I have system-wide default permissions set with umask 027. I am in the need to make a directory whose sub-directories would need 775 permission and whose files would need 664 permissions and make these permissions permanent after booting the system.
I am looking for the best options out there without compromising security. Any ideas?
Let me explain the situation:
I have a default permission of 027 (system-wide) and I want apache2 to write to a directory (it's directory) that should be 022 in order for other user (let's say… another daemon such as Flash Media Server to stream a video) to access and run it. ¿Any good ideas? (FMS should be able to run videos from new directories made by apache2).
Thank you.
Some research done:
sudo chfn -o "umask=002" daemon_username- bash script running at boot with
umask 022on the desired directory -
add in
/etc/fstab(take special care with line 2 related to bind) [TESTED and NOT WORKING]:IP_NFS_Volume:/nfs_mount /local_tempmount nfs tcp,nolock,intr,rsize=8192,wsize=8192 /local_tempmount /desired_mount none bind,dmask=0002,fmask=0002
P.S. I am looking for a console command, a script (even a periodic command run from cron), but something run without X11.
Best Answer
You could try to use POSIX ACL (access control lists), that allow to set ad hoc permissions for additional users and groups (other than owner user and owner group), and furthermore allow to set default permissions for new object created in a directory.
To this end you could use at least two alternatives:
the package
aclfor command line tools (getfacl,setfacl,chacl),the package
eicielthat provide both a GUI interfaceand the possibility to change ACL directly from Nautilus (right click on an object, then Properties, then Access Control List tab).
Is also provide some brief but meaningful help pages.