umask, ACL inheritance and setgid +s not working with copy from flash drive in nautilus

Tony Arnold tony.arnold at manchester.ac.uk
Wed Sep 15 13:55:54 UTC 2010 

Andy,

On Wed, 2010-09-15 at 07:42 -0400, Andy Graybeal wrote:
> On 09/14/2010 10:05 PM, Rashkae wrote:
> > Tony Arnold wrote:
> >> Everyone seems to have ignored my contribution to this thread. If I'm
> >> wrong just tell me, but please do not just ignore me.
> >>
> >> Andy, you might let us know what permissions you were expecting given
> >> the ACL you had set up on the directory.
> >
> >>>
> >>> I think the permissions are correct. The defaults in the ACL say a file
> >>> should get rwxrwxr-x but this is then AND'd with the default mask of rwx
> >>> giving rwx------
> >>>
> >>> Or am I missing something?
> >>>
> >
> > You're missing that the files he's copying have a permission of 600,
> > which is preserved when they are copied to the new folder.  The ACL
> > therefore does not get AND'd with rwxrwxr-x as it would with default
> > mask, but rw--------, and therefore, doesn't work as wanted.
> >
> 
> Tony, I wasn't ignoring you, but I didn't know (as in I'm not smart 
> enough, yet) how to respond.  You clearly understand these things more 
> than I do, I didn't know what to go with a response.

Well, I thought I understood these things, but some experiments have
just cast some doubt on my understanding!

> Please don't be offended, that wasn't my intention.  I should have 
> thanked you and asked a question.

I obviously wasn't in the best mood when I wrote what I did. I was
unsure of what I was saying and was hoping someone would either confirm
what I said and would tell me what I had got wrong.

> I would like to end up with the files looking like this:
> -rw-rw-r--

OK, you clearly were not getting that result!

> This won't be a place where scripts or anything is stored, it's only for 
> data files (documents and spreadsheets mostly), so nothing will get 
> executed from this folder.

OK, so x permissions required.

> Obviously it would be nice when someone created folders they would look 
> like this:
> drwxrwxr-x
> 
> I would like the files to inherit the group owner of the directory 
> (which I think i've accomplished, because it's working with both 
> nautilus and gnome-terminal, and i did this with setgid +s).

Yes, that's what setgid +s does.

> If there is another approach I should be taking, I'm open to it.  This 
> is just how I imagined my workplace would be able to work together on 
> files, and people from the Finance team wouldn't be able to 'create, 
> edit, delete' the files belonging to the Tech team, and vice-versa.  I 
> would like the ability for everyone to read everyone else's work.

So are all the users in the Finance team in a 'finance' group and
similarly for the tech team users? And everyone in the Finance team can
read/write any file created by any user in the Finance team, but only
read file created by users in the Tech team (and vice versa)?

> You have to understand that I'm fairly new to this, and I thought that 
> this was a fairly popular way to work with files with groups of people 
> working together.

Just my opinion but I'm not sure ACLs are used that much on Linux
systems. On Ubuntu, at least, they are disabled by default!

> I'm having second thoughts and doubting myself.  I'm also sorry for 
> asking poorly thought out and confusing questions.  I keep reading the 
> ACL documentation, but I admit that it's hard for me to understand.

It's a confusing area to get to grips with.

I'll do some more experimenting and see what I can come up with.

Regards,
Tony.
-- 
Tony Arnold,                        Tel: +44 (0) 161 275 6093
Head of IT Security,                Fax: +44 (0) 705 344 3082
University of Manchester,           Mob: +44 (0) 773 330 0039
Manchester M13 9PL.                 Email: tony.arnold at manchester.ac.uk

More information about the ubuntu-users mailing list