Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 6 Feb 2012 00:24:37 +0100
From:      "Dan Nelson" <dnelson@allantgroup.com>
To:        <ham@thorshammare.org>
Cc:        'FreeBSD Questions' <freebsd-questions@freebsd.org>
Subject:   Re: setuid directories - or other option?
Message-ID:  <000101cce45d$569f3e70$03ddbb50$@com>
In-Reply-To: <CAN2+EpZY+xKSaN2LF1M-CCg3rjoBeN=OsT8CfhU6m--ux0X=dQ@mail.gmail.com>
References:  <CAN2+EpZY+xKSaN2LF1M-CCg3rjoBeN=OsT8CfhU6m--ux0X=dQ@mail.gmail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
In the last episode (Feb 04), Modulok said:
> I have a media project directory shared with windows users via samba. 
> Every authenticated samba user that accesses the directory is forced to
> the same FreeBSD user, 'foo', regardless.  The group also has
> write-access:
> 
>     drwxrwxr-x  47 foo        foo         2.5K Feb  4 05:42 foo/
> 
> Local shell users, however, are a problem. Ideally, I want a simliar
> behavior for them too i.e.  Any files they create in the directory are
> also owned by the user 'foo'.  How do I do that?  (See below about
> setuid.)
> 
> I wouldn't even care who owns the files, so long as file permission bits
> in this directory defaulted to 664 so every member of the group 'foo'
> could edit them.  Can I do this without changing every user's default
> umask?  (I want to avoid that.) Is there some kind of 'umask for this
> directory is blah' feature?
> 
> I looked at setuid bit on directories. Sounds perfect! BUT I'll be moving
> to ZFS soon and from what I gather, it won't work there.  I guess I could
> have a cron job run every minute and change offending permission bits, but
> that feels hacky.

I think you mean the setgid bit (so that all files in the subdirectory will
have group="foo"), and that should work on ZFS as well.  Another option
might be to use ACLs to grant access to the "foo" group outside of the
standard unix mode system:

    setfacl -m group:foo:rwx:df:allow /path

That will grant the "foo" group read/write/execute access on all files under
"/path" , regardless of the regular owner/group/umask settings.  Also, make
sure that the zfs aclmode and aclinherit properities on the filessytem are
set to something other than "discard".

-- 
	Dan Nelson
	dnelson@allantgroup.com
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?000101cce45d$569f3e70$03ddbb50$>