为 Linux 目录下新创建的文件和子目录设置默认权限?

我有一些长时间运行的脚本和应用程序,它们将输出结果存储在少数用户共享的目录中。我希望有一种方法可以确保在这个共享目录下创建的每个文件和目录都自动拥有 u=rwxg=rwxo=r权限。

我知道我可以在各种脚本的前端使用 umask 006,但是我不喜欢这种方法,因为许多用户编写自己的脚本,并且可能忘记自己设置 umask。

我真的只是希望文件系统设置新创建的文件和目录,如果它在一个特定的文件夹中,具有一定的权限。这有可能吗?

更新 : I 好好想想它可以用 POSIX ACL完成,使用默认的 ACL 功能,但是目前这有点超出我的理解范围。如果有人能够解释如何使用默认 ACL,它可能会很好地回答这个问题。

229405 次浏览
小开
最佳答案

To get the right ownership, you can set the group setuid bit on the directory with 

chmod g+rwxs dirname

This will ensure that files created in the directory are owned by the group. You should then make sure everyone runs with umask 002 or 007 or something of that nature---this is why Debian and many other linux systems are configured with per-user groups by default.

I don't know of a way to force the permissions you want if the user's umask is too strong.

小开

It's ugly, but you can use the setfacl command to achieve exactly what you want.

On a Solaris machine, I have a file that contains the acls for users and groups. Unfortunately, you have to list all of the users (at least I couldn't find a way to make this work otherwise):

user::rwx
user:user_a:rwx
user:user_b:rwx
...
group::rwx
mask:rwx
other:r-x
default:user:user_a:rwx
default:user:user_b:rwx
....
default:group::rwx
default:user::rwx
default:mask:rwx
default:other:r-x

Name the file acl.lst and fill in your real user names instead of user_X.

You can now set those acls on your directory by issuing the following command:

setfacl -f acl.lst /your/dir/here
小开

Here's how to do it using default ACLs, at least under Linux.

First, you might need to enable ACL support on your filesystem. If you are using ext4 then it is already enabled. Other filesystems (e.g., ext3) need to be mounted with the acl option. In that case, add the option to your /etc/fstab. For example, if the directory is located on your root filesystem:

/dev/mapper/qz-root   /    ext3    errors=remount-ro,acl   0  1

Then remount it:

mount -oremount /

Now, use the following command to set the default ACL:

setfacl -dm u::rwx,g::rwx,o::r /shared/directory

All new files in /shared/directory should now get the desired permissions. Of course, it also depends on the application creating the file. For example, most files won't be executable by anyone from the start (depending on the mode argument to the open(2) or creat(2) call), just like when using umask. Some utilities like cp, tar, and rsync will try to preserve the permissions of the source file(s) which will mask out your default ACL if the source file was not group-writable.

Hope this helps!

小开

in your shell script (or .bashrc) you may use somthing like:

umask 022

umask is a command that determines the settings of a mask that controls how file permissions are set for newly created files.

小开

I don't think this will do entirely what you want, but I just wanted to throw it out there since I hadn't seen it in the other answers.

I know you can create directories with permissions in a one-liner using the -m option:

mkdir -m755 mydir

and you can also use the install command:

sudo install -C -m 755 -o owner -g group /src_dir/src_file /dst_file

提交答案