[OpenIndiana-discuss] ACL problem
Peter Tribble
peter.tribble at gmail.com
Sun Dec 13 17:11:12 UTC 2015
On Sun, Dec 13, 2015 at 3:02 PM, Michelle <michelle at msknight.com> wrote:
>
> All I'm trying to do, is ensure that all files written within a
> directory, have the same ownership as the directory itself, no matter
> what account actually writes them.
>
Unfortunately, that's something you can't do.
There's the setgid bit you can set on a directory, which ensures all newly
created
files have the same group as the directory, but there's no corresponding
facility for
the file owner.
Using ACLs can allow you limited control over permissions - and you can
extend
permissions to multiple users and groups (rather than the single group that
you
normally use with traditional unix permissions). But even with ACLs you can
only
set the initial permissions on newly created files. If the application
you're using
to add the files starts to manipulate permissions itself (and many do) then
even ACLs
can't help you.
What I normally do is:
1. Use basic unix groups to control access
2. Use the permissions of the top-level directory to act as a primary
access filter -
make it group owned by the appropriate group, usually setgid, and don't
allow any access
to other if you want to keep it private (mode 770).
3. If you can, control the application(s). For instance, you can tell samba
what the default
permissions should be.
4. For when all else fails, have a cron job that fixes up anything that's
become broken.
--
-Peter Tribble
http://www.petertribble.co.uk/ - http://ptribble.blogspot.com/
More information about the openindiana-discuss
mailing list