Ubuntu – Setting Default Permissions

permissions

I've read a lot of solutions for something like this, but nothing seems to work quite right for me. I have a shared development box used for a few projects that require such a thing and I'd like to configure it so that files created by users in the /opt/dev directory:

Are owned by <username>:developers
Have permissions set to 774 (files)
Have permissions set to 775 (directories)

All developer users have their primary group set to developers so the first requirement has been pretty solid. What's a lot less solid is the actual permissions. They just aren't being set consistently the way we need them to get set and I haven't found the right solution.

I do have the sticky bit set (g+s) based on something else I read at some point, but that wouldn't seem to be particularly useful since all users are in the same primary group.

I also have the default umask set to 002 in /etc/login.defs. I thought that would kind of cover it, that doesn't seem to be the case.

I'd really appreciate any advice about how to get everything lined up properly. I feel like I'm constantly in there adjusting a file here and a directory there just so people can do their work.

Best Answer

Ok, for point 1, the solution is quite easy:

chgrp developers /opt/dev

For points 2 and 3, I suppose you'll need ACL. So, the first thing to do is to edit /etc/fstab to give the option acl to the mountpoint of /opt/dev. If /opt/dev is not on a separate partition you'll need to enable ACL for the whole root filesystem.

Then you'll have to follow this answer.

chmod g+s /opt/dev

should be equivalent to chgrp developers /opt/dev (and doesn't set the sticky bit, s sets the suid bit).

Then proceed with setfacl:

setfacl -d -m g::rwx /opt/dev  //set group to rwx default 
setfacl -d -m o::rx /opt/dev   //set other

to set advanced permission criteria for files and directories. To be honest, I couldn't find a way to set separate file and directory permissions, but I'm pretty sure it's doable. You can try this tutorial to have more information about the topic.

Related Solutions

Ubuntu – I cant get samba to set proper permissions on created directories

I think you need to use the following parameters:

# I changes the permissions to rw-rw-r--
# You should be able to change them to 775 if you need the files to
# be executable
create mask = 664
force create mode = 664
security mask = 664
force security mode = 664

# I set the SGID flag here as I thought this is what you wanted
# You could change to 0775
directory mask = 2775
force directory mode = 2775
directory security mask = 2775
force directory security mode = 2775

I was looking for a nice explanation of how these settings work, but could not find anything better then man smb.conf

You will have to scroll down a bit for those options.

Basically, in a nutshell, windows permissions are not the same as unix (linux) and it is a bit odd how samba maps permissions.

Ubuntu – How to set up group write permissions on new created files on cifs mount point (samba/fstab)

Can you try to add mount option file_mode=0770,dir_mode=0770.

Try to modify /etc/fstab file:

//smbserver/nas /media/nas      cifs    uid=bertrand,gid=nas,credentials=/root/.smbcredentials,file_mode=0770,dir_mode=0770     0     0

Or, mount command

sudo mount -t cifs //smbserver/nas /media/nas -o uid=bertrand,gid=nas,rw,credentials=/root/.smbcredentials,file_mode=0770,dir_mode=0770

My test environment:

OS version: Ubuntu 10.04.4 LTS
kernel version: 2.6.35-25
mount.cifs version: 1.12-3.4.7
samba version: Version 3.4.7

Best Answer

Related Solutions

Ubuntu – I cant get samba to set proper permissions on created directories

Ubuntu – How to set up group write permissions on new created files on cifs mount point (samba/fstab)

Related Question