On Thu, Mar 17, 2016 at 4:59 PM, Alan McKinnon <alan.mckin...@gmail.com> wrote: > > umask is just not viable either, as a) it's global and affects all files > a user creates and b) by definition umask is modifiable by the user > (it's a feature to help users out so they don't need to chmod every file > every time) and c) you can't stop them doing it (by design).
Actually, this is completely viable. Just set the default umasks to 007, and create a new group for each user as their default group (and don't have all their home directories be owned by some users group). This is how this sort of situation was handled long before POSIX ACLs became common, and I know that some distros behave this way by default for this reason (this was the case in the distro I used right before I switched to Gentoo). If users chmod a file then tell them not to. If you must, set up some cron job to clean up after them. But, you can of course do this with ACLs as well. I haven't tried setting those up personally. -- Rich
