HPE Community
Operating System - HP-UX
1834079 Members
2357 Online
110063 Solutions
New Discussion

Maintaining directory permissions

 
SOLVED
Go to solution
Greg Stark_1
Frequent Advisor

‎08-25-2003 11:29 AM

‎08-25-2003 11:29 AM

Maintaining directory permissions

I have a directory called /opt/i2. It's current permissions are:

drwxrwxr-x root nssi2

I want all newly created files and folders to also get these permissions.

Can this be done? If so how?

Thanks again,
Greg
0 Kudos
Reply
7 REPLIES 7
Steven E. Protter
Exalted Contributor

‎08-25-2003 11:37 AM

‎08-25-2003 11:37 AM

Solution

Re: Maintaining directory permissions

that goal is nearly impossible.

Reason 1:

Unix requires explicit change of a file from non-executable status to executable status.

Take that out and you can maintain permissions of the files by setting the umask parameter on the users writing there.

umask 002

touch me

That will get you what you want except for executable priviledges. It is a security hazard to assume a file is an executable, but it might be needed.

To do that, you'll need a cron or other script that does this:

chmod a+x /opt/i2


SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
James R. Ferguson
Acclaimed Contributor

‎08-25-2003 11:38 AM

‎08-25-2003 11:38 AM

Re: Maintaining directory permissions

Hi Greg:

Setting your 'umask' to 002 will enable you to create directories with the default permissions "rwxrwxr-x". Alternately, you can use the 'mkdir -m' syntax to specify the mode you desire. Files, however, will never have their executable permissions set by default. You will need to 'chmod' files to gain the execute permissions.

Regards!

...JRF...
Reply
A. Clay Stephenson
Acclaimed Contributor

‎08-25-2003 11:48 AM

‎08-25-2003 11:48 AM

Re: Maintaining directory permissions

The answer is no, not really. You can set umask to 002 and that will help but it's not a very secure umask. File creation depends upon two factors the mode of the and then umask which subtracts (more or less) from the mode. In the shell the default mode for regular files is 666 and 777 for directories. Executables, being regular files, at most are setup with 666 permissions so that the 'x' (or '1') must be explicitly set using chmod. To further complicate matters, files created outside the shell (e.g. through an executable) are solely responsible for setting modes and possibly resetting umask values.

You should also note that umask can be changed by a user/process at any time so that relying upon umask even for everything except executables is really no answer.

About the only 'sure fire' method (and it's a kludge) is to fire off a cron job periodically to check/set the permissions.
If it ain't broke, I can fix that.
Reply
Paulo A G Fessel
Trusted Contributor

‎08-25-2003 12:12 PM

‎08-25-2003 12:12 PM

Re: Maintaining directory permissions

Yes, it can be done.

First, change the permissions of the directory to 4775. This will make sure that all files written in this directory will be owned by group "nssi2" and the corresponding user of this group.

Next, for every user belonging to nssi2 group you should add the following line to ~/.profile:

umask 0002

which will make all files to be created with permissions 664 - if they are directories, they will be created with 4775 as the parent directory.

HTH
Paulo Fessel
L'employé propose, le boss dispose.
Reply
Shannon Petry
Honored Contributor

‎08-25-2003 12:31 PM

‎08-25-2003 12:31 PM

Re: Maintaining directory permissions

No, this can not be done contrary to the previous post.

By setting the umask to 0002, you will get close.

The problem is that files are never created with an executable bit. Compilers and of course archives can create this bit, but in reality it's a separate operation. Unix treats a file as a file.

You will need to make a simple cron job, that sets the permissions you like.

Like someone mentioned previously, it's very insecure. So dont be upset if bad things happen.

Sincerely,
Shannon
Microsoft. When do you want a virus today?
Reply
Paulo A G Fessel
Trusted Contributor

‎08-25-2003 12:51 PM

‎08-25-2003 12:51 PM

Re: Maintaining directory permissions

I haven't taken into account that the guy wanted files as executables (headache does not allow deep reflections about anything). The schema I suggested works for directories and their children; if it's the case to make files also 775, then it's really

* difficult to implement

* pointless (unless you're creating executable files in this directory with a compiler; in this case the compiler will set the --x flag itself)

Also, as others also noticed, this scheme is really insecure unless you use a umask 0007 - that is, files will be created with 660 permissions, and will be ever owned by the user that created it and the respective group of /opt/i2.

HTH
Paulo Fessel
L'employé propose, le boss dispose.
Reply
hein coulier
Frequent Advisor

‎08-25-2003 10:57 PM

‎08-25-2003 10:57 PM

Re: Maintaining directory permissions

If i can remember correctly, you could use acl's to accomplish this.

If my memeory servers me well, you can set an acl on a directorie that says : each directory must inherite my acl's and so do files recursively.

On my system it seems i cannot access the manpages, but i think you require vxfs v4.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.