BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Advanced file permisions

Subject: [Discuss] Advanced file permisions
From: gaf.linux at gmail.com (Jerry Feldman)
Date: Wed, 26 Nov 2014 08:29:24 -0500
In-reply-to: <20141125234956.GE7124@dragontoe.org>
References: <CAEvgogE_8V-nEd0LU3VhJbMGh+Xt0emgMRnR7gR2eUR621ZY0A@mail.gmail.com> <20141125234956.GE7124@dragontoe.org>

I just checked, our umask is 0077 on our RHEL VMs (as required by IT). This
is the problem. a umask or 0007 will give us what we want. The issue is to
have read, write, execute by group. I was unaware that it was set to 0077
by default in RHEL 6. On RHEL5, it is set to 0022.

Most of our scripts here are Python (so the C rules apply), and most of the
code we have is either C++ or Java.

On Tue, Nov 25, 2014 at 6:49 PM, Derek Martin <invalid at pizzashack.org>
wrote:

> On Tue, Nov 25, 2014 at 09:38:52AM -0500, Jerry Feldman wrote:
> > I have an auto mounted directory where I want to restrict access to only
> > members of a specific group, lets call it foogroup for now. I didn't want
> > to use netgroups for a number of reasons in that the NAS is run by a
> > separate team, and they use a different LDAP server than we do.
> >
> > The way I set up the original top level directory is:
> > chmod 2770: rwxrws--- foogroup
> > But when I create a subdirectory I get:
> > rwx--S---
>
> How did you create the directory?  If you're using mkdir on the
> command line, the umask seems like the only possible culprit,
> excepting some weird filesystem mount options possibly.  The mkdir
> command  has a -m option to set the mode but one can assume you're not
> using that, or else you would know. =8^)
>
> If you're doing this from within a program, the mkdir() system call
> takes a mode argument (and is, I believe, still modified by your
> umask).  That's for C obviously but other languages should generally
> have something similar, and in some of those languages it may be
> optional, defaulting to something you don't want...
>
> --
> Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
> -=-=-=-=-
> This message is posted from an invalid address.  Replying to it will
> result in
> undeliverable mail due to spam prevention.  Sorry for the inconvenience.
>
>


-- 
--
Jerry Feldman <gaf.linux at gmail.com>
Boston Linux and Unix
PGP key id: B7F14F2F
Key fingerprint: D937 A424 4836 E052 2E1B  8DC6 24D7 000F B7F1 4F2F

References:
- [Discuss] Advanced file permisions
  - From: gaf.linux at gmail.com (Jerry Feldman)
- [Discuss] Advanced file permisions
  - From: invalid at pizzashack.org (Derek Martin)

Prev by Date: [Discuss] free SSL certs from the EFF
Next by Date: [Discuss] Boston Linux and Unix InstallFest LIV Saturday December 6, 2014
Previous by thread: [Discuss] Advanced file permisions
Next by thread: [Discuss] RCN dhcp problem fixed, root cause a mystery
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.