Office
In the office, we have a linux server and a few workstations. We wanted users to be able to create files in shared folders which all other users could read.
To get this to work, we want users to create files which, by default, the group can read and write. If these files are then copied to a shared folder other users in the group will be able to read and write.
We set-up permissions as follows:
Make sure the user and group ID’s match across the server and all workstations.
Edit
/etc/profileon the workstations to change theumaskfrom022to007:# /etc/profile # ... # umask 022 umask 007
The default permissions for a folder are
777.A
umaskvalue of007will create folders withdrwxrwx---. This will allow the user and any member of the group full access to the folder.The default permissions for a file are
666.A
umaskvalue of007will create files with-rw-rw----. This will allow the user and any member of the group read, write and delete access to the files, but deny access to others.
Edit
/etc/profileon the server and change theumaskfrom002to007:# /etc/profile # ... # umask 002 umask 007
This will continue to allow full user and group access, but deny access to others.
Shared folders should be created with
SGID(Set Group Identification) attribute set. For details see Files and Folders - Permissions, Folders, Group Identification.If you have shared folders, where the files and directories have incorrect permissions, then the following should set them back to defaults which suit the above.
To set all directories as 770 and files as 660:
find . -type d -exec chmod 2770 {} \; find . -type f -exec chmod 0660 {} \;
Note: You might need to use
sudowith these commands if you do not have permission…
Note: If you use sudo with the above settings, then the sudo user
(probably root) will be using the updated mask i.e. 007 rather than
022. To try and solve the problem, we have updated the visudo
settings as follows:
Defaults▸ env_reset, umask_override, umask=0022