1

In myscript I have a line that does this :

chmod 660 somefile_given_as_argument_to_myscript

I gave the members of a group the right to exectute the script. (chmod 770 myscript) but when they execute the script on a file that belongs to me, it fails because they don't have the permission to change that file.

Can I add something to my script to give any member of the group the right to modify the permissions of any file that belongs to any member of the group?

EDIT

As requested by some, I will precise why I want to do that. My ultimate goal is to allow any member of a group to read write any file in a given directory. I already posted another question but for now no good answer was given. I then thought that it would be possible for any user the change permission so that any member of the group could read write any file. But this does't work because one user cannot change permission of a file that belongs to someone else... The problem I have in my other post is that files that are created outside the shared directory and then moved/copied inside, don't have the right permission (I already changed the ACL of the shared directory).

Community
  • 1
PinkFloyd
  • 429
  • Normally you can't chmod a file that doesn't belong to you. See here: http://superuser.com/questions/274756/chmod-if-i-am-not-root-file-owner One solution would be to expose a read-only setuid executable to your group members. This executable could then wrap chmod calls as if you were doing them. – Brandin Mar 06 '15 at 13:41
  • @Brandin, thx but can you be more precise ? I don't really understand... do you mean that I should call chmod g+s on my executable that wrap chmod – PinkFloyd Mar 06 '15 at 14:27
  • Yes, if you want to be potentially unsafe/hackable, you can copy the system chmod into your home directory, set the setuid bit on that, and let your other team access it so that they can change permissions with it. e.g. cp /bin/chmod /pub/floyds_files/floydmod; chown floyd:wallteam chmod a+s,g+x,o-x floydmod Now your wallteam can run floydmod, which is the same as running chmod as you – Brandin Mar 06 '15 at 17:28
  • typos in above example -- it should be more like cp /bin/chmod /pub/floyds_files/floydmod; chown floyd:wallteam /pub/floyds_files/floymod; chmod a+s,g+x,o-x /pub/floyds_files/floydmod – Brandin Mar 06 '15 at 17:35
  • 2
    You can't chmod files you don't own. There is also no reason to do so. Please [edit] your question and explain what your final objective is, explain why you want to change the permissions. There is probably a better way to do it. – terdon Mar 06 '15 at 23:27
  • @terdon: thanks for your answer. I updated my question to precise my goals. – PinkFloyd Mar 09 '15 at 07:57
  • Would it be acceptable to instead run a script to watch this shared directory for changes and call chmod on any appearing files? – dhag Mar 09 '15 at 15:34
  • @dhag would this script be able to change the permission for files belonging to any member of the group ? – PinkFloyd Mar 10 '15 at 08:38
  • Yes, such a script would work on any user's files, provided you run it as root. I was thinking of using inotifywait; I will post an answer if this is relevant (this assumes Linux). – dhag Mar 10 '15 at 13:26
  • @dhag thx for your idea... but I don't have the root privileges... – PinkFloyd Mar 10 '15 at 16:34

2 Answers2

0

what you are looking for is umask(1)

In you case try umask 007 which will create file with no access to other.

Do you really need +x bit ?

Archemar
  • 31,554
-1

The chmod command supports a s-flag: set user or group ID on execution (s). Formerly that was possible even on scripts, though newer Unixes disallow it on scripts for security reasons, so it may or may not fit in your environment.

Janis
  • 14,222
  • 2
    setuid does not normally work on shell scripts. See here for more info http://unix.stackexchange.com/questions/364/allow-setuid-on-shell-scripts – Brandin Mar 06 '15 at 13:38
  • Right, how could I forget that. Probably because it was possible a few decades ago. – Janis Mar 06 '15 at 13:41
  • (hi Janis, welcome to Unix.SE BTW. Note that one advantage of SE over usenet is that one can more easily delete/amend one's answers) – Stéphane Chazelas Mar 09 '15 at 15:06
  • Thanks for the welcome. I wanted to delete this answer but saw it would require five persons to do so. (I'll add some text now, but it probably would be better to just have it deleted.) – Janis Mar 09 '15 at 15:50