setuid directories - or other option?
Dan Nelson
dnelson at allantgroup.com
Sun Feb 5 17:44:08 UTC 2012
In the last episode (Feb 04), Modulok said:
> I have a media project directory shared with windows users via samba.
> Every authenticated samba user that accesses the directory is forced to
> the same FreeBSD user, 'foo', regardless. The group also has
> write-access:
>
> drwxrwxr-x 47 foo foo 2.5K Feb 4 05:42 foo/
>
> Local shell users, however, are a problem. Ideally, I want a simliar
> behavior for them too i.e. Any files they create in the directory are
> also owned by the user 'foo'. How do I do that? (See below about
> setuid.)
>
> I wouldn't even care who owns the files, so long as file permission bits
> in this directory defaulted to 664 so every member of the group 'foo'
> could edit them. Can I do this without changing every user's default
> umask? (I want to avoid that.) Is there some kind of 'umask for this
> directory is blah' feature?
>
> I looked at setuid bit on directories. Sounds perfect! BUT I'll be moving
> to ZFS soon and from what I gather, it won't work there. I guess I could
> have a cron job run every minute and change offending permission bits, but
> that feels hacky.
I think you mean the setgid bit (so that all files in the subdirectory will
have group="foo"), and that should work on ZFS as well. Another option
might be to use ACLs to grant access to the "foo" group outside of the
standard unix mode system:
setfacl -m group:foo:rwx:df:allow /path
That will grant the "foo" group read/write/execute access on all files under
"/path" , regardless of the regular owner/group/umask settings. Also, make
sure that the zfs aclmode and aclinherit properities on the filessytem are
set to something other than "discard".
--
Dan Nelson
dnelson at allantgroup.com
More information about the freebsd-questions
mailing list