umask, ACL inheritance and setgid +s not working with copy from flash drive in nautilus
Tony Arnold
tony.arnold at manchester.ac.uk
Wed Sep 15 13:55:54 UTC 2010
Andy,
On Wed, 2010-09-15 at 07:42 -0400, Andy Graybeal wrote:
> On 09/14/2010 10:05 PM, Rashkae wrote:
> > Tony Arnold wrote:
> >> Everyone seems to have ignored my contribution to this thread. If I'm
> >> wrong just tell me, but please do not just ignore me.
> >>
> >> Andy, you might let us know what permissions you were expecting given
> >> the ACL you had set up on the directory.
> >
> >>>
> >>> I think the permissions are correct. The defaults in the ACL say a file
> >>> should get rwxrwxr-x but this is then AND'd with the default mask of rwx
> >>> giving rwx------
> >>>
> >>> Or am I missing something?
> >>>
> >
> > You're missing that the files he's copying have a permission of 600,
> > which is preserved when they are copied to the new folder. The ACL
> > therefore does not get AND'd with rwxrwxr-x as it would with default
> > mask, but rw--------, and therefore, doesn't work as wanted.
> >
>
> Tony, I wasn't ignoring you, but I didn't know (as in I'm not smart
> enough, yet) how to respond. You clearly understand these things more
> than I do, I didn't know what to go with a response.
Well, I thought I understood these things, but some experiments have
just cast some doubt on my understanding!
> Please don't be offended, that wasn't my intention. I should have
> thanked you and asked a question.
I obviously wasn't in the best mood when I wrote what I did. I was
unsure of what I was saying and was hoping someone would either confirm
what I said and would tell me what I had got wrong.
> I would like to end up with the files looking like this:
> -rw-rw-r--
OK, you clearly were not getting that result!
> This won't be a place where scripts or anything is stored, it's only for
> data files (documents and spreadsheets mostly), so nothing will get
> executed from this folder.
OK, so x permissions required.
> Obviously it would be nice when someone created folders they would look
> like this:
> drwxrwxr-x
>
> I would like the files to inherit the group owner of the directory
> (which I think i've accomplished, because it's working with both
> nautilus and gnome-terminal, and i did this with setgid +s).
Yes, that's what setgid +s does.
> If there is another approach I should be taking, I'm open to it. This
> is just how I imagined my workplace would be able to work together on
> files, and people from the Finance team wouldn't be able to 'create,
> edit, delete' the files belonging to the Tech team, and vice-versa. I
> would like the ability for everyone to read everyone else's work.
So are all the users in the Finance team in a 'finance' group and
similarly for the tech team users? And everyone in the Finance team can
read/write any file created by any user in the Finance team, but only
read file created by users in the Tech team (and vice versa)?
> You have to understand that I'm fairly new to this, and I thought that
> this was a fairly popular way to work with files with groups of people
> working together.
Just my opinion but I'm not sure ACLs are used that much on Linux
systems. On Ubuntu, at least, they are disabled by default!
> I'm having second thoughts and doubting myself. I'm also sorry for
> asking poorly thought out and confusing questions. I keep reading the
> ACL documentation, but I admit that it's hard for me to understand.
It's a confusing area to get to grips with.
I'll do some more experimenting and see what I can come up with.
Regards,
Tony.
--
Tony Arnold, Tel: +44 (0) 161 275 6093
Head of IT Security, Fax: +44 (0) 705 344 3082
University of Manchester, Mob: +44 (0) 773 330 0039
Manchester M13 9PL. Email: tony.arnold at manchester.ac.uk
More information about the ubuntu-users
mailing list