Ask Your Question
1

How do I create a shared directory under root?

asked 2015-10-12 16:09:51 -0500

dcrdev gravatar image

I'm trying to create a shared folder on my root partition that anyone in a particular group can read and write to and any new files within that folder are also read writeable by anyone in that group no matter what. I've managed to create a folder whereby new users can write to it - but any new files are read only to the group.

Steps I've taken:

mkdir /storage
chown -R root:storage-public /storage
chmod -R 2775 /storage
touch test.txt

But these are the permissions I'm getting from my test file:

-rw-r--r-- 1 root storage-public 13 Oct 12 21:59 test.txt

Can anyone help?

Also worth mentioning that I've tried doing this under ACLs but it seems that the posix permissions override the ACL and I get an effective line next to the output of getfacl.

edit retag flag offensive close merge delete

Comments

1

I have a feeling it has to do with your "umask". My user's umask is 0002. Root's is 0022. Check yours, maybe that will shed some light.

hmaarrfk gravatar imagehmaarrfk ( 2015-10-12 16:18:59 -0500 )edit
1

Interesting. I get the same results, either using the octal permissions or simply using chmod -R g+w which is a tad more restrictive than the octal. However, the permissions get changed correctly if the file exists before the chmod.

sideburns gravatar imagesideburns ( 2015-10-12 16:26:00 -0500 )edit

2 Answers

Sort by ยป oldest newest most voted
0

answered 2015-10-12 18:39:36 -0500

dcrdev gravatar image

updated 2015-10-14 05:33:26 -0500

Right so I think I finally understand setting the setgid bit only specifies that files down the directory tree should inherit the parent group, it doesn't preserve the rw permissions of the group owner.

The only way to do this is by setting the default group ACL entry to RW. Also none of this works if you're creating a file under root as it has a umask of 0022, which overrides anything set by acl; this doesn't apply to any other users by default; strangely enough this behaviour under root only applies to files and not folders. Someone feel free to contradict me, otherwise this is the answer.

edit flag offensive delete link more
1

answered 2015-10-13 15:34:43 -0500

resplin gravatar image

In addition to what you have tried, I suggest a mix of the following:

  • Set the gid bit on the directory
  • Set the system umask in /etc/profile to include group read / write for all users
  • Add the umask to the ~/.bash_profile of existing users
  • Write a suid root script that fixes the group permissions in the directory each hour

I don't know how to restrict the group write permission to a single directory, and there are security considerations to having the default umask give group write permissions across the system. Also, if you are not careful, a suid root script could be a security hole. You need to evaluate what meets your specific needs.

edit flag offensive delete link more

Question Tools

1 follower

Stats

Asked: 2015-10-12 16:09:51 -0500

Seen: 139 times

Last updated: Oct 14 '15