On 06/29/2014 10:24 PM, intecperict wrote:[color=blue]
I know this subject has been beaten to death. 
I’ve read the
conversations and threads. Some of them advise the use of using useradd,
to add users to a group. I dont think I can use this as I already have
users on my system.[/color]
I do not understand. You can add groups to existing system at any time,
and you can add users to new groups at any time, and those should still
work. In essence this is what you’ll need to do with the option you’re
proposing below by using the SGID bit, though your steps below are incomplete.
[color=blue]
We access our shared Linux folders from Windows. Our users complain they[/color]
Using which protocol? NFS? SMB? SFTP/SCP? FTPS/FTP?
[color=blue]
cant access documents or create folders, via Windows Explorer, in the
Linux shared folder when someone else creates it. For example, if user A
creates a folder (say folder abc) in the shared Linux directory (via
Windows Explorer or within Linux itself), user B cannot create anything
in folder abc unless the admin issues this command:
chmod -R 2777 /home/myproj/ where myproj is the base
folder.[/color]
This command states: Set all permissions in /home/myproj to be readable,
writable, and executable by anybody, and also set the SGID bet all over
the place. In my opinion, the ‘777’ portion of this is a bad idea, but it
is probably also the reason things work until you create new stuff (that
does not make it good… it just means you’re exploiting weak permissions
to your own benefit).
The SGID bit’s purpose is to help in your kind of scenario. To make it
work the SGID bit must be set (‘2’ as the first of four octets, as you
have it above) and then the group-owner of the directories must be the
group-owner you intend to stick around for everything within. For a new
install, this works well since when you first start all you have is the
new directory and everything created within will be created after the SGID
bit is set, so everything within will have the same group-owner. For an
existing directory structure you need to be sure that the group-owner of
everything is set correctly first or else the SGID functionality will
continue to do what it does best, which is to set the group-owner to
whatever value is set on the directory containing the new file/directory.
In summary, if you do not have all of your content within /home/myproj
set to be group-owned by the correct group (the one to which everybody
appropriate belongs), then fix that with ‘chgrp’:
Code:
chgrp -R correctGroupHere /home/myproj
[color=blue]
I thought setting this permission once is adequate but I find out it is
not. It has to be issued every time someone creates a new folder so that
others can create or modify files in them.[/color]
Another option is that perhaps your umask is incorrect, which your ‘chown’
command is “fixing” for you over and over. If your umask is the default
0022, then any files/directories created will not be writable by the
group-owner, but will only be readable. If this is the case you need to
help users change their default umask so that when they create
files/directories they do so with the correct permissions allowing other
group-members to have rights to the new content. A directory will
normally be created granting the group-owner access to read/execute (list
files of, and browse into, the directory, but not create) and read (not
write) files. A umask of 0002 (or 000-anything) would fix this.
–
Good luck.
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below…
I’ve read the conversations and threads. Some of them advise the use of using useradd, to add users to a group. I dont think I can use this as I already have users on my system.
Can someone please point out some documentation that I can refer to or some tips on how to implement this?