I have a directory called data
. Then I am running a script under the user id 'robot'. robot writes to the data
directory and update files inside. The idea is data
is open for both me and robot to update.
So I setup the permission and owner group like this
drwxrwxr-x 2 me robot-grp 4096 Jun 11 20:50 data
where both me and robot belongs to the 'robot-grp'. I change the permission and the owner group recursively like the parent directory.
I regularly upload new files into the data
directory using rsync
. Unfortunately, new files uploaded does not inherit the parent directory's permission as I hope. Instead it looks like this
-rw-r--r-- 1 me users 6 Jun 11 20:50 new-file.txt
When robot tries to update new-file.txt
, it fails due to lack of file permission.
I'm not sure if setting umask helps. In anycase the new files does not really follow it.
$ umask -S
u=rwx,g=rx,o=rx
I'm often confounded by Unix file permission. Do I even have a right plan? I'm using Debian lenny.
Best Answer
You do not want to change your system's default umask, that is a security risk. The sticky bit option will work to some extent, but using ACL's is the best way to go. This is easier than you think. The problem with basic ACL's is that they are not recursive by default. If you set an ACL on a directory, only the files inside that directory inherit the ACL. If you create a subdirectory, it does not get the parent ACL unless the ACL is set to recurse.
First, make sure ACLs are enabled for the volume the directory is on. If you have
tune2fs
, you can perform the following:If you don't have
tune2fs
, then examinefstabs
:The 4th column that says "defaults" means on my system (CentOS 5.5), ACL's are on. When in doubt, leave it as defaults. If you try to set the ACL and it errors out, go back and add the acl option to /etc/fstab right after defaults:
defaults,acl
.From what I understand, you want everyone in the users group to have write access to the data directory. That's accomplished by the following: