From: Will Honea on 9 Apr 2010 14:02 Is there a way to lock permissions on a folder such that all the files retain a global set of permissions? I'm running an app under wine which includes a database (FoxPro, unfortunately). This is a church accounting/membership/scheduling app and I need to access the data from nearly all the accounts on the system. The app includes a network access installation so that all users access a common database. Works fine with Windows - as expected since security is, shall we say, weak there? - but permissions are playing hob when multiple users access the data. The most obvious problem is that FoxPro deletes and recreates its' index files during a re-index operation. These index files are created with the current user as owner but with 0744 permissons which locks out every other user because they ALL need write access to the files. How do I force the file permissions to remain 0766 at a minimum? -- Will Honea
From: J G Miller on 9 Apr 2010 15:26 On Fri, 09 Apr 2010 12:02:34 -0600, Will Honea wrote: > Is there a way to lock permissions on a folder such that all the files > retain a global set of permissions? As far as I am aware, there is no such feature. What you can do is to get people to use an appropriate umask setting so that files created by default have the desired permissions. Also you could run a cron job every few minutes which sets the permissions on all files in the directory.
From: marrgol on 9 Apr 2010 17:37 On 2010-04-09 20:02, Will Honea wrote: > Is there a way to lock permissions on a folder such that all the files > retain a global set of permissions? > ... > How do I force the file permissions to remain 0766 at a minimum? Set appropriate default ACL permissions on the folder - if your filesystem supports ACLs... -- mrg
From: Will Honea on 9 Apr 2010 18:07 marrgol wrote: > On 2010-04-09 20:02, Will Honea wrote: >> Is there a way to lock permissions on a folder such that all the files >> retain a global set of permissions? >> ... >> How do I force the file permissions to remain 0766 at a minimum? > > Set appropriate default ACL permissions on the folder - if your > filesystem supports ACLs... Bear with me. This is exactly what I need to do. Sitting in front of the desktop (or terminal), I want to create a folder to contain a whole slug of subfolders/files related to an app which will be used network-wide. I have no access to the application's code - it's a Windows app running under wine. From either a terminal or a file manager, how do I specify this (openSUSE 11.1/2, EXT3 fs)? Can I avoid the hassle by mounting a separate partition formatted FAT32 to contain the files? Sounds like a kludge but.... Which brings up another question: am I complicating life by creating the master folder in the /home folder? Could I use a different location that would resolve the issue? -- Will Honea
From: marrgol on 9 Apr 2010 19:52
On 2010-04-10 00:07, Will Honea wrote: >>> Is there a way to lock permissions on a folder such that all the files >>> retain a global set of permissions? >> >> Set appropriate default ACL permissions on the folder - if your >> filesystem supports ACLs... > > From either a terminal or a file manager, how do I specify this > (openSUSE 11.1/2, EXT3 fs)? > > Can I avoid the hassle by mounting a separate partition formatted > FAT32 to contain the files? I believe you can; make sure your filesystem is mounted with "acl" option and that you have "acl" packet installed, then try this (for your chosen location you need to do it as root): ~ # mkdir /home/appdir ~ # ls -ld /home/appdir drwxr-xr-x 2 root root 4096 Apr 10 01:11 /home/appdir ~ # setfacl -m g::rwx -m o::rwx -m default:g::rwx -m default:o::rwx \ /home/appdir ~ # Then as any user you can do: ~ $ touch /home/appdir/file1 ~ $ mkdir /home/appdir/dir1 ~ $ touch /home/appdir/dir1/file2 ~ $ ls -lR /home/appdir /home/appdir: total 4 drwxrwxrwx+ 2 marrgol users 4096 2010-04-10 01:13 dir1 -rw-rw-rw- 1 marrgol users 0 2010-04-10 01:12 file1 /home/appdir/dir1: total 0 -rw-rw-rw- 1 margo users 0 2010-04-10 01:13 file2 ~ $ As you can see both 'group' and 'others' have full access to the files and directory I created, even though I have: ~ $ umask 0077 ~ $ > Which brings up another question: am I complicating life by creating the > master folder in the /home folder? Not at all. :-) > Could I use a different location that would resolve the issue? Doesn't really matter. -- mrg |