I want to share a folder among all users of a group : dev. So that all files are regardless of the owner can be edited by anyone in the group.
I have created the shared folder and set the respective permissions to the folder.
When a user creates a new file in that folder it belongs to owner:dev
But the permission for the files are rw-r--r--
So other users who belong the same group are not able to edit the files.
Like default group become "dev" how can I set the default permission for the files created in that directory.
I don't want to use "umask" technique because the user will upload files into that directory throuh ftp and other tools.
This really belongs on serverfault and I already mentioned there's almost an exact duplicate there, but anyway there's a nice little solution you can use, which is the FUSE bindfs module (there's a package in ubuntu). You use it to mount one directory onto another mountpoint and can set things such as the default permissions of any files created here, their owner, group and the permissions of files already in the directory (which is what you seem to want).
I don't want to use "umask" technique because the user will upload files into that directory throuh ftp and other tools.
That's the only way to do it, unless those "other tools" are themselves able to adjust permissions.
If you have root access, you can set the default umask for everyone to 002 from /etc/bashrc (assuming bash the default shell for the users in question).
A hack (and this is less preferable to umask) is to setup a cron job that will run every minute and do a chmod -R g+w <dir>.
Related
This should be pretty easy however it's tricky to Google.
How can I set it so every time "username" creates a new folder, it has 775 permissions, instead of 755? Basically to change the default assigned permissions for new folders.
Thanks,
Hristian
Set may set a correct umask.
You can find extra documentation at http://centoscert.com/content/what-umask-and-how-setup-default-umask
You can modify the one in /etc/profile (replace 022 by 002) if you want to change for the whole system.
But careful, this also impact access rights of 'standard' files (not only folders).
On my school directory when I ls -l (running Fedora) I see that I have a ton of files and directories owned by me, but one specific directory is owned by someone else. I recall a few months ago I tried copying that directory to my own as it had 744 privileges by that user. For some reason that user owns the directory in my home directory with 700 privileges so I cannot delete the directory. My home directory has 700 privileges.
Anyone know why something like this could have happened and how I can prevent it form happening in the future? Also, how should I go about deleting these files in my home directory? If needed I can contact IT but I want to see if there is anything I can do without contacting them.
Yellow is my user, red is the foreign user
Two possible options IMHO:
Check the permissions of your /home/YELLOW folder, if it
has o+w, or g+w, someone (the user
listed as the owner of the directory) may have created it there.
root did it. It doesn't make much sense for you, so probably if he/she did, it was by mistake (for example, performing some backup-and-restore administration and so on).
Normally permission for deletion of things in unix filesytems are grabbed from
the parent folder, so, you need to have "write permission" in a folder
to create or remove files (unless there is sticky bit in action);
directories are just special type of files so the rules still applies.
If the directory is empty, a simple rmdir p2Testing or rm -rf p2Testing would be enough. But, if the directory has files and
sub-directories, you won't have permissions to modify or delete them
(look at the drwx------), and only someone with more powers will be
able to do it for you (e.g. root, or the owner if he still have +w in
/home/YELLOW).
I have Qt application which should work on multiple platforms. One of those platforms is Linux. I am completely new in Linux world.
My application need to create and manage set of data files. After reading some links about linux directory structure I decided to store data files in /var/myapp directory and in its subdirectories.
Here is the problem: if my application runs without superuser privileges then it has no rights to create /var/myapp directory. Even if i will create directory manually (with sudo) my application will not have rights to write files there.
Is it possible to temporary elevate application's permissions from Qt code to create /var/myapp directory and write files there?
Or possibly there is another place in Linux directory structure which is by default available for storing application's data files?
Only root can create directories in /var. If your application needs a subdirectory under /var, you need to create it during installation (which typically runs with root permissions), and chmod it appropriately: either create a group for users that may run your application, put /var/myapp in that group, and chmod it to 770; or just chmod the directory to 777 to allow everyone to access it. If you want to prevent writing by regular users, use 755 or 750 instead. (For data files, don't set the execute bit though: the appropriate permissions here are 666/660/644/640). Instead of octal triplets, you may prefer the more elaborate mnemoic syntax to chmod, e.g. chmod ug+x filename adds (+) the execute bit (x) to filename for the owning user (u) and group (g).
However, /var is not necessarily the best choice: /var is typically used for volatile data (temporary files etc.), as well as things that are expected to change frequently (mail, log files, etc.). Other data should go into either:
/usr/share/{appname} for system-wide data files and resources
/etc/{appname} for system-wide configuration files
~/.{appname} (old convention) or ~/.config/{appname} for per-user configuration files
/var/tmp/{appname} for temporary files
Also, you want to make the /usr prefix configurable; most distributions reserve /usr for package-managed files, except /usr/local, which mirrors /usr for out-of-distro installs (so in that case, your system-wide resources go into /usr/local/share instead of /usr/share).
You could distribute it without installation scripts, but you'd have to tell them to run it once as root... or have the app run itself as root using gksudo/kdesudo if its system wide data files do not exist.
The custom though is to make a package (.deb, .rpm, or even a .tar.gz that the user will extract himself) including all necessary files.
But linux (and OS X for that matter) are multi user systems. Are you sure your files belong in /var or /usr? If they're created at runtime as you say, don't they depend on user input? In which case you need to put them in some directory inside the user's home directory (getenv("HOME")).
I run servers on my Linux Server (Ubuntu) and there's a bit of a problem. It may seem simple to fix, however I don't think it is. The servers run in my username (server), however, others access certain files with different users via FTP. Because the server is running in my username, whenever a plugin creates new files, they do not have permission to edit etc.
I have tried putting the users into groups and then allowing group access to that folder (even for new files), but had no luck. Every time they need to edit the files, I need to chmod -R 777 it.
I thought about running the servers in their usernames, however that would produce complications. Is it actually possible to make new files retain the permissions of the parent (or a top folder)? All the solutions I've found doesn't seem to work.
Not for users but for groups. You can:
chmod g+s parent_dir
chgrp shared_group parent_dir
If you create files inside it, that files will have the group of the folder (shared_group).
I have a java servlet. When it saves files, it saves them as tomcat:tomcat (in a linux environment). I actually need it to save it as sportsfan:tomcat as sportsfan is the FTP user and also needs access to create, modify or overwrite these files.
I thought about running tomcat as sportsfan:tomcat, but I'm running multiple applications under the one tomcat instance.
Perhaps the best way to do this would be to have the FTP user log in as part of the tomcat group. Would that be a correct way?
Please advise.
Adding your sportsfan user ftp to the tomcat group could be a good solution but before that check which are the modifiable files in you system with this permission and consider the security risks.
Another solution: Create a sportsfan group and add your sportsfan user to it. Then change the group of your upload directory and set it as setgid:
chgrp sportsfan upload
chmod g+s upload
After that the new files in the upload will be created with tomcat:sportsfan owner:group. It's not exactly what you asked for but changing the user id (setuid directories) is not supported on Linux. Wikipedia has a pretty good article about setuid and setgid directories. Futhermore, you have to set the umask value of the tomcat user to 000x (e.g. 0002) or a similar value which gives full access to the group.
3rd solution: set up a cron job which changes the permission in every n minutes.