Getting the hang of Linux file-system permissions can be tricky for beginners. I still have problems every now and again translating symbolic permission notation to octal permission notation and back again. One common scenario which can be complicated to enact in practice is the creation of default permissions for files inside of given directories. Although not a direct translation, in Windows this sort of functionality is usually implemented by selecting the "Allow propagation on child objects" setting when viewing Security Properties for a directory. But how to get this done in Linux?
The preferred approach is the use of Access Control Lists using setfacl. Since Linux kernel 2.6, the acl flag is enabled by default with most standard filesystems. There's already several solid explanations for how to use Linux ACLs. But, there are scenarios in which this can be difficult or impossible to implement; using exotic filesystems or older kernels, etc. Or you just might find ACL syntax confusing and try to avoid it unless absolutely needed. Whatever the reason, if all you need is to have all files in a given directory owned by a specific group and/or assigned a specific set of permissions, here's a down and dirty way to do it using a set-group-id bit.
umask 002 /somedirectory/ ### With this mask default subdirectory permissions are 775
### and default file permissions are 664 (-rw-rw-r--)
chgrp somegroup /somedirectory/ ### here we assign our preferred group
chmod g+s /somedirectory/ ### here we assign a set-group-id bit to the directory
Keep in mind that the umask in this example is pretty wide open. If you're not familiar with umask, take a look at one of the many guides floating around. I am much more likely to use a umask of 022 or 077 in production than the above example.
Earlier this week a young government contractor named Reality Winner was accused by police of leaking an internal NSA document to news outle...
Those following Cryptome on Twitter saw some messages that were a little nerve-wracking yesterday. The flood of torrents attributed to Cr...
UPDATE March 1st, 2017 : I'm glad to see that people are finding this helpful, and thanks to everyone that has contacted me here or via ...
Click here for the second post on this topic, which includes more detailed technical information. Hector Monsegur, formerly sabu of Lulzse...