For instance, when you create a file, if you don't give it executable bit, it wouldn't be made executable (as expected). Permissions set this way also get masked with umasks, so if some bit is dropped in umask, this bit will be dropped from a permission. This "default" could only be set upon a directory, because there is no point to apply this to files. You can set default permissions for owner and group-owner by setting and blank. This is not the inheritance, just the default: setfacl -m default:user::rwx Īfter this, if anybody creates a file or directory in (if they are allowed to create objects there, of course), that object will get additional ACL user::rwx and group::rwx. The best you can do is to set default POSIX ACL which will apply to all newly created files and directories. Linux doesn't support permission inheritance, so you can't do what you asked in the question topic. 2 lbh lbh 4096 Oct 9 17:28 Desktop]$ getfacl hi 1 lbh lbh 0 Oct 9 17:27 hello.txtĭrwxrwxr-x. # group: Desktop]$ touch Desktop]$ mkdir Desktop]$ ls -alĭrwx. # group: Desktop]$ getfacl /asic/200T/lbh/file_root.txt # flags: Desktop]$ getfacl /asic/200T/lbh/file_lbh.txt # flags: Desktop]$ getfacl /asic/200T/lbh/aaa_root/ # flags: Desktop]$ getfacl /asic/200T/lbh/aaa_lbh/ # flags: Desktop]$ getfacl /asic/200T/lbh Getfacl: Removing leading '/' from absolute path names 4 lbh 200T 4096 Oct 1 02:40 200T]$ 200T]$Īnd getfaclresults of directories and files are as follows: Desktop]$ getfacl /asic The folder structure and permission of files created by lbh and root look like this: lbh]$ ls -alĭrwxr-s. Worried that changing the default umask value can lead to new With (d)rwxr-s- by default? Asking every user to manuallyĬhmod everything every time is too much of a hassle, and I'm Is there safe method to let workers create files and folders.Permission of the personal folder and defaulting to Why are the files created by users (like /lbh) under their personal directories (like lbh) ignoring the drwxr-s.The umask of root is 0022, and the umask of normal users is 0002. Resulting in each worker being able to write into everyone's own folders and files, which is exactly what we're trying to avoid. To achieve the goals above, we need the permissions of directories created by lbh to be drwxr-s- and files to be rwxr-s- by default, however the reality looks like this:įiles and folders created by lbh and root If glj wants to modify them, he'll have to copy them to his own directory /asic/200T/glj and then do so. Another person ( glj) on the 200T subproject should be able to read /asic/200T/lbh/testbench.v and /asic/200T/lbh/results but not write into them. For example, lbh just created a file testbench.v and a folder /results under /asic/200T/lbh. When a worker creates something in their own directory, we want other workers of the same sub-project to be able to read that new thing, but not modify it by accident. The idea is that content within /asic and /200T can be seen by all personell working on asic and 200T yet they cannot have write access to these 2 directories- if they want to create something, they'll have to do that within their own directories ( /lbh and the like). asic and /200T are owned by root and belongs to groups asic and 200T respectively, while /lbh is owned by the worker's user account lbh and belongs to group asic. asic, /200T, /lbh were all created by root and then had their properties reconfigured by root via chmod -R and chown -R. asic is our grand project's folder, /200T is a subproject of that grand project, and folders right under /200T such as /lbh are each worker's personal directories who are working on the subproject.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |