ANSWER:-
You can control the assigned permission bits with umask, and the group by making the directory setgid to G.
$ umask 002 # allow group write; everyone must do this
$ chgrp G . # set directory group to G
$ chmod g+s . # files created in directory will be in group G
Note that you have to do the chgrp/chmod for every subdirectory; it doesn't propagate automatically (that is, neither existing nor subsequently created directories under a setgid directory will be setgid, although the latter will be in group G).
Also note that umask is a process attribute and applies to all files created by that process and its children (which inherit the umask in effect in their parent at fork() time). Users may need to set this in ~/.profile, and may need to watch out for things unrelated to your directory that need different permissions. modules may be useful if you need different settings when doing different things.
You can control things a bit better if you can use POSIX ACLs; it should be possible to specify both a permissions mask and a group, and have them propagate sensibly. Support for POSIX ACLs is somewhat variable, though.
You can control the assigned permission bits with umask, and the group by making the directory setgid to G.
$ umask 002 # allow group write; everyone must do this
$ chgrp G . # set directory group to G
$ chmod g+s . # files created in directory will be in group G
Note that you have to do the chgrp/chmod for every subdirectory; it doesn't propagate automatically (that is, neither existing nor subsequently created directories under a setgid directory will be setgid, although the latter will be in group G).
Also note that umask is a process attribute and applies to all files created by that process and its children (which inherit the umask in effect in their parent at fork() time). Users may need to set this in ~/.profile, and may need to watch out for things unrelated to your directory that need different permissions. modules may be useful if you need different settings when doing different things.
You can control things a bit better if you can use POSIX ACLs; it should be possible to specify both a permissions mask and a group, and have them propagate sensibly. Support for POSIX ACLs is somewhat variable, though.
0 comments:
Post a Comment
Don't Forget to comment