File Permissions - Ubuntu Server

[Simon Ives]

Thank you for the considered reply Daniel.  I'm currently in the process
of reinstalling Windows XP on the few workstations at home that still
use it (after a few too many bad experienced with Vista) and I'll
definitely set up the new user accounts to match on the new Windows
installs and the file server.

Simon Ives.

> Message: 2
> Date: Tue, 12 Aug 2008 09:51:29 +1000
> From: Daniel Mons <daniel.mons at iinet.net.au>
> Subject: Re: File Permissions - Ubuntu Server
> To: ubuntu-au at lists.ubuntu.com
> Message-ID: <48A0D081.9080209 at iinet.net.au>
> Content-Type: text/plain; charset=us-ascii; format=flowed
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Simon Ives wrote:
> | I'm running Ubuntu Server 8.04 and I need to change the permissions for
> | a large quantity of files and directories.
> |
> | I've got a directory named 'music' that I share with the home network.
> | This includes other Linux boxes that access this directory via nfs and
> | some Windows XP boxes accessing it via samba.  I've just transferred
> | around 80gb of music files and directories from a Windows drive and I
> | need a command to alter the permissions of all the files as read/write
> | for everyone.
> 
> The best way is to properly integrate your authentication systems, or at
> the very least ensure that user accounts that exist on the Windows
> machines also exist on the Linux machines and within Samba with the same
> passwords. i.e.: your windows username/password is also added to Linux
> via the "useradd" and "passwd" commands, and to Samba via the "smbpasswd
> - -a" command.
> 
> Failing that, go to the directory in question, and type:
> 
> chmod -R a+rwX /directoryname
> 
> I should note that this is highly frowned upon by Linux sysadmins (which
> I am one). Opening up world access to your file system is a poor
> substitute for properly configuring your services and authentication.
> 
> What the above command does is recursively add read and write
> permissions for all (User, Group and Other).  Additionally, the upper
> case X adds "execute" permissions to directories ONLY.  In order to
> actually enter/use a directory, execute permissions must be enabled on it.
> 
> Whatever you do, DO NOT run "chmod -R 777 /dirname".  This will also
> clobber standard files with the execute permission, making any plain
> file executable.  This has potentially dire consequences should someone
> try to run one of them.
> 
> |
> | Further, is there a way that I can set all newly created directories and
> | files within this particular directory to inherit the file permissions
> | of the parent directory?
> 
> In your smb.conf on a per-share basis, set the "create mask" and
> "directory mask" options as needed.  In your case, "create mask = 0666"
> and "directory mask = 0777" will ensure all files and directories are
> created with the correct permissions (again, I would hope you
> investigate matching up your user accounts instead, and set these to
> 0640 and 0750 respectively).
> 
> "man smb.conf" for more help on your Samba configuration, and more
> detailed explanations on all of the above.
> 
> - -Dan
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> 
> iD8DBQFIoNCBeFJDv0P9Qb8RAlI8AJ9t7Kpx6gc37xLZ9AhIoz4TVPdjVACeNH84
> Cm1pGjj/3jNmKr9U7TTqdGY=
> =6Xt2
> -----END PGP SIGNATURE-----