Question on file mode 777

Printable View

10-04-2007, 12:13 AM
unix

Question on file mode 777

Is that possible to set all files' mode to 777 automatically ?
My problem was there is a specific directory in which any apps can
create their app-related files. Different users from different groups
need to come in and do the read/write to the files. Read operation is
okay; problem is with the write.
Is there any UNIX setup to achieve this or other way to get it done?

My requirement is change the file to 777 automatically once file is
successfully landed in the directory. This way user from different
group can write to the file that someone created successfully.

Thanks in advance
10-04-2007, 12:13 AM
unix

Re: Question on file mode 777

pyi thar wrote:[color=blue]
> Is that possible to set all files' mode to 777 automatically ?
> My problem was there is a specific directory in which any apps can
> create their app-related files. Different users from different groups
> need to come in and do the read/write to the files. Read operation is
> okay; problem is with the write.
> Is there any UNIX setup to achieve this or other way to get it done?
>
> My requirement is change the file to 777 automatically once file is
> successfully landed in the directory. This way user from different
> group can write to the file that someone created successfully.
>
> Thanks in advance
>[/color]

Seems like you are planning a mess.
Have you thought about how to avoid different processes and users
messing up each others files, be it by accident or intention?

Some helpful direction could be:
Let users of one group create the files (with mode 755 e.g.) and write
to and then close them and "chown" them to a different group (which they
also have to be members of) when they are finished. That second group of
users could then do their own modifications, being able to identify the
files that are ready for them by the files' group id.

If you want to stick to your original plan, have a look at the umask
command or system call, and prepare yourself for shooting your foot.
10-04-2007, 12:13 AM
unix

Re: Question on file mode 777

Joachim Gann написа:[color=blue]
> pyi thar wrote:[color=green]
> > Is that possible to set all files' mode to 777 automatically ?
> > My problem was there is a specific directory in which any apps can
> > create their app-related files. Different users from different groups
> > need to come in and do the read/write to the files. Read operation is
> > okay; problem is with the write.
> > Is there any UNIX setup to achieve this or other way to get it done?
> >
> > My requirement is change the file to 777 automatically once file is
> > successfully landed in the directory. This way user from different
> > group can write to the file that someone created successfully.
> >
> > Thanks in advance[/color][/color]

Hi,
First, as noted above, never put 777 to file/directory.
Now, about your problem. I think you can at least higher the security a
little in your scenario. Create a group and assign all the users you
want to be able to change the files in this specific directory as
members of this group. Second - change the group owner of the directory
to this newly created group
chown user:group dir_name
Third - set SVTX permission bit to this directory -
chmod +t dir_name
Now, everybody can change the files, but at least cannot remove them
unless he is the owner of the file or the directory. If you want to be
sure that everybody is able to read/write the files - set also SGID to
the directory -
chmod g+s dir_name
That way every newly created file will have effective group owner the
same, as the group owner of the directory, that the file reside in.
Finally, you have to assure that every newly created file will have the
77* permission - to do this change default umask value . Also, if you
have any existing users, that have umask value different than 77*, and
these users will need to read/write in this direcotyr, change them
also. If you have something unclear or you are not sure how to do
something, just write here.
Also, performing the actions described above will not prevent user
member of the group same as the group of the directory, to delete all
contents of a file, leaving it empty :-) This kind of considers my post
as unneeded.... But at least it prevents you from assigning the **7
permission bit for others - something VERY unwise.