockquote><div> </div></div>I was able to get the behavior I wanted by entering the line:<div><br></div><div> umask 0002</div><div><br></div><div>into .ftpaccess in the directories I needed this to work in.</div>
<div><br></div><div>When I get back from my vacation next week, I'll start the process of transitioning our users from FTP to SFTP. I'd feel much better with that in place in general anyway.<br clear="all"><div><br>
</div>-- <br>Sláinte,<br>Richard S. Crawford (<a href="mailto:richard@underpope.com" target="_blank">richard@underpope.com</a>) <a href="http://www.underpope.com" target="_blank">http://www.underpope.com</a><div>Twitter: <a href="http://twitter.com/underpope" target="_blank">http://twitter.com/underpope</a><br>
Facebook: <a href="http://www.facebook.com/underpope" target="_blank">http://www.facebook.com/underpope</a><br>Google+: <a href="http://gplus.to/underpope" target="_blank">http://gplus.to/underpope</a><br></div><br>
</div>