2
I need 2 Linux users to share a folder. Within this folder, users should always be able to create files and sub-folders and write into any sub-folder (whether they own it or not). However, they should only be able to edit the files they actually own.
I have tried using the sticky bit and ACLs but am still struggling.
Jonathan Hult
Posted 2011-08-14T19:26:28.687
Reputation: 215
3
This cannot be reliably done with POSIX ACLs – if you make subdirectories writable by default, files will also become writable by default.
To allow creation of files, give write rights (rwx) to the directory. "Default ACLs" can help with this: set d:g:twousers:rwX on the directory (assuming both users are in the twousers group), and all newly created items will inherit that.
To forbid modification of other users' files, do nothing. The standard umask setting (022) already ensures that newly created files will only be writable by the owner (rw/r/r).
However, if the directory has "default ACLs" set as in #1, these ACLs will be added to newly created files too.
(Remember, though, that only the owner can change (chmod) a file's permissions. So other users cannot make a file writable if it isn't already.)
To forbid deletion of other users' files, set the sticky bit on the directory. It cannot be inherited, unfortunately.
As you can see, points #1 and #2 conflict (default ACLs apply to all objects regardless of type).
You could sort of achieve this by teaching users to chmod +t,g+w every new directory they create, but this is not particularly reliable.
A solution would be to use NFSv4 ACLs , which can be marked as inheritable by files only or directories only. Unfortunately, they are not supported by Linux natively, requiring kernel patches to be applied. If you're into that stuff, nfs4acl and ngacl are two implementations.
One place in which Windows does the job better.
user1686
Posted 2011-08-14T19:26:28.687
Reputation: 283 655