Hi. On Fri, Sep 24, 2021 at 11:47:20AM +0200, Alex Mestiashvili wrote: > On 9/24/21 11:27 AM, Reco wrote: > > Hi. > > > > On Fri, Sep 24, 2021 at 10:22:00AM +0200, Alex Mestiashvili wrote: > > > On 9/22/21 8:53 AM, Reco wrote: > > > > Hi. > > > > > > > > On Tue, Sep 21, 2021 at 11:09:41PM -0400, Paul M. Foster wrote: > > > > > Without setting directory and file permissions to 777, how do you > > > > > allow the above? What combinations of groups, directory > > > > > owners/permissions and file owners/permissions might make this > > > > > possible? > > > > > > > > Solution #1: > > > > > > > > 1) Make a group, add users to it. > > > > 2) Chgrp directory to the group from step 1. > > > > 3) Set directory permissions to 2770 (i.e. you will need setgid on > > > > directory), or 2775 if you need world-readable directory. > > > > 4) Ensure users' umask is set to 0007. > > > > > > > > > > > > Solution #2: > > > > > > > > Set ACL to u:<user>:rwx on a directory, and make sure it made to the > > > > "default" set of permissions (i.e. you'll need setfacl -d). > > > > > > In addition to umask and acl, there is also a FUSE based bindfs. > > > > FUSE = slow + CPU wastage > > Well, fast enough and CPU time is cheap ;)
An old argument. How exactly I can replace CPU on my Raspberry Pi 1B which is still in service and doing its job? > Setting umask might be insecure/problematic for non-unix people. > Not every filesystem support ACL. Every filesystem that's worthy of such title does support ACL. Inperfect filesystems do not indeed, but replacing a filesystem is much easier than replacing a CPU. > Bindfs is just another useful tool... That's something I agree with. Every tool has its purpose, and surely bindfs has one too. But using a tool outside of its purpose instantly transforms a tool to a kludge. > > Using a filesystem the way it was intended is much cleaner solution. > ACL is a workaround for the "intended unix permissions" isn't? That's one option about it. Another one is ACL is an evolution of POSIX filesystem permissions. Whichever you prefer, of course. Reco
