l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2012 Feb 22 23:08

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Default directory permissions - RESOLVED
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Default directory permissions - RESOLVED

On Tue, Feb 14, 2012 at 10:25 AM, <timriley@appahost.com> wrote:
> -------- Original Message --------
> Subject: Re: [vox-tech] Default directory permissions
> From: "Richard S. Crawford" <richard@underpope.com>
> Date: Tue, February 14, 2012 9:38 am
> To: "lugod's technical discussion forum" <vox-tech@lists.lugod.org>
> On Fri, Feb 10, 2012 at 9:05 PM, <timriley@appahost.com> wrote:
> > > -------- Original Message --------
> > > Subject: [vox-tech] Default directory permissions
> > > From: "Richard S. Crawford" <richard@underpope.com>
> > > Date: Fri, February 10, 2012 5:17 pm
> > > To: "lugod's technical discussion forum" <vox-tech@lists.lugod.org>
> > >
> > >
> > > I have a directory on my server which has several people that can write
> > to
> > > it. Each person has their own username but they all belong to the same
> > > group. I would like to make sure that every file and directory that is
> > > created in that directory are group-writable. In other words, if Rita
> > > (member of group psacln) creates a file or subdirectory, then Ginger
> > (also
> > > a member of group psacln) should be able to write to it or delete it, and
> > > vice versa.
> >
> > The way to achieve group collaboration is to have new files and
> > directories
> > become the group name of the group, not the default group name of the
> > creator. Also, new files and directories need to have the group's
> > write bit set. Here are the commands:
> >
> > 1) sudo chmod g+wxs .
> > 2) sudo chgrp psacln .
> > 3) sudo echo "umask 0002" >> /etc/profile
> >
> > The key is the s-bit set on the directory. This has the special meaning
> > of setting new files' and directories' group name to the group name
> > of the directory, not the creator.
> >
> > The umask command says to always turn on the group's write bit for new
> > files and directories.
> >
> All of the users are members of the group psacln and when they create files
> or upload them via FTP, the files have the correct group assignment.
> However, even after going through the steps you outlined above, new files
> are not created with the proper permissions.

> When I FTP test.test with
> Rita's account, the file has permissions -rw-r--r-- set. I need it to be
> -rw-rw-r--

The group-write bit is probably not set on the file on the local
Try setting that first, then FTP. Umask doesn't set any bits not already
Also, FTP may not source /etc/profile, first -- I don't remember.

Consider using scp (or sftp). You first need to:
1) cd /etc/pam.d
2) sudo vi sshd
  ==> session optional pam_umask.so umask=0002
3) sudo vi login
  ==> session optional pam_umask.so umask=0002

TAR files are another problem. The group-write bit must first be set.

I was able to get the behavior I wanted by entering the line:

     umask 0002

into .ftpaccess in the directories I needed this to work in.

When I get back from my vacation next week, I'll start the process of transitioning our users from FTP to SFTP. I'd feel much better with that in place in general anyway.

Richard S. Crawford (richard@underpope.comhttp://www.underpope.com
vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!