On 9/24/21 11:27 AM, Reco wrote:
Hi.
On Fri, Sep 24, 2021 at 10:22:00AM +0200, Alex Mestiashvili wrote:
On 9/22/21 8:53 AM, Reco wrote:
Hi.
On Tue, Sep 21, 2021 at 11:09:41PM -0400, Paul M. Foster wrote:
Without setting directory and file permissions to 777, how do you
allow the above? What combinations of groups, directory
owners/permissions and file owners/permissions might make this
possible?
Solution #1:
1) Make a group, add users to it.
2) Chgrp directory to the group from step 1.
3) Set directory permissions to 2770 (i.e. you will need setgid on
directory), or 2775 if you need world-readable directory.
4) Ensure users' umask is set to 0007.
Solution #2:
Set ACL to u:<user>:rwx on a directory, and make sure it made to the
"default" set of permissions (i.e. you'll need setfacl -d).
In addition to umask and acl, there is also a FUSE based bindfs.
FUSE = slow + CPU wastage
Well, fast enough and CPU time is cheap ;)
Setting umask might be insecure/problematic for non-unix people.
Not every filesystem support ACL.
Bindfs is just another useful tool...
Using a filesystem the way it was intended is much cleaner solution.
ACL is a workaround for the "intended unix permissions" isn't?
Old unix concepts from 1970 don't really meet expectation of apple fan
boys and people used to rich NTFS permissions...
Reco
