HPE Community
Operating System - HP-UX
1838648 Members
2211 Online
110128 Solutions
New Discussion

Re: File permission

 
ust3
Regular Advisor

‎01-10-2008 02:59 AM

‎01-10-2008 02:59 AM

File permission

In my system , there is a share directory that many users who are in different groups will write , create , modify , remove the files , I would like to ask if I want all users ( whatever group they are ) can do anything to the files in this share directory , what can i do ?

Thx.
0 Kudos
Reply
9 REPLIES 9
Pete Randall
Outstanding Contributor

‎01-10-2008 03:12 AM

‎01-10-2008 03:12 AM

Re: File permission

It sounds like the only thing you can do is set 777 permissions and hope for the best. You should also monitor this directory's growth because it's highly unlikely that the users will clean up after themselves.


Pete

Pete
0 Kudos
Reply
Ivan Krastev
Honored Contributor

‎01-10-2008 03:14 AM

‎01-10-2008 03:14 AM

Re: File permission

Grant read/write permissions to all on that directory. If you want add sticky bit as well - this will preserve someone to delete files, created from other users.

regards,
ivan
0 Kudos
Reply
Srikanth Arunachalam
Trusted Contributor

‎01-10-2008 03:36 AM

‎01-10-2008 03:36 AM

Re: File permission

Hi,

The phrase sticky bit, has some sense to its name.

If it is set on a file, then that file will remain in memory after execution, thus â stickingâ in memory. This is useful when running a multi-user program (such as a bulletin board system that I ran once) to make the program execute faster for the next user. This was a common programming tactic earlier in the history of computer programming when speed and disk space were at a premium.

Actually if you have shared folder you might want to create seperate sub-folders with ACL access (setacl) set on it, freezing the 777 permission on the upper directory.

To render a directory private, the simplest command is:

fs setacl -d DIRNAME -clear -a MYNAME all

To explicitly give public read/lookup access, use:

fs setacl -d DIRNAME -a system:anyuser read

Thanks,
Srikanth
0 Kudos
Reply
ust3
Regular Advisor

‎01-10-2008 06:27 AM

‎01-10-2008 06:27 AM

Re: File permission

thx replies,

the permission of this directory is 777 , anyone can create file to it , but the problem is when user A created a file to it , another user can modify this file as the file mode is 644 or some are 444 , what I want is ALL users can create , modify , remove ALL files ( includes existing file that created from others ) , can advise what can i do ? thx
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎01-10-2008 06:35 AM

‎01-10-2008 06:35 AM

Re: File permission

Hi:

> what I want is ALL users can create , modify , remove ALL files ( includes existing file that created from others ).

Then you need to have the FILES permissions set to -rw-rw-rw- so that any user (owner, group member or not) can read and write them.

The DIRECTORY permissions determines who can read, write and search the directory. Set the DIRECTORY permissions to drwxrwxrwx. Do NOT set the 'sticky' bit on the directory since this means that only the owner of a file can delete it.

Your users will have to set their 'umask' to 000 (or the 'umask' of the process that creates files) such that any files that are created will have default permissions of 666 (-rw-rw-rw-)

Regards!

...JRF...
0 Kudos
Reply
Roberto Arias
Valued Contributor

‎01-10-2008 06:58 AM

‎01-10-2008 06:58 AM

Re: File permission

hi

try with chmod 1777
The man is your friend
0 Kudos
Reply
ust3
Regular Advisor

‎01-10-2008 05:16 PM

‎01-10-2008 05:16 PM

Re: File permission

thx reply,

Your users will have to set their 'umask' to 000 (or the 'umask' of the process that creates files) such that any files that are created will have default permissions of 666 (-rw-rw-rw-)


that is good , but have problem , first , I need to change at least 200 users' profile , second , if do that , all their files will be changed to 666 ( except the shared directory) , can adivse .. thx
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎01-11-2008 01:54 AM

‎01-11-2008 01:54 AM

Re: File permission

>need to change at least 200 users' profile,

Change only /etc/profile. And if users also have it in their .profile, tell them to change it. You could of course write a script to do the changing, so it wouldn't matter how many.

>all their files will be changed to 666

I don't see any good ways.
You could have a cronjob that just sleeps and wakes up and chmod all files in that directory to a+rw.
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

‎01-11-2008 07:36 AM

‎01-11-2008 07:36 AM

Re: File permission

An user can be a member of several (secondary) groups simultaneously, but a file can belong to one group only.

You can create yet another group and make all the users that are required to access the share directory members of that group. For example, let the name of the group be "sharegrp".

Then set the group ownership of the share directory to "sharegrp" and set "chmod g+rwxs" to the directory.

Now all the group members can access the directory. Furthermore, the setgid bit on the directory will cause any new files created in that directory to be owned by the sharegrp group. Any new subdirectories will get both the sharegrp group ownership and the setgid bit.

Now you can set the umask to 002 or 007, and the users will find that it "just works".

The users should know one trick, though:
if someone accidentally creates a file that is not owned by the sharegrp, they may not be able to modify its contents. This may happen if someone extracts files from an old tar package while preserving file permissions, for example.

However, the directory permissions will allow the users to rename or delete the offending file. If the user can read the file, he/she can do this:

mv problemfile problemfile.old
cp problemfile.old problemfile
rm problemfile.old

You should also note that root ignores all file permissions, including the setgid setting. If a shared directory is set up like this, it's actually better to not be root when manipulating its contents.

MK
MK
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.