[NTLUG:Discuss] force group ownership

Paul Ingendorf pauldy at wantek.net
Thu Jan 31 17:35:47 CST 2002 

umask -S u=rw,g=rw,o=

I prefer this method as it is easier to read and requires less math.

Here is how it works.
Read = 2
Write = 4
Execute = 1

Just like chmod.  The difference is when you want to set the mask instead of adding you subtract.  We start off with a mask of 777 meaning permissions of --------- now we want it to say give the user read and write group read and nothing for others then we subtract a read write from the user field giving us a 1 remove a read from the group field giving us a 5 and leave the other field alone.  We concatenate the fields together and it gives us 157 which is the umask for files to be created with permissions of 620 or rw-r-----.  hope this helps.  Oh also you put this in the profile so it runs every time someone logs in this will make this the default create mask for everyone who logs in.  You may want to check what the users group is prior to running the umask command.  You can do this by running the groups command and it will list the groups they are a member of.  Of course if this is a samba server and your only access is via smb shares then all you really need is the following:

force group = planning
create mask = 0660

These two additions to your share definition will tell it to force your group as planning and create the files with default readwrite for the user and group.  This will allow you to audit the owners of files if the case ever arose someone decided it would be funny to put viruses there or something of that nature.


-----Original Message-----
From: discuss-admin at ntlug.org [mailto:discuss-admin at ntlug.org]On Behalf
Of Bobby Wrenn
Sent: Thursday, January 31, 2002 4:58 PM
To: discuss at ntlug.org
Subject: Re: [NTLUG:Discuss] force group ownership


I think these are the relavant snips for /etc/profile

##### Handle by Mandrake Security
#if [ `id -gn` = `id -un` -a `id -u` -gt 14 ]; then
#       umask 002
#else
#       umask 022
#fi

appears to be all comments. Which I would uncomment except for this at
the end of the file

# Mandrake-Security : if you remove this comment, remove the next line
too.
umask 022

What do these numbers mean?

In case it matters the distro is Mandrake 8.1.

Thanks
Bobby

"Rob Holland (INSI)" wrote:
> 
> 1. Make sure the directory belongs to the planning group.  I assume its
> owner is root.
> chown -R root.planning /home/planning
> 
> 2. make new directories and files created by members of the group writeable
> by the group and readable by others.  Samba will also have to be configured
> this way (see step 5 below).
> chmod 2775 /home/planning
> 
> 3. Check that the default umask for regular users (i.e. the true side of the
> if-else-fi) in /etc/profile is 002.
> 
> 4. Check or add the Samba definition for the share.  I use linuxconf.  Go to
> config; networking; server tasks; samba file server; disk shares; add, and
> fill in the following fields:
> share name = planning
> comment = shared files
> enabled = yes
> browseable = yes
> directory = /home/planning
> public access = yes
> writeable = yes
> 
> 5. The next set of options is not available in linuxconf (atleast they
> weren't under RH 6.2), so edit /etc/smb.conf.  Add a section after the
> section added by linuxconf.  These lines allow the rules we set up for the
> shared files directory to be used by Windows clients.  By default, Samba
> would override these rules.
> create mask = 0775
> directory mask = 0775
> security mask = 0777  #allow win clients to set all perms on files
> directory security mask = 0777 #allow win clients to set all perms on dirs
> inherit permissions = yes  #carries forward prmissions from /home/planning
> 
> That should do it...
> 
> ----- Original Message -----
> From: "Bobby Wrenn" <bjwrenn at augustmail.com>
> To: <discuss at ntlug.org>
> Sent: Thursday, January 31, 2002 4:03 PM
> Subject: [NTLUG:Discuss] force group ownership
> 
> > For one of the sysadmin types.
> >
> > I have a directory (/home/planning). I have a group of users named
> > planning. I need to force the group attribute for files in this
> > directory to the planning group. I need for anyone in the planning group
> > to be able to edit the files in the directory. The files need to be read
> > only for everyone on the LAN.
> >
> > Just to make it interesting, this is all happening on a Samba share.
> >
> > TIA
> > Bobby
> >
> > _______________________________________________
> > http://www.ntlug.org/mailman/listinfo/discuss
> >
> 
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss

_______________________________________________
http://www.ntlug.org/mailman/listinfo/discuss

More information about the Discuss mailing list