Originally Posted by
rduke15
Thanks for the ACLs suggestion. In the meantime, I had found a simple workaround. In case it helps someone else:
I put the wanted chmod and chown lines into a shell script which is root:root and suid (4755/-rwsr-xr-x).
So users can run it to fix the permissions and ownership where I want, but cannot change the script to mess elsewhere in the system. Of course, the correct fix would be to find out why we get files in there with wrong permissions in the first place...
When a user creates a file the file inherits the users primary group ID. Setting the setgid permission on a directory causes new files and subdirectories created within it to inherit its group ID, rather than the primary group ID of the user who created the file.
i.e.
Code:
[sisco@acme xtmp]$ id sisco
uid=1000(sisco) gid=100(users) groups=100(users),6(disk),7(lp),10(wheel),91(video),92(audio),93(optical)
[sisco@acme xtmp]$ > file1
[sisco@acme xtmp]$ ls -al file1
-rw-r--r-- 1 sisco users 0 2009-06-29 09:52 file1
[sisco@acme xtmp]$ mkdir dir1
[sisco@acme xtmp]$ > dir1/file2
[sisco@acme xtmp]$ ls -al dir1
total 8
drwxr-xr-x 2 sisco users 4096 2009-06-29 09:53 .
drwxr-xr-x 4 sisco users 4096 2009-06-29 09:52 ..
-rw-r--r-- 1 sisco users 0 2009-06-29 09:53 file2
[sisco@acme xtmp]$ chmod g+s dir1
[sisco@acme xtmp]$ chgrp audio dir1/
[sisco@acme xtmp]$ ls -al dir1
total 8
drwxr-sr-x 2 sisco audio 4096 2009-06-29 09:53 .
drwxr-xr-x 4 sisco users 4096 2009-06-29 09:52 ..
-rw-r--r-- 1 sisco users 0 2009-06-29 09:53 file2
[sisco@acme xtmp]$ > dir1/file3
[sisco@acme xtmp]$ ls -al dir1/
total 8
drwxr-sr-x 2 sisco audio 4096 2009-06-29 09:54 .
drwxr-xr-x 4 sisco users 4096 2009-06-29 09:52 ..
-rw-r--r-- 1 sisco users 0 2009-06-29 09:53 file2
-rw-r--r-- 1 sisco audio 0 2009-06-29 09:54 file3
Bookmarks