Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 6 Feb 2012 00:24:37 +0100
From:      "Dan Nelson" <>
To:        <>
Cc:        'FreeBSD Questions' <>
Subject:   Re: setuid directories - or other option?
Message-ID:  <000101cce45d$569f3e70$03ddbb50$@com>
In-Reply-To: <>
References:  <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
In the last episode (Feb 04), Modulok said:
> I have a media project directory shared with windows users via samba. 
> Every authenticated samba user that accesses the directory is forced to
> the same FreeBSD user, 'foo', regardless.  The group also has
> write-access:
>     drwxrwxr-x  47 foo        foo         2.5K Feb  4 05:42 foo/
> Local shell users, however, are a problem. Ideally, I want a simliar
> behavior for them too i.e.  Any files they create in the directory are
> also owned by the user 'foo'.  How do I do that?  (See below about
> setuid.)
> I wouldn't even care who owns the files, so long as file permission bits
> in this directory defaulted to 664 so every member of the group 'foo'
> could edit them.  Can I do this without changing every user's default
> umask?  (I want to avoid that.) Is there some kind of 'umask for this
> directory is blah' feature?
> I looked at setuid bit on directories. Sounds perfect! BUT I'll be moving
> to ZFS soon and from what I gather, it won't work there.  I guess I could
> have a cron job run every minute and change offending permission bits, but
> that feels hacky.

I think you mean the setgid bit (so that all files in the subdirectory will
have group="foo"), and that should work on ZFS as well.  Another option
might be to use ACLs to grant access to the "foo" group outside of the
standard unix mode system:

    setfacl -m group:foo:rwx:df:allow /path

That will grant the "foo" group read/write/execute access on all files under
"/path" , regardless of the regular owner/group/umask settings.  Also, make
sure that the zfs aclmode and aclinherit properities on the filessytem are
set to something other than "discard".

	Dan Nelson
_______________________________________________ mailing list
To unsubscribe, send any mail to ""

Want to link to this message? Use this URL: <$569f3e70$03ddbb50$>