Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 5 Feb 2012 11:44:04 -0600
From:      Dan Nelson <>
To:        Modulok <>
Cc:        FreeBSD Questions <>
Subject:   Re: setuid directories - or other option?
Message-ID:  <>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
In the last episode (Feb 04), Modulok said:
> I have a media project directory shared with windows users via samba. 
> Every authenticated samba user that accesses the directory is forced to
> the same FreeBSD user, 'foo', regardless.  The group also has
> write-access:
>     drwxrwxr-x  47 foo        foo         2.5K Feb  4 05:42 foo/
> Local shell users, however, are a problem. Ideally, I want a simliar
> behavior for them too i.e.  Any files they create in the directory are
> also owned by the user 'foo'.  How do I do that?  (See below about
> setuid.)
> I wouldn't even care who owns the files, so long as file permission bits
> in this directory defaulted to 664 so every member of the group 'foo'
> could edit them.  Can I do this without changing every user's default
> umask?  (I want to avoid that.) Is there some kind of 'umask for this
> directory is blah' feature?
> I looked at setuid bit on directories. Sounds perfect! BUT I'll be moving
> to ZFS soon and from what I gather, it won't work there.  I guess I could
> have a cron job run every minute and change offending permission bits, but
> that feels hacky.

I think you mean the setgid bit (so that all files in the subdirectory will
have group="foo"), and that should work on ZFS as well.  Another option
might be to use ACLs to grant access to the "foo" group outside of the
standard unix mode system:

    setfacl -m group:foo:rwx:df:allow /path

That will grant the "foo" group read/write/execute access on all files under
"/path" , regardless of the regular owner/group/umask settings.  Also, make
sure that the zfs aclmode and aclinherit properities on the filessytem are
set to something other than "discard".

	Dan Nelson

Want to link to this message? Use this URL: <>