From owner-freebsd-questions@FreeBSD.ORG Sun Feb 5 17:44:08 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7D177106566C for ; Sun, 5 Feb 2012 17:44:08 +0000 (UTC) (envelope-from dan@dan.emsphone.com) Received: from email2.allantgroup.com (email2.emsphone.com [199.67.51.116]) by mx1.freebsd.org (Postfix) with ESMTP id 2854B8FC0C for ; Sun, 5 Feb 2012 17:44:07 +0000 (UTC) Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by email2.allantgroup.com (8.14.4/8.14.4) with ESMTP id q15Hi4UM026453 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 5 Feb 2012 11:44:04 -0600 (CST) (envelope-from dan@dan.emsphone.com) Received: from dan.emsphone.com (smmsp@localhost [127.0.0.1]) by dan.emsphone.com (8.14.5/8.14.5) with ESMTP id q15Hi4e2086303 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 5 Feb 2012 11:44:04 -0600 (CST) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.14.5/8.14.5/Submit) id q15Hi4v2086302; Sun, 5 Feb 2012 11:44:04 -0600 (CST) (envelope-from dan) Date: Sun, 5 Feb 2012 11:44:04 -0600 From: Dan Nelson To: Modulok Message-ID: <20120205174404.GG5775@dan.emsphone.com> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-OS: FreeBSD 8.2-STABLE User-Agent: Mutt/1.5.21 (2010-09-15) X-Virus-Scanned: clamav-milter 0.97.2 at email2.allantgroup.com X-Virus-Status: Clean X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.6 (email2.allantgroup.com [199.67.51.78]); Sun, 05 Feb 2012 11:44:04 -0600 (CST) X-Scanned-By: MIMEDefang 2.68 on 199.67.51.78 Cc: FreeBSD Questions Subject: Re: setuid directories - or other option? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Feb 2012 17:44:08 -0000 In the last episode (Feb 04), Modulok said: > I have a media project directory shared with windows users via samba. > Every authenticated samba user that accesses the directory is forced to > the same FreeBSD user, 'foo', regardless. The group also has > write-access: > > drwxrwxr-x 47 foo foo 2.5K Feb 4 05:42 foo/ > > Local shell users, however, are a problem. Ideally, I want a simliar > behavior for them too i.e. Any files they create in the directory are > also owned by the user 'foo'. How do I do that? (See below about > setuid.) > > I wouldn't even care who owns the files, so long as file permission bits > in this directory defaulted to 664 so every member of the group 'foo' > could edit them. Can I do this without changing every user's default > umask? (I want to avoid that.) Is there some kind of 'umask for this > directory is blah' feature? > > I looked at setuid bit on directories. Sounds perfect! BUT I'll be moving > to ZFS soon and from what I gather, it won't work there. I guess I could > have a cron job run every minute and change offending permission bits, but > that feels hacky. I think you mean the setgid bit (so that all files in the subdirectory will have group="foo"), and that should work on ZFS as well. Another option might be to use ACLs to grant access to the "foo" group outside of the standard unix mode system: setfacl -m group:foo:rwx:df:allow /path That will grant the "foo" group read/write/execute access on all files under "/path" , regardless of the regular owner/group/umask settings. Also, make sure that the zfs aclmode and aclinherit properities on the filessytem are set to something other than "discard". -- Dan Nelson dnelson@allantgroup.com