RE: Setting quota on user's home folders?

RE: Setting quota on user's home folders?

[Jessica_Schieffer]

Quotas are supported by default in the RH kernels.  Here is the step by
step from RH site.
http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/admin-primer/s1-
storage-quotas.html If you are using ext2, you must enable journaling
first since it is not default until ext3.  Steps to create disk quotas

In order to use disk quotas, you must first enable them. 
1. Modifying /etc/fstab
2. Remounting the file system(s)
3. Running quotacheck (quotacheck -avug)
4. Assigning quotas (edquota)

Example /etc/fstab
/dev/md0          /                  ext3    defaults        1 1
LABEL=/boot       /boot              ext3    defaults        1 2
none              /dev/pts           devpts  gid=5,mode=620  0 0
LABEL=/home       /home              ext3    defaults,usrquota,grpquota
1 2
none              /proc              proc    defaults        0 0
none              /dev/shm           tmpfs   defaults        0 0
/dev/md1          swap               swap    defaults        0 0

Example edquota
Disk quotas for user ed (uid 500):
  Filesystem      blocks       soft       hard     inodes     soft
hard
  /dev/md3       6617996    6900000    7000000      17397        0
0


Jessica Schieffer 
* (201) 248-3566

-----Original Message-----
From: linux-newbie-owner@vger.kernel.org
[mailto:linux-newbie-owner@vger.kernel.org] On Behalf Of Eve Atley
Sent: Thursday, March 17, 2005 2:01 PM
To: 'Peter'; 'Ray Olszewski'
Cc: linux-newbie@vger.kernel.org
Subject: RE: Setting quota on user's home folders?


Sorry about not including system info: it's RedHat 9 ATM (to upgrade to
RH
Enterprise 3).

>I noticed, on running ` locate quota` , that these lines appear in my
output

I ran this too, and it came back with this:

(truncated)
 /etc/warnquota.conf
/usr/bin/quota
/usr/sbin/edquota
/usr/sbin/quotastats
/usr/sbin/repquota
/usr/sbin/rpc.rquotad
/usr/sbin/setquota
/usr/sbin/warnquota
/sbin/convertquota
/sbin/quotacheck
/sbin/quotaoff
/sbin/quotaon

So, I'm wondering if it's already in my system.

- Eve

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie"
in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Simple script to set permissions on folders daily - write script and cron it?

[Eve Atley]

Hello! I want to write a very simple script that once daily (via cron) will
set permissions to 777. This is to override any permissions set on files
uploaded by other people, so everyone who already has access to the group
will have rwx access to the file(s).

So I'm double-checking if the best route is to create my script, then run it
in cron as necessary. Or is there another way I should be handling it?

Here's the script:

#!/bin/sh
#set_permissions: simple routine to set permissions of directories to be
#accessible by everyone who already has specific group access.
#
#written by EMM - 3/28/2005
      cd /home/shared/hr/
	chmod 777 -R *
	cd /home/shared/public
	chmod 777 -R *
#put an exception here for /scans and /cd however
#????
	cd /home/shared/accounting
	chmod 777 -R *
Fi

Thanks much,
Eve


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Simple script to set permissions on folders daily - write script and cron it?

[John T. Williams]

you could use a sticky bit on the directory instead.

man chmod and read the second on sticky bit and directories.  It might save
you effort.


----- Original Message ----- 
From: "Eve Atley" <eatley@wowcorp.com>
To: <linux-newbie@vger.kernel.org>
Sent: Monday, March 28, 2005 4:02 PM
Subject: Simple script to set permissions on folders daily - write script
and cron it?


>
> Hello! I want to write a very simple script that once daily (via cron)
will
> set permissions to 777. This is to override any permissions set on files
> uploaded by other people, so everyone who already has access to the group
> will have rwx access to the file(s).
>
> So I'm double-checking if the best route is to create my script, then run
it
> in cron as necessary. Or is there another way I should be handling it?
>
> Here's the script:
>
> #!/bin/sh
> #set_permissions: simple routine to set permissions of directories to be
> #accessible by everyone who already has specific group access.
> #
> #written by EMM - 3/28/2005
>       cd /home/shared/hr/
> chmod 777 -R *
> cd /home/shared/public
> chmod 777 -R *
> #put an exception here for /scans and /cd however
> #????
> cd /home/shared/accounting
> chmod 777 -R *
> Fi
>
> Thanks much,
> Eve
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.linux-learn.org/faqs


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Simple script to set permissions on folders daily - write script and cron it?

[Ray Olszewski]

At 04:02 PM 3/28/2005 -0500, Eve Atley wrote:

>Hello! I want to write a very simple script that once daily (via cron) will
>set permissions to 777. This is to override any permissions set on files
>uploaded by other people, so everyone who already has access to the group
>will have rwx access to the file(s).
>
>So I'm double-checking if the best route is to create my script, then run it
>in cron as necessary. Or is there another way I should be handling it?
>
>Here's the script:
>
>#!/bin/sh
>#set_permissions: simple routine to set permissions of directories to be
>#accessible by everyone who already has specific group access.
>#
>#written by EMM - 3/28/2005
>       cd /home/shared/hr/
>         chmod 777 -R *
>         cd /home/shared/public
>         chmod 777 -R *
>#put an exception here for /scans and /cd however
>#????
>         cd /home/shared/accounting
>         chmod 777 -R *
>Fi
>
>Thanks much,
>Eve

Eve --

I'm not quite sure what you mean by "has access to the group" ... 
specifically, what the "group" is. In normal Unix/Linux terminology, user 
accounts (userids) are associated with one or more groups, through either 
the /etc/passwd entry (for an account's main group) or /etc/group (for 
secondary group affiliations).

If that's what you are talking about, you shouldn't be using mode 777 ... 
which gives read-write-execure access to *anyone* with an account on the 
system, not just to members of a specific group. You should be using 770, 
or maybe 775, depending on your specifics. Maybe you also need to change 
the group settings of the files to the common group, again depending on 
details you have but I don't.

I assume you've decided for some reason that handling this by changing 
umask entries (I think we discussed that in an earlier thread you started) 
is unsuitable for your site for some reason I've forgotten.

Aside from that, the script looks fine (unless the "Fi" line is meant to be 
part of it; that won't work) ... since I don't know what the comment about 
exceptions means, I can't suggest how to implement it. You could shorted 
nit by skipping the "cd" lines and just writing (for example) "chmod 777 -R 
/home/shared/hr/*".

The script will probably need to run as root (or perhaps some other account 
that has the ability to change permissions for all the files involved, if 
you have such an account). If Red Hat (you use RH, right?) has the ability 
to run scripts from  /etc/cron.daily, you can do it that way ... otherwise, 
use crontab as root to set t ups as a root cron job.

(BTW, if the details of modes are not already clear to you, "man chmod" 
will tell you a bit. "man 2 chmod" will (or should, if it is on your 
system) tell you a good bit more, albeit in harder to read form.)

Hope this helps.


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Simple script to set permissions on folders daily - write script and cron it?

[J.]

On Mon, 28 Mar 2005, Eve Atley wrote:
 
> Hello! I want to write a very simple script that once daily (via cron) will
> set permissions to 777. This is to override any permissions set on files
> uploaded by other people, so everyone who already has access to the group
> will have rwx access to the file(s).

You should do that by setting the `umask value' or configuring the
programs that store the files correctly . No need for a
cronscript. That is if they are only uploading and not accessing the
shell interactively, even then you should go for a systemwide default
`umask' value.

> So I'm double-checking if the best route is to create my script, then run it
> in cron as necessary. Or is there another way I should be handling it?
> 
> Here's the script:
> 
> #!/bin/sh
> #set_permissions: simple routine to set permissions of directories to be
> #accessible by everyone who already has specific group access.
> #
> #written by EMM - 3/28/2005
>       cd /home/shared/hr/

Does the directory exsist you `cd' to ? 
test -d /home/shared/hr/ || echo "Error - .... and exittttt.. "
or
if [ ! -d /home/shared/hr/ ] ; then
 print error..
fi

> 	chmod 777 -R *

You say, `permissions of directorys' The above will set permissions of
all files except for the dotted files.

You could walk the directory structure by means of `find' and evaluate if 
the file is a directory file by `-type d'.
find /home/shared/hr/ -type d -exec chmod 0755 '{}' \;

Then there is overhead, since every file no matter what the permissions
are is set. Check if the file needs permissions 777 and what the current
permissions are.. 

Other..., Maybe there are files that no matter what shouldn't be world
readable and writable.. If multiple users are on your system they could
put a file in a certain directory, your cronscript goes over
it, maybe as user root.. and.. makes it world readable/writable.. Not a
good thing. There is also a time gap inbetween the two different
permissions, users can't access their files until your cronscript has set
the correct permissions. Yes running your cronscript every X sec's will
fix that, but that's not the way... 

 > 	cd /home/shared/public
> 	chmod 777 -R *
> #put an exception here for /scans and /cd however
> #????
> 	cd /home/shared/accounting
> 	chmod 777 -R *
> Fi

There is no error wrapper in your script, it will keep running after
errors or notifying messages have occurred. Cron takes also the exit value
of your script to determine if it's successful or not..  

> Thanks much,
> Eve

You should take more effort doing the `Unix filosofy', Do one thing
and do it well.. [Right from the beginning in your case].

You are fixing symptoms, after the problem has occurred. E.G.

From the moment a file is stored on your system, it should have the right
permissions. That takes good configuration of the basics of your system.

Before looking at these type of problems, try to imagine if you are
running an ISP with 1000+ users. Who are constantly accessing their files.

You surely don't want to run constantly cronscripts to fix every
user/group rights management problem ?

GNU/Linux , Unix are multitasking, multiuser operatingsystems and they
should be treated like that.. Otherwise you will loose all the advantages
of that at a certain given point..

GoodLuck..

J.

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

RE: Simple script to set permissions on folders daily - write script and cron it?

[Mike Turcotte]

I am fairly new to the linux scene, and I am currently using Gentoo
Linux. How exactly do I go about setting a global default umask value to
set 777 permissions on a particular folder and its contents?

Michael Turcotte
Information Systems
City of North Bay
200 McIntyre St. E
PO Box 360
North Bay, Ontario
P1B 8H8
 
Mike.Turcotte@cityofnorthbay.ca
http://www.cityofnorthbay.ca 

> -----Original Message-----
> From: linux-newbie-owner@vger.kernel.org [mailto:linux-newbie-
> owner@vger.kernel.org] On Behalf Of J.
> Sent: Monday, March 28, 2005 6:11 PM
> To: linux-newbie@vger.kernel.org
> Subject: Re: Simple script to set permissions on folders daily - write
> script and cron it?
> 
> On Mon, 28 Mar 2005, Eve Atley wrote:
> 
> > Hello! I want to write a very simple script that once daily (via
cron)
> will
> > set permissions to 777. This is to override any permissions set on
files
> > uploaded by other people, so everyone who already has access to the
> group
> > will have rwx access to the file(s).
> 
> You should do that by setting the `umask value' or configuring the
> programs that store the files correctly . No need for a
> cronscript. That is if they are only uploading and not accessing the
> shell interactively, even then you should go for a systemwide default
> `umask' value.
> 
> > So I'm double-checking if the best route is to create my script,
then
> run it
> > in cron as necessary. Or is there another way I should be handling
it?
> >
> > Here's the script:
> >
> > #!/bin/sh
> > #set_permissions: simple routine to set permissions of directories
to be
> > #accessible by everyone who already has specific group access.
> > #
> > #written by EMM - 3/28/2005
> >       cd /home/shared/hr/
> 
> Does the directory exsist you `cd' to ?
> test -d /home/shared/hr/ || echo "Error - .... and exittttt.. "
> or
> if [ ! -d /home/shared/hr/ ] ; then
>  print error..
> fi
> 
> > 	chmod 777 -R *
> 
> You say, `permissions of directorys' The above will set permissions of
> all files except for the dotted files.
> 
> You could walk the directory structure by means of `find' and evaluate
if
> the file is a directory file by `-type d'.
> find /home/shared/hr/ -type d -exec chmod 0755 '{}' \;
> 
> Then there is overhead, since every file no matter what the
permissions
> are is set. Check if the file needs permissions 777 and what the
current
> permissions are..
> 
> Other..., Maybe there are files that no matter what shouldn't be world
> readable and writable.. If multiple users are on your system they
could
> put a file in a certain directory, your cronscript goes over
> it, maybe as user root.. and.. makes it world readable/writable.. Not
a
> good thing. There is also a time gap inbetween the two different
> permissions, users can't access their files until your cronscript has
set
> the correct permissions. Yes running your cronscript every X sec's
will
> fix that, but that's not the way...
> 
>  > 	cd /home/shared/public
> > 	chmod 777 -R *
> > #put an exception here for /scans and /cd however
> > #????
> > 	cd /home/shared/accounting
> > 	chmod 777 -R *
> > Fi
> 
> There is no error wrapper in your script, it will keep running after
> errors or notifying messages have occurred. Cron takes also the exit
value
> of your script to determine if it's successful or not..
> 
> > Thanks much,
> > Eve
> 
> You should take more effort doing the `Unix filosofy', Do one thing
> and do it well.. [Right from the beginning in your case].
> 
> You are fixing symptoms, after the problem has occurred. E.G.
> 
> From the moment a file is stored on your system, it should have the
right
> permissions. That takes good configuration of the basics of your
system.
> 
> Before looking at these type of problems, try to imagine if you are
> running an ISP with 1000+ users. Who are constantly accessing their
files.
> 
> You surely don't want to run constantly cronscripts to fix every
> user/group rights management problem ?
> 
> GNU/Linux , Unix are multitasking, multiuser operatingsystems and they
> should be treated like that.. Otherwise you will loose all the
advantages
> of that at a certain given point..
> 
> GoodLuck..
> 
> J.
> 
> -
> To unsubscribe from this list: send the line "unsubscribe
linux-newbie" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.linux-learn.org/faqs
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

RE: Simple script to set permissions on folders daily - write script and cron it?

[Ray Olszewski]

At 09:31 AM 3/29/2005 -0500, Mike Turcotte wrote:
>I am fairly new to the linux scene, and I am currently using Gentoo
>Linux. How exactly do I go about setting a global default umask value to
>set 777 permissions on a particular folder and its contents?
[...]

You don't. That's not how umask works. Instead, it sets default permissions 
for *all* files saved by a particular account (userid).

If you want to make this change for all userids (or all except root), do it 
in some file that sets the environment globally. For the bash shell, this 
is probably /etc/profile (that's the standard one, and I imagine Gentoo 
follows the standard). For example, my /etc/profile file contains this line:

         umask 022

A umask is the (octal) inverse of permissions, so this sets the default 
permissions to 755. For a default of 777, set the umask to 000.

If you want to make the change for specific accounts (userids), put a line 
to reset the umash in that account's individual configuration file. This 
varies in name a bitr more than systemwide files, but ones to look for are 
(in the account's home directory) .profile, .bash_profile, or .bashrc (use 
"ls -a" to display filenames that begin with a .).

I don't know of a way to set default permissions for a specific directory 
only, which is why I didn't discourage Eve from taking the approach she 
described for her problem. Perhaps someone else does, though ... we'll have 
to wait and see.

         

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

RE: Simple script to set permissions on folders daily - write script and cron it?

[Eve Atley]

That is my issue as well; Ray and others, I hadn't implemented umask because
it still appears Greek to me. I'm not against use umask; I just didn't 'get
it' upon reading stuff online. A link or two pointing to 'Umask for Idiots'
would be great!

Thanks,
Eve


P.S. For additional info, my setup is something like this:
Directories 'accounting' and 'hr' are created.
Groups 'accounting' and 'hr' are active in the system.
Users have been assigned to accounting and hr group.
Directories are then locked to those users with access to accounting or hr,
respectively.
Accounting and HR are currently set up as 
drwxrwx--T accounting
drwxrwx--T hr

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

RE: Simple script to set permissions on folders daily - write script and cron it?

[Mike Turcotte]

That would be great if someone knew and could tell us how to set default
permissions on a specific directory.

The info that has been given here has been a help though, so thanks
everyone for helping me out!

Michael Turcotte
Information Systems
City of North Bay
200 McIntyre St. E
PO Box 360
North Bay, Ontario
P1B 8H8
 
Mike.Turcotte@cityofnorthbay.ca
http://www.cityofnorthbay.ca 

> -----Original Message-----
> From: linux-newbie-owner@vger.kernel.org [mailto:linux-newbie-
> owner@vger.kernel.org] On Behalf Of Ray Olszewski
> Sent: Tuesday, March 29, 2005 10:51 AM
> To: linux-newbie@vger.kernel.org
> Subject: RE: Simple script to set permissions on folders daily - write
> script and cron it?
> 
> At 09:31 AM 3/29/2005 -0500, Mike Turcotte wrote:
> >I am fairly new to the linux scene, and I am currently using Gentoo
> >Linux. How exactly do I go about setting a global default umask value
to
> >set 777 permissions on a particular folder and its contents?
> [...]
> 
> You don't. That's not how umask works. Instead, it sets default
> permissions
> for *all* files saved by a particular account (userid).
> 
> If you want to make this change for all userids (or all except root),
do
> it
> in some file that sets the environment globally. For the bash shell,
this
> is probably /etc/profile (that's the standard one, and I imagine
Gentoo
> follows the standard). For example, my /etc/profile file contains this
> line:
> 
>          umask 022
> 
> A umask is the (octal) inverse of permissions, so this sets the
default
> permissions to 755. For a default of 777, set the umask to 000.
> 
> If you want to make the change for specific accounts (userids), put a
line
> to reset the umash in that account's individual configuration file.
This
> varies in name a bitr more than systemwide files, but ones to look for
are
> (in the account's home directory) .profile, .bash_profile, or .bashrc
(use
> "ls -a" to display filenames that begin with a .).
> 
> I don't know of a way to set default permissions for a specific
directory
> only, which is why I didn't discourage Eve from taking the approach
she
> described for her problem. Perhaps someone else does, though ... we'll
> have
> to wait and see.
> 
> 
> 
> -
> To unsubscribe from this list: send the line "unsubscribe
linux-newbie" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.linux-learn.org/faqs
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

RE: Simple script to set permissions on folders daily - write script and cron it?

[J.]

On Tue, 29 Mar 2005, Eve Atley wrote:

> That is my issue as well; Ray and others, I hadn't implemented umask because
> it still appears Greek to me. 

Eve I think ray's answer was very good. I think you have to look a bit
more at how permissions work, and what happends when someone
log's in [or program logins in] . I know it's a bit akward these
permission bit's and bytes in the umask forrest.

That is because it requires a fundemental understanding of
nr. systems. Like octal, binary. Yes.. yuk.. Learning curve steep, but it
makes or breakes your system, take it from me...

The Fundemental questions:
1. What & Who is creating the files on your system ?
2. What & Who needs to access them ?

If you know that, you solved half your problem. Now you can pick the best
approach.

As for umask:

New files are created with a default access mode to automatically set the
permision levels. [umask] .

When new files are created, the protection bits are set according to the
users default setting. Like ray said . The default is established using
the umask command in some sort of startup script either bash or
another shell. `man umask' or `umask --help'

If you are the sys-admin of your system then you can set the default umask
value for all users, not just your self. 

There are also programs which can set their own permission bits. Like
for example in samba:
 create mask = 0700
 directory mask = 0700
 browseable = No

Or ssh shell..
....etc..

That's why you need to know what, and who's creating the files and who
want's to access them..

> I'm not against use umask; 

It's not if you are against it or not. You will have to use it.. No matter
what. 

> I just didn't 'get it' upon reading stuff
> online. A link or two pointing to 'Umask for Idiots' would be great!

Again, that's because the Nr.'s dont make any sense. And I can't blame you
for that.

http:/www.google.com/linux 

search for octal, umask....

> Thanks,
> Eve
> 
> 
> P.S. For additional info, my setup is something like this:
> Directories 'accounting' and 'hr' are created.
> Groups 'accounting' and 'hr' are active in the system.
> Users have been assigned to accounting and hr group.
> Directories are then locked to those users with access to accounting or hr,
> respectively.
> Accounting and HR are currently set up as 
> drwxrwx--T accounting
> drwxrwx--T hr

The program they use to access these files, does that program run under
?? which user/group ?? My best guess is, Fix that, and you fixed your
problem.. 

J.

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

RE: Simple script to set permissions on folders daily - write script and cron it?

[J.]

On Tue, 29 Mar 2005, Mike Turcotte wrote:

> That would be great if someone knew and could tell us how to set default
> permissions on a specific directory.

In the case if the directory is NOT a mount point:
This is done either from the command-line with `chmod' or if you want this
as a default, create a startup script in your /etc/init.d/
directory and make sure it's executed at the right run-level. 
[depends on your GNU/Linux distro]. That way everytime your
system starts-up the directory is set to the right permissions.

If the directory is a mountpoint, umount and remount it with the
permissions. /etc/fstab

If you use samba, php, apache or any other deamon program to access your
files set the file mask permissions in those programs correctly. And make
sure the user & group settings under which these programs run on your
system have the right permissions todo so.

> The info that has been given here has been a help though, so thanks
> everyone for helping me out!
> 
> Michael Turcotte
> Information Systems
> City of North Bay
> 200 McIntyre St. E
> PO Box 360
> North Bay, Ontario
> P1B 8H8
>  
> Mike.Turcotte@cityofnorthbay.ca
> http://www.cityofnorthbay.ca 
> 
> > -----Original Message-----
> > From: linux-newbie-owner@vger.kernel.org [mailto:linux-newbie-
> > owner@vger.kernel.org] On Behalf Of Ray Olszewski
> > Sent: Tuesday, March 29, 2005 10:51 AM
> > To: linux-newbie@vger.kernel.org
> > Subject: RE: Simple script to set permissions on folders daily - write
> > script and cron it?
> > 
> > At 09:31 AM 3/29/2005 -0500, Mike Turcotte wrote:
> > >I am fairly new to the linux scene, and I am currently using Gentoo
> > >Linux. How exactly do I go about setting a global default umask value
> to
> > >set 777 permissions on a particular folder and its contents?
> > [...]
> > 
> > You don't. That's not how umask works. Instead, it sets default
> > permissions
> > for *all* files saved by a particular account (userid).
> > 
> > If you want to make this change for all userids (or all except root),
> do
> > it
> > in some file that sets the environment globally. For the bash shell,
> this
> > is probably /etc/profile (that's the standard one, and I imagine
> Gentoo
> > follows the standard). For example, my /etc/profile file contains this
> > line:
> > 
> >          umask 022
> > 
> > A umask is the (octal) inverse of permissions, so this sets the
> default
> > permissions to 755. For a default of 777, set the umask to 000.
> > 
> > If you want to make the change for specific accounts (userids), put a
> line
> > to reset the umash in that account's individual configuration file.
> This
> > varies in name a bitr more than systemwide files, but ones to look for
> are
> > (in the account's home directory) .profile, .bash_profile, or .bashrc
> (use
> > "ls -a" to display filenames that begin with a .).
> > 
> > I don't know of a way to set default permissions for a specific
> directory
> > only, which is why I didn't discourage Eve from taking the approach
> she
> > described for her problem. Perhaps someone else does, though ... we'll
> > have
> > to wait and see.
> > 
> > 
> > 
> > -
> > To unsubscribe from this list: send the line "unsubscribe
> linux-newbie" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> > Please read the FAQ at http://www.linux-learn.org/faqs
> -
> To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.linux-learn.org/faqs
> 

Tuesday, March 29 18:53:43



--
http://www.rdrs.net/

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

RE: Simple script to set permissions on folders daily - write script and cron it?

[Ray Olszewski]

At 07:02 PM 3/29/2005 +0200, J. wrote:
>On Tue, 29 Mar 2005, Mike Turcotte wrote:
>
> > That would be great if someone knew and could tell us how to set default
> > permissions on a specific directory.
>
>In the case if the directory is NOT a mount point:
>This is done either from the command-line with `chmod' or if you want this
>as a default, create a startup script in your /etc/init.d/
>directory and make sure it's executed at the right run-level.
>[depends on your GNU/Linux distro]. That way everytime your
>system starts-up the directory is set to the right permissions.
>
>If the directory is a mountpoint, umount and remount it with the
>permissions. /etc/fstab
>
>If you use samba, php, apache or any other deamon program to access your
>files set the file mask permissions in those programs correctly. And make
>sure the user & group settings under which these programs run on your
>system have the right permissions todo so.
[...]

J --

While everythig you've written here is quite correct, I think you 
misunderstood Mike's question. He's looking, I believe, for the same thing 
Eve is ... a way to cause all files written to a particular directory, no 
matter by whom, to have some particular mode ("default permissions") that 
is defined independently of the account doing the creation (so the 
bash-based umask won't serve his purpose). In effect, he wants to set a 
default umask not for a user but for a directory.

I have never run across any way to do this directly in Linux (or Unix). If 
the files are all being created (or transferred) via some specific program, 
there *might* be a way to set a default umask for that program (as samba 
does, for example ... do you know if any ftp and scp servers offer this 
capability? wu-ftpd lists a -u switch, but I don't see anything for stock 
sshd, which seems to use the uid's umask). But that's still different from 
the directory itself.

Eve's proposed approach ... the cron script ... may seem a bit clunky at 
first glance, but I suspect it really is the best solution for her, and 
perhaps for Mike and anyone else who needs this capability.

Or am I missing something? I always feel on safer ground when explaining 
how something *can* be done then when I say something *cannot* be done. 
Still, something "no way" really is the correct answer.


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

RE: Simple script to set permissions on folders daily - write script and cron it?

[Mike Turcotte]

For since this will be taking place on my file server with most files
being accessed through SMB, I think I will just take the approach of
setting the mask values in smb.conf. In my case that would probably be
the best bet to get what I want. It just sucks when someone creates a
folder to put music in, and no one else can add to that folder without
root going in and changing permissions.

Thanks,

Michael Turcotte
Information Systems
City of North Bay
200 McIntyre St. E
PO Box 360
North Bay, Ontario
P1B 8H8
 
Mike.Turcotte@cityofnorthbay.ca
http://www.cityofnorthbay.ca 

> -----Original Message-----
> From: linux-newbie-owner@vger.kernel.org [mailto:linux-newbie-
> owner@vger.kernel.org] On Behalf Of Ray Olszewski
> Sent: Tuesday, March 29, 2005 1:21 PM
> To: linux-newbie@vger.kernel.org
> Subject: RE: Simple script to set permissions on folders daily - write
> script and cron it?
> 
> At 07:02 PM 3/29/2005 +0200, J. wrote:
> >On Tue, 29 Mar 2005, Mike Turcotte wrote:
> >
> > > That would be great if someone knew and could tell us how to set
> default
> > > permissions on a specific directory.
> >
> >In the case if the directory is NOT a mount point:
> >This is done either from the command-line with `chmod' or if you want
> this
> >as a default, create a startup script in your /etc/init.d/
> >directory and make sure it's executed at the right run-level.
> >[depends on your GNU/Linux distro]. That way everytime your
> >system starts-up the directory is set to the right permissions.
> >
> >If the directory is a mountpoint, umount and remount it with the
> >permissions. /etc/fstab
> >
> >If you use samba, php, apache or any other deamon program to access
your
> >files set the file mask permissions in those programs correctly. And
make
> >sure the user & group settings under which these programs run on your
> >system have the right permissions todo so.
> [...]
> 
> J --
> 
> While everythig you've written here is quite correct, I think you
> misunderstood Mike's question. He's looking, I believe, for the same
thing
> Eve is ... a way to cause all files written to a particular directory,
no
> matter by whom, to have some particular mode ("default permissions")
that
> is defined independently of the account doing the creation (so the
> bash-based umask won't serve his purpose). In effect, he wants to set
a
> default umask not for a user but for a directory.
> 
> I have never run across any way to do this directly in Linux (or
Unix). If
> the files are all being created (or transferred) via some specific
> program,
> there *might* be a way to set a default umask for that program (as
samba
> does, for example ... do you know if any ftp and scp servers offer
this
> capability? wu-ftpd lists a -u switch, but I don't see anything for
stock
> sshd, which seems to use the uid's umask). But that's still different
from
> the directory itself.
> 
> Eve's proposed approach ... the cron script ... may seem a bit clunky
at
> first glance, but I suspect it really is the best solution for her,
and
> perhaps for Mike and anyone else who needs this capability.
> 
> Or am I missing something? I always feel on safer ground when
explaining
> how something *can* be done then when I say something *cannot* be
done.
> Still, something "no way" really is the correct answer.
> 
> 
> -
> To unsubscribe from this list: send the line "unsubscribe
linux-newbie" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.linux-learn.org/faqs
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

RE: Simple script to set permissions on folders daily - write script and cron it?

[J.]

On Tue, 29 Mar 2005, Mike Turcotte wrote:

> For since this will be taking place on my file server with most files
> being accessed through SMB, I think I will just take the approach of
> setting the mask values in smb.conf. In my case that would probably be
> the best bet to get what I want. It just sucks when someone creates a
> folder to put music in, and no one else can add to that folder without
> root going in and changing permissions.
>
> Thanks,
> 
> Michael Turcotte

You are absolutely right about that music accessing ;-) The default system
umask values in combination with the smb.conf file mask settings is the
right way. Maybe in some setup you will have to create an extra user
account, but for most systems this is not nessescary..

Don't forget to create an user account for every windows user:
smbpasswd -a user
-a user        # user add
-e user        # user enable

make sure the smb deamon is running with the correct rights to make
it do want you want it todo.

If you want to mount your linux dir as a share at your windows pc, you
could do from the wintendo:
net use Disk_name: \\pc_name\dir passwd

or viceversa
mount -w -t smbfs -o username=user,password=passwd //host/c /mnt/c

G00dLucK.....

J.

> Information Systems
> City of North Bay
> 200 McIntyre St. E
> PO Box 360
> North Bay, Ontario
> P1B 8H8
>  
> Mike.Turcotte@cityofnorthbay.ca
> http://www.cityofnorthbay.ca 
> 
> > -----Original Message-----
> > From: linux-newbie-owner@vger.kernel.org [mailto:linux-newbie-
> > owner@vger.kernel.org] On Behalf Of Ray Olszewski
> > Sent: Tuesday, March 29, 2005 1:21 PM
> > To: linux-newbie@vger.kernel.org
> > Subject: RE: Simple script to set permissions on folders daily - write
> > script and cron it?
> > 
> > At 07:02 PM 3/29/2005 +0200, J. wrote:
> > >On Tue, 29 Mar 2005, Mike Turcotte wrote:
> > >
> > > > That would be great if someone knew and could tell us how to set
> > default
> > > > permissions on a specific directory.
> > >
> > >In the case if the directory is NOT a mount point:
> > >This is done either from the command-line with `chmod' or if you want
> > this
> > >as a default, create a startup script in your /etc/init.d/
> > >directory and make sure it's executed at the right run-level.
> > >[depends on your GNU/Linux distro]. That way everytime your
> > >system starts-up the directory is set to the right permissions.
> > >
> > >If the directory is a mountpoint, umount and remount it with the
> > >permissions. /etc/fstab
> > >
> > >If you use samba, php, apache or any other deamon program to access
> your
> > >files set the file mask permissions in those programs correctly. And
> make
> > >sure the user & group settings under which these programs run on your
> > >system have the right permissions todo so.
> > [...]
> > 
> > J --
> > 
> > While everythig you've written here is quite correct, I think you
> > misunderstood Mike's question. He's looking, I believe, for the same
> thing
> > Eve is ... a way to cause all files written to a particular directory,
> no
> > matter by whom, to have some particular mode ("default permissions")
> that
> > is defined independently of the account doing the creation (so the
> > bash-based umask won't serve his purpose). In effect, he wants to set
> a
> > default umask not for a user but for a directory.
> > 
> > I have never run across any way to do this directly in Linux (or
> Unix). If
> > the files are all being created (or transferred) via some specific
> > program,
> > there *might* be a way to set a default umask for that program (as
> samba
> > does, for example ... do you know if any ftp and scp servers offer
> this
> > capability? wu-ftpd lists a -u switch, but I don't see anything for
> stock
> > sshd, which seems to use the uid's umask). But that's still different
> from
> > the directory itself.
> > 
> > Eve's proposed approach ... the cron script ... may seem a bit clunky
> at
> > first glance, but I suspect it really is the best solution for her,
> and
> > perhaps for Mike and anyone else who needs this capability.
> > 
> > Or am I missing something? I always feel on safer ground when
> explaining
> > how something *can* be done then when I say something *cannot* be
> done.
> > Still, something "no way" really is the correct answer.
> > 
> > 
> > -
> > To unsubscribe from this list: send the line "unsubscribe
> linux-newbie" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at  http://vger.kernel.org/majordomo-info.html
> > Please read the FAQ at http://www.linux-learn.org/faqs
> -
> To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.linux-learn.org/faqs
> 

Tuesday, March 29 20:34:40



--
http://www.rdrs.net/

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

RE: Simple script to set permissions on folders daily - write script and cron it?

[J.]

On Tue, 29 Mar 2005, Ray Olszewski wrote:

> At 07:02 PM 3/29/2005 +0200, J. wrote:
> >On Tue, 29 Mar 2005, Mike Turcotte wrote:
> >
> > > That would be great if someone knew and could tell us how to set default
> > > permissions on a specific directory.
> >
> >In the case if the directory is NOT a mount point:
> >This is done either from the command-line with `chmod' or if you want this
> >as a default, create a startup script in your /etc/init.d/
> >directory and make sure it's executed at the right run-level.
> >[depends on your GNU/Linux distro]. That way everytime your
> >system starts-up the directory is set to the right permissions.
> >
> >If the directory is a mountpoint, umount and remount it with the
> >permissions. /etc/fstab
> >
> >If you use samba, php, apache or any other deamon program to access your
> >files set the file mask permissions in those programs correctly. And make
> >sure the user & group settings under which these programs run on your
> >system have the right permissions todo so.
> [...]
> 
> J --
> 
> While everythig you've written here is quite correct, I think you 
> misunderstood Mike's question. He's looking, I believe, for the same thing 
> Eve is ... a way to cause all files written to a particular directory, no 
> matter by whom, to have some particular mode ("default permissions") that 
> is defined independently of the account doing the creation (so the 
> bash-based umask won't serve his purpose). In effect, he wants to set a 
> default umask not for a user but for a directory.

If that's the case I have mis-understood the question indeed. But.. then
there is something wrong in her approach to this problem because it's a
user-access problem, not a directory problem.

> I have never run across any way to do this directly in Linux (or Unix). 

The problem is that the directory needs constant monitoring if it's
accessed. That can be done from C by a lock. But it's not to be done like
that from the default system toolset.. That is.. However what can be done
is to use the directory as a mountpoint. That way you can mount it with
specific rights.

> If 
> the files are all being created (or transferred) via some specific program, 
> there *might* be a way to set a default umask for that program (as samba 
> does, for example ... do you know if any ftp and scp servers offer this 
> capability? wu-ftpd lists a -u switch, but I don't see anything for stock 
> sshd, which seems to use the uid's umask). But that's still different from 
> the directory itself.

Before answering this. Ask the question: Is the program which creates the
files running in as a subshell ? Like Ftp.. If so than there are 2
options. The program config... Or.. systemwide shell config. That's why
for example chroot is such an issue with ftp, ssh.. accounts.

Anyway. 
Proftpd does `umask' .
Umask			022
apache does umask.. 
umask                   007

The problem with ssh and umask:
The secure shell client needs to do several things before running the
connection on a remote host. One is to set a default umask of 022, which
makes the files writable by the owner only, but world readable. Because
the modes are not set explicitly, this provides a basic default set of
permissions of the files. In addition, the secure shell client needs to
set an effictive UID because it runs as root [suid bit is on] when
executed. The secure shell uses an effective UID bit for executing
commands on the remote host, as opposed to the real uid, which is defined
on the local host. Next the secure shell client has to read the confi
files. The first config file it reads are the user config files... And
then the system-wide files are read. When a connection is opened to the
remote host the only time the secure shell client needs root privileges is
for rhosts authentication. But the SUID bit is ..NOT.. set for scp and
sftp for example.. 

Now... I would go for a good solid shell umask and a chroot if I had
non-family members accessing my system thru ssh.. ;-) 
[not mafia here b.t.w ;-)] 

> Eve's proposed approach ... the cron script ... may seem a bit clunky at 
> first glance, but I suspect it really is the best solution for her, and 
> perhaps for Mike and anyone else who needs this capability.

Sorry, but I still can't understand why the files don't have the right
permissions right from the beginning ? 
One: startup script
Two: program config

If she has several users with a
passwd to her system, and she only want's them to access the two
directorys she could very easy make the two users share their
homedirectorys and then set the umask value for those two users.

That way you will always have a buffer inbetween the people from the
outside and the inside of the Ehmm.. `world' ;-)

Or use symlinks to a target directory somewhere else with the correct
Sticky bit rights. Possibilities enough without creating CPU cycles.

> Or am I missing something? I always feel on safer ground when explaining 
> how something *can* be done then when I say something *cannot* be done. 
> Still, something "no way" really is the correct answer.

I am not quite to sure about me here anymore either..
B.t.w. 
Thankx for all that keyboard typing.... ;-) 

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs