Getting the hang of Linux file-system permissions can be tricky for beginners. I still have problems every now and again translating symbolic permission notation to octal permission notation and back again. One common scenario which can be complicated to enact in practice is the creation of default permissions for files inside of given directories. Although not a direct translation, in Windows this sort of functionality is usually implemented by selecting the "Allow propagation on child objects" setting when viewing Security Properties for a directory. But how to get this done in Linux?
The preferred approach is the use of Access Control Lists using setfacl. Since Linux kernel 2.6, the acl flag is enabled by default with most standard filesystems. There's already several solid explanations for how to use Linux ACLs. But, there are scenarios in which this can be difficult or impossible to implement; using exotic filesystems or older kernels, etc. Or you just might find ACL syntax confusing and try to avoid it unless absolutely needed. Whatever the reason, if all you need is to have all files in a given directory owned by a specific group and/or assigned a specific set of permissions, here's a down and dirty way to do it using a set-group-id bit.
umask 002 /somedirectory/ ### With this mask default subdirectory permissions are 775
### and default file permissions are 664 (-rw-rw-r--)
chgrp somegroup /somedirectory/ ### here we assign our preferred group
chmod g+s /somedirectory/ ### here we assign a set-group-id bit to the directory
Keep in mind that the umask in this example is pretty wide open. If you're not familiar with umask, take a look at one of the many guides floating around. I am much more likely to use a umask of 022 or 077 in production than the above example.
No comments:
Post a Comment