Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Sinot2016-10-18 16:45:00
linux
Sinot, 2016-10-18 16:45:00

How in linux to assign default permissions for a directory and all created, copied and transferred files and directories in it?

Greetings!
There is a machine running GNU/Linux Debian Sid. It is configured to authorize Windows domain users. All domain users are included in the Domain Users group.
There is a "ShareFolder" directory (access for "domain users" - rwx), to which symlinks are created to the home directories of users (and all new ones via /etc/skel). This directory is also shared by Samba as "Shared Documents" (valid user = "@domain users").
In the Samba settings for the balls, the following parameters are specified:

[Общие документы]
   comment = Общие документы vt-4
   path = /var/ShareFolder
   read only = no
   create mask = 0660
   directory mask = 0770
   force group = "пользователи домена"
   valid users = "@пользователи домена"

That is, no matter what users do in the ball, all data will be available by rights. But, local users do not have such settings and can create a directory / file that will not be available to other users either locally or through the share.
Actually the question is how to implement "create mask" and "directory mask" for local users?
I came up with/found several solutions:
  • ACL - assign by default for the "ShareFolder" directory the "domain users" group and "mask" values ​​rwx.
    But, then all files will be with execution rights, and this is not very good.
  • fstab - move the "ShareFolder" somewhere and mount it in its place, but with umask=0 0 7.
    But not all users have the "domain users" primary group. Yes, and this applies only to the created files.
  • cifs - mount the ball by analogy with the previous option.
    So far, the most "clean" result is the output, but there are too many intermediaries.
  • pam - I'm not sure, but if you add "session optional pam_umask.so umask=0007" to
    /etc/pam.d/common-session
    /etc/pam.d/common-session-noninteractive , then even when copying, the rights will change.
    But this is a global option and how to make it work exclusively for one directory is not clear.

Waiting for your suggestions.
Thank you.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Similar questions
P
peequ2020-04-24 16:49:39
How can I give write access to a folder on a Windows 2016 server to a user from a Linux server? 1Reply
D
deniska_p2015-10-14 15:19:33
How to set up the following scheme on Mikrotik? 2Reply
N
Nikita Musikhin2015-10-14 15:42:35
Why can Ubuntu freeze while running? 5Reply
A
Arx7772015-10-14 16:37:47
How to change default terminal emulator in fedora 22? 1Reply
F
fryme2011-06-24 09:24:07
C/C++ debugger under linux 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question