Linux: Force different set of directory/file permissions

linuxpermissions

Using CentOS 4.6:

Scenario:
I have a dameon running as root that is constantly creating files and folders in lets say directory /some/directory. Since the files are being created by root, the permissions of those folders and files are determined by the root's umask, which is the default 644 for files and 755 for folders.

I have an application that accesses these files via samba and needs to be able to copy and delete the files. The samba username the application is using is mapped to a user let say 'app_user' which is unable to delete the files because of the permissions. I have added 'app_user' to the group 'app_group'

This is what I would Like to do:

I am hoping there is some way to configure the directory /some/directory so that all files and folders created are owned by the group 'app_group' and have write permissions for that group.

I do not have the option to run the dameon under a different username and I do not want to mess with the umask for root. I would prefer a solution that does not involve running a script to change the permissions. I just want my application to be able to copy and delete these files.

Thanks

Best Answer

I'd go the POSIX ACLs. I'm a big fan of them and I don't find them all that difficult to use. The only think you really need to make sure is that your backup software can restore them.

The steps should be:

1) Edit fstab and add ",acl" to the options for the partition(s) you want to use ACLS on

2) Run the following to remount the partition with the new acl option

mount <relevant_partion> -oremount

3) Run the following to apply the default acl to the directory and it's child dirs:

setfacl -R -dm u:app_user:755 /some/directory

4) Run the following to check the default acl has appeared:

getfacl /some/directory

Further testing create a file and a dir in /some/directory and make sure they end up with the acl and in the case of the dir, the default acl,. so that file created inside it will also get the acl

Related Solutions

Linux – Copying a large directory tree locally? cp or rsync

I would use rsync as it means that if it is interrupted for any reason, then you can restart it easily with very little cost. And being rsync, it can even restart part way through a large file. As others mention, it can exclude files easily. The simplest way to preserve most things is to use the -a flag – ‘archive.’ So:

rsync -a source dest

Although UID/GID and symlinks are preserved by -a (see -lpgo), your question implies you might want a full copy of the filesystem information; and -a doesn't include hard-links, extended attributes, or ACLs (on Linux) or the above nor resource forks (on OS X.) Thus, for a robust copy of a filesystem, you'll need to include those flags:

rsync -aHAX source dest # Linux
rsync -aHE source dest  # OS X

The default cp will start again, though the -u flag will "copy only when the SOURCE file is newer than the destination file or when the destination file is missing". And the -a (archive) flag will be recursive, not recopy files if you have to restart and preserve permissions. So:

cp -au source dest

Specify default group and permissions for new files in a certain directory

In order to have all files under a given directory inherit group rights, you need to use the setgid bit on your directory. See this link.

 $ mkdir test
 $ sudo chown raphink.staff test
 $ ls -lhd test
     drwxr-xr-x 2 raphink staff 4.0K 2009-12-21 16:19 test
 $ sudo chmod g+s test # Set the setgid bit
 $ ls -lhd test
     drwxr-sr-x 2 raphink staff 4.0K 2009-12-21 16:21 test
 $ touch test/foo
 $ ls -lh test
     total 0
     -rw-r--r-- 1 raphink staff 0 2009-12-21 16:23 foo

Best Answer

Related Solutions

Linux – Copying a large directory tree locally? cp or rsync

Specify default group and permissions for new files in a certain directory

Related Topic