You would typically put that setting in your ~/.profile: umask 002 # or 007 to have files not readable by others Change that to 002, meaning to forbid only write-by-other permission. The default umask on most systems is 022, meaning that files can have all permissions except write by group and other. You'll also need to set Alice and Bob's umask to make all their files group-writable by default. The s here means the setgid bit for a directory, it means that files created in this directory will belong to the group that owns the directory. If ACLs are not an option, make the directory owned by the group GROUPNAME, and set its permissions to 2775 or 2770: chmod g+rwxs /path/to/directory. Setfacl -m group:GROUPNAME:rwx /path/to/directory Under Linux: setfacl -d -m group:GROUPNAME:rwx /path/to/directory Now that the one-time setup is over, change the directory's ACL to give the group write permissions and to make these permissions inherited by newly created files. Also install the ACL command line tools getfacl and setfacl, typically provided in a package called acl. Run mount -o remount,acl / to activate ACLs without rebooting. On older kernels you may to need to specify the acl mount option explicitly, so the entry in /etc/fstab should look like /dev/sda1 / ext4 errors=remount-ro,acl 0 1. You may need to change the mount options to enable ACLs: with ext2/ext3/ext4, the kernel default since 2.6.39 is to enable ACLs. Under Linux, make sure that the filesystem you're using supports ACLs (most unix filesystems do). If at all possible, use access control lists (ACL).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |