Is there a way to give public access to directory?

Let me qualify that...I know how to set permissions bits. What I'm after
here is a directory in which any user who is a member of the group
'public' can create files that *anyone else* in the public group can modify
or delete. This attribute needs to be inherited by any directories they
create inside this directory.

The only thing I've hit upon so far is having root set the umask to 002
for the base directory. The trouble with this is it only works for that
session - seeming to be a property of the shell that it was called from
rather than the files.

I'm running out of ideas here and would appreciate some pointers.

Thanks.

-Jeff

Jeff wrote:
> Let me qualify that...I know how to set permissions bits. What I'm after
> here is a directory in which any user who is a member of the group
> 'public' can create files that *anyone else* in the public group can modify
> or delete. This attribute needs to be inherited by any directories they
> create inside this directory.

chmod -R g+sw directory

--
Jim Thomas Principal Applications Engineer Bittware, Inc
jthomas@bittware.com http://www.bittware.com (703) 779-7770
I thought I was wrong once, but I was mistaken.

On Tue, 03 Feb 2004 10:40:55 -0500, Jim Thomas wrote:

> Jeff wrote:
>> Let me qualify that...I know how to set permissions bits. What I'm after
>> here is a directory in which any user who is a member of the group
>> 'public' can create files that *anyone else* in the public group can modify
>> or delete. This attribute needs to be inherited by any directories they
>> create inside this directory.
>
> chmod -R g+sw directory

Thanks for the response. But it doesn't work. After I set sgid as above,
the permissions are thus:

drwxrwsrwx 18 root users 4096 Feb 3 10:03 LModels

Then I have a user create the directory LModels/dir which ends up with
these permissions:

drwxr-sr-x 2 jcunningham users 4.0K Feb 3 10:04 dir/

Which means that another user cannot either create files in that
directory, or modify existing ones, only read ones created by jcunningham.

-Jeff

Jeff wrote:

> Thanks for the response. But it doesn't work. After I set sgid as above,
> the permissions are thus:
>
> drwxrwsrwx 18 root users 4096 Feb 3 10:03 LModels
>
> Then I have a user create the directory LModels/dir which ends up with
> these permissions:
>
> drwxr-sr-x 2 jcunningham users 4.0K Feb 3 10:04 dir/
>
> Which means that another user cannot either create files in that
> directory, or modify existing ones, only read ones created by jcunningham.

I haven't tried this, but what's that users umask? Should be something
like 000?, so that rwx for his/her group are not affected.


Cheers, Jack.

--
----------------------------------------------------------------------
My personal reading of the string "MicroSoft" expands to "NanoWeak"...

On Tue, 03 Feb 2004 20:02:23 +0100, jack wrote:

> Jeff wrote:
>
>> Thanks for the response. But it doesn't work. After I set sgid as above,
>> the permissions are thus:
>>
>> drwxrwsrwx 18 root users 4096 Feb 3 10:03 LModels
>>
>> Then I have a user create the directory LModels/dir which ends up with
>> these permissions:
>>
>> drwxr-sr-x 2 jcunningham users 4.0K Feb 3 10:04 dir/
>>
>> Which means that another user cannot either create files in that
>> directory, or modify existing ones, only read ones created by jcunningham.
>
> I haven't tried this, but what's that users umask? Should be something
> like 000?, so that rwx for his/her group are not affected.
>
>
> Cheers, Jack.

That was the clue I needed. Thanks, Jack.
I tried setting umask 002 and it has the behavior I want, only globally. I
would prefer to only have this behavior in the one public directory, but
it seems to be tied to the user, not the files. But it works.

Thanks
-Jeff

Jeff wrote:
> That was the clue I needed. Thanks, Jack.
> I tried setting umask 002 and it has the behavior I want, only globally. I
> would prefer to only have this behavior in the one public directory, but
> it seems to be tied to the user, not the files. But it works.

"man mount".

Put those shares in question onto one partition. Mount it with the
"-o grpid" option (assuming ext2 as file system). Configure all users
that need to alter files to be in that group.

Set umask back to whatever You need ($YOUR_MASK || "0002").


Cheers, Jack.

--
----------------------------------------------------------------------
My personal reading of the string "MicroSoft" expands to "NanoWeak"...

jack wrote:
[something...]

Sorry for that extremely brief answer before...

Anyways, I wasn't being unpolite, so again, sorry for that shout.

I haven't tried that myself, but You are correct when You say that
"umask" affects the user rather than Your files[{ystem}... - and
here You can already "smell" it].

I'd personally go for mount options, and that's what I wrote in
that previous post. - If You look into comp.os.linux.networking,
there was one thread about setting permissions on a samba share
which I replied to. Unfortunally, I mixed up that one with Your
problem. Anyway, with a samba share, it is extremely easy to
achieve what You are after. That's why I was talking about
"shares". - I'm into that sort of project (to my dislike) at the
moment, but I'd be surprised if You couldn't do that on a local
partition.


For me it's "Good Night", Jack.

--
----------------------------------------------------------------------
My personal reading of the string "MicroSoft" expands to "NanoWeak"...

On Tue, 03 Feb 2004 23:47:46 +0100, jack wrote:

> jack wrote:
> [something...]

> I'd personally go for mount options, and that's what I wrote in that
> previous post. - If You look into comp.os.linux.networking, there was
> one thread about setting permissions on a samba share which I replied
> to. Unfortunally, I mixed up that one with Your problem. Anyway, with a
> samba share, it is extremely easy to achieve what You are after. That's
> why I was talking about "shares". - I'm into that sort of project (to my
> dislike) at the moment, but I'd be surprised if You couldn't do that on
> a local partition.
>
>
I like that - the mount idea. It didn't occur to me to devote an entire
partition to it.

Now I need to figure out a way to repartition a disk to free up the space
it needs (without blowing away the other data. Its reiserfs.

Thanks
-Jeff

Jeff <jeffrey@cunningham.net> writes:

[...]
> Now I need to figure out a way to repartition a disk to free up the space
> it needs (without blowing away the other data. Its reiserfs.

You don't need to -- you can just dd from /dev/zero to create a file,
run mke2fs (or whatever file system) on the file, then mount the file
with `-o loop'.

On Thu, 05 Feb 2004 02:38:19 +0000, J.D. Ripper wrote:

> You don't need to -- you can just dd from /dev/zero to create a file,
> run mke2fs (or whatever file system) on the file, then mount the file
> with `-o loop'.

This is a very interesting approach, but I can't quite make work the way I
want. I've googled around and there's not much on it except where
encryption is concerned. Here's what I did:

I created a 2G file using dd for the fake partition, then mounted the file
as a block device using the loopback device.

dd if=/dev/zero of=/home/_file bs=1k count=2000000 losetup
/dev/loop7 /home/_file
mke2fs -cj /dev/loop7 2000000


Then I mounted it in my /etc/fstab like this:


/home/_file /mnt/LModels ext3 loop=/dev/loop7 0 0

It mounts just fine. The problem is that only root can write to it. I
tried adding 'user', 'users', to the options but it made no difference. I
also tried setting chmod a+rw on /mnt/LModels, /home/_file, and chgrp
users on the same, but nothing will give individual users access to the
directory.

My ultimate goal would be to apply umask=0002 to the mount so that I would
end up with a mount point which had public access for all members of the
users group without messing up their individual umask settings. But umask
is not a valid option when loop= is used on a mount. I also tried setting
gid=100 in the hopes it would figure out it was accessible by members of
groups, but, again, gid is not a valid option.

Does anyone know if there is a way to open up access to this mount?

Thanks.
-Jeff