Andrewski Posted February 24, 2004 Report Share Posted February 24, 2004 I'm trying to test my skills (the few that I have) by setting permissions on my music folder. /music. root:/$ ls -l drwxrwxr-x 61 root cdwriter 2248 Feb 24 14:46 music/ I want it to be accessible for playing by everyone, but I only want those in cdwriter to be able to write to it (renaming files, moving folders around, etc). Ok, seems like I did chmod and chown correctly, right? In userdrake, I made sure andrew was checked under group cdwriter. So I open EasyTag while logged into user andrew and it wouldn't let me save a file. What am I missing? root:/$ ps -Af | grep easy andrew 3445 1 0 17:32 ? 00:00:00 /usr/bin/easytag Quote Link to comment Share on other sites More sharing options...
fuzzylizard Posted February 24, 2004 Report Share Posted February 24, 2004 You set the permissions on a folder, however, this does not mean that any of the files in that folder will have the same permissions. You actually need to do chmod and chgrp recursively in order to ensure that everything below the folder has the same permissions. chmod -R 775 music/* This should ensure that everything is writable for the group cdwriter. There is also a way of setting a bit or umask for a folder that will ensure that any files added/created in that folder will inherit the same permissions as the folder. However, I am not sure of how to do it and I have never really had much luck with it. Also, if you just joined a group, I have no idea if you need to log back in to ensure that you are registered for that group (I doubt it, but you never know). Quote Link to comment Share on other sites More sharing options...
Andrewski Posted February 25, 2004 Author Report Share Posted February 25, 2004 (edited) What did it was you mentioning chgrp. I had learned to use "chown ### :group_name" to change the group. But chgrp worked. Next question is: how do I make sure any new files created will have the same permissions? Edited February 25, 2004 by Andrewski Quote Link to comment Share on other sites More sharing options...
aru Posted February 25, 2004 Report Share Posted February 25, 2004 (edited) So I open EasyTag while logged into user andrew and it wouldn't let me save a file. What am I missing? Probably you are missing the SGID to allow that any file created in a directory will belong to the same group You have to apply the sgid to the root directory of that tree to make that all new files and dirs created will have the same group id that has the root directory, in your example: ~# mkdir root_dir ~# chmod 2775 root_dir ~# chgrp cdwriter root_dir ~# ls -ld root_dir/ drwxrwsr-x 2 root cdwriter 48 feb 25 12:26 root_dir// ~# touch root_dir/file_1 ~# su aru ~$ touch root_dir/file_2 ~$ ls root_dir/* total 0 -rw-r--r-- 1 root cdwriter 0 feb 25 12:36 file_1 -rw-r--r-- 1 aru cdwriter 0 feb 25 12:37 file_2 ~$ HTH, or tell me if I'm missing the whole point Edited February 25, 2004 by aru Quote Link to comment Share on other sites More sharing options...
Andrewski Posted February 25, 2004 Author Report Share Posted February 25, 2004 Well, right idea, but the question is, how do I set it to automatically pick up the settings? In your example, you still had to chmod and chgrp... Quote Link to comment Share on other sites More sharing options...
Gowator Posted February 25, 2004 Report Share Posted February 25, 2004 man umask :D Quote Link to comment Share on other sites More sharing options...
Andrewski Posted February 25, 2004 Author Report Share Posted February 25, 2004 I did that. Not at my computer right now, but I ls'ed to music, typed umask and got "0224" I think. Whatever it was, it wasn't 0775, so I typed "umask 0775" and it stuck. I created a new folder and it was drwxrwxr-x, just like I wanted. Ok. man umask just told me such things, it didn't seem to mention owner and group membership, unless I missed something...? Quote Link to comment Share on other sites More sharing options...
aru Posted February 25, 2004 Report Share Posted February 25, 2004 (edited) Well, right idea, but the question is, how do I set it to automatically pick up the settings? In your example, you still had to chmod and chgrp... But only for the root directory. I had to create my own root_directory to show you how to do it. You've seen the '2' placed before the permission mask in the chmod command. And you've seen that the permission string of that directory wasn't "drwxrwxr-x" but was "drwxrsxr-x", haven't you? If you take a look to the last part of my example, I touched two files, one as user root and other as user aru, to show you that both files were created w/o problem by two different users, and that both files *automatically* got the cdwriter group, showing you that all the subsequent files and directories of that directory tree inherit the group ID of the root_directory, thus allowing *automatically* any user of that group to create his own files and directories within that directory tree. That was what I understood you wanted to do, wasn't that? By obvious security reasons that is imposible to be done without the SGID bit man umask I'm not sure if umask has something to do with this problem. umask sets the user's mask for creating new files, it doesn't grant the ability of *any* user of a given group to create new files on a given directory. That is done by SGID; man chmod ;) Edited February 25, 2004 by aru Quote Link to comment Share on other sites More sharing options...
Andrewski Posted February 26, 2004 Author Report Share Posted February 26, 2004 OK, almost there. I understand everything you did in your above example (and now that I'm at my computer, I notice all those things). :) Here's my results: root:/$ chmod 2775 music/ root:/$ chgrp cdwriter music/ root:/$ ls -ld music/ drwxrwsr-x 63 root cdwriter 1648 Feb 25 23:12 music// root:/$ touch music/file_1 root:/$ su andrew andrew:/$ touch music/file_2 andrew:/$ ls -ld music/* drwxrwsr-x 3 root cdwriter 104 Feb 24 14:33 music/Albéniz/ drwxrwsr-x 46 root cdwriter 3256 Feb 24 14:36 music/Bach/ drwxrwsr-x 3 root cdwriter 112 Feb 24 14:36 music/Bartok/ <snip> -rw-r--r-- 1 root cdwriter 0 Feb 25 23:15 music/file_1 -rw-r--r-- 1 andrew cdwriter 0 Feb 25 23:15 music/file_2 <snip> andrew:music$ umask 0022 Ok, so the owner didn't get picked correctly and neither did the permissions. Umask is at fault for the latter, but I just set it last night! In fact, after setting it and trying a few more times (su'ing and such), it keeps changing back to 0022! What's the deal? Quote Link to comment Share on other sites More sharing options...
aru Posted February 26, 2004 Report Share Posted February 26, 2004 (edited) My fault, you'll also need to set the umask value to 0002 to all the users who are going to edit files in that directory. The SGID grants that users of the root_directory group are able to create new files in it, and that those files will inherit the group, but does nothing about the permissions of the resulting files, that's umask's job. Just change your users' umask and you are done :) Edited February 26, 2004 by aru Quote Link to comment Share on other sites More sharing options...
Andrewski Posted February 26, 2004 Author Report Share Posted February 26, 2004 OK, I set the umask. Then, after a logout/login: andrew:andrew$ cd /music andrew:music$ umask 0022 andrew:music$ su Password: root:music$ umask 0022 Why...? Quote Link to comment Share on other sites More sharing options...
Gowator Posted February 26, 2004 Report Share Posted February 26, 2004 Becuase UMASK is just an envvar (environment varaible) add export UMASK=0022 in your users .bashrc Also, do you understand why the numbers are 1-7 ?? I have a post somewhere explaining it. bah its like this.... We'll only look at one set of wrx since the numbers are just treated as three seperate bits. wrx= 421 So w+x = 4+1 = 5 in case you didn't catch on these are the binary numbers so although you type a decimal 5 its actually 101... So its quite simple, 1=on and 0 = off. w-x= 4-1=5= 101 So the UMASK is just subtracted from this DESCRIPTION The umask() routine sets the process's file mode creation mask to numask and returns the previous value of the mask. The 9 low-order access per- mission bits of numask are used by system calls, including open(2), mkdir(2), mkfifo(2) and mknod(2) to turn off corresponding bits request- ed in file mode. (See chmod(2)). This clearing allows each user to re- strict the default access to his files. The default mask value is S_IWGRP|S_IWOTH (022, write access for the own- er only). Child processes inherit the mask of the calling process. In English.... Just subtract the UMASK from 777 and this gives you the permissions that a file will have if created using... (well those routines cover just about everything) The SGID/SUID bit is just the leftmost bit of the series. Erm ... here's a link cos Im going home.... http://www.geocities.com/tipsforlinux/arti...ticles/028.html Quote Link to comment Share on other sites More sharing options...
Andrewski Posted February 26, 2004 Author Report Share Posted February 26, 2004 (edited) Thanks, I didn't know that's what umask did. My man page was empty, and just listed a bunch of other bash commands to look up. Sheesh! add export UMASK=0022 in your users .bashrc OK, but isn't umask set per-folder? How would I do that just for /music/? Sorry, I really don't have any info on umask to go on.... (BTW, I'd want UMASK=0002, since I want the files in /music/ to be 0775.) Edited February 26, 2004 by Andrewski Quote Link to comment Share on other sites More sharing options...
Gowator Posted February 26, 2004 Report Share Posted February 26, 2004 No the permissions are set per folder, umask just alters the default permissions. i.e If you set umask to 222 and then mkdir myfolder myfolder will be 555. r-x,r-x,r-x (now its set until you chmod it!) cd afolder then touch afile oops, you can't becuase the directory is 555 :D chmod 755 ../afolder Now you can touch afile ls -l hey, its not executable! (the answers on this page) but mkdir another gives 555 as expected. NOW change the umask to 000 mkdir yet another Yep its 777. See if you can say why cat >afile OR touch afile are not what expected :D Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.