[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sticky premissions.



this thread already was discussed in linux-il, so when i was wondering
about the same problem, mulix directed me there.
Aviram Jenik started it, and when i approached him in a private mail,
and asked how he dealt with the problem, since it was not solved on the
list, he replied as follows:

Yes, I also gave up and solved it in some ugly way. I was looking for a
pretty solution for a while, until I realized there is none :-(

- Aviram







On Tue, 23 Oct 2001, Adi Stav wrote:

> On Tue, Oct 23, 2001 at 12:39:15AM +0200, guy keren wrote:
> >
> > On Mon, 22 Oct 2001, Oded Arbel wrote:
> >
> > > Reading this again, I think I didn't made myself clear, so lets try again :
> > > I want that any user of the "users" group will be able to create files and
> > > directories under the public directory, and said files and directories will
> > > automaticly have read/write access to all members of the "users" group, and
> > > recursively - that files and directories in sub-directories will also be
> > > thus affected.
> >
> > as far as i know - you cannot do this with current kernels. your closest
> > bet would be to:
> > 1. make the directory owned by group 'users'.
> > 2. set the group sticky bit on the directory, so any files created in it,
> >    will have group 'users' as their owning group.
> > 3. force all users who work there to have a umask of '002'.
>
> SGID bit. Sticky bit is to disallow unlinking of files in the directory
> by non-owners. (stat(2) explains them all, cool manpage).
>
> > in any event, you just gave me another idea for what could be achived with
> > 'syscall parameter rewriting' - a good thing for syscalltrack ;) (once it
> > supports syscall paramerter rewriting).
>
> What for? This is policy in the kernel, overwriting explicit user
> choices in order to achieve ends that can be reached through other
> means. If a sysadmin has SGID directories, all they need to do is to
> to set the default umask to 002. If a user has explicitly set a
> different umask in his or her personal config files, then it should
> be respected. Sane distributions (you-know-which) already come with
> this umask and per-user groups by default.
>
> If we're talking about the deficiency of UNIX permission bits, then
> I'd say one big missing feature is the lack of an "append"
> permission. It could replace the sticky bit on directories and also
> be very useful for regular files.
>
> =================================================================
> To unsubscribe, send mail to linux-il-request@linux.org.il with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail linux-il-request@linux.org.il
>


=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il