0

I am creating directories in a shell script with below permissions

chmod -R 770 /user/mydir
chown -R user:mygroup /user/mydir
chown -R g+s /user/mydir

However whenever I am creating a new directory under /user/mydir, I am getting permission as drwxrwsr-x. For directory and if I am creating any new file under it, I am seeing permission on file as -rw-rw-r--. But it should be -rwxrwx---, because I am giving chmod 770. I am not sure what I am doing wrong, please help me in solving the issue.

Rahul
  • 503
  • 1
    What is the output of running umask? How are you creating the files? Please edit your question to include this information. t is normal not to have x permissions on files if they are not intended to be executed. – icarus Aug 30 '19 at 15:24
  • @icarus that other question seems to be about how umask affects the mode. However this is about sgid and mode. – ctrl-alt-delor Aug 30 '19 at 15:37
  • 4
    Do you have a g+s user? Is it even a valid username on your system? –  Aug 30 '19 at 16:21
  • @mosvy setting properties on /user is not needed. If it were then you would have to set it all the way down. The problem is that sgid does not affect the mode. There is a solution below involving facls. – ctrl-alt-delor Aug 30 '19 at 16:48
  • 4
    @ctrl-alt-delor the OP is just trying to recursively set the owner to a user named "g+s". –  Aug 30 '19 at 17:14
  • @mosvy good spot. But not trying (this is not there intention), but they are doing. However fixing that, will not fix their problem (try it). – ctrl-alt-delor Aug 30 '19 at 17:25
  • 1
    @ctrl-alt-delor I still read it as a umask question - "I am seeing permission on file as -rw-tw-r--, but it should be -rwxrwx---" which suggests a umask of 002 and whatever is creating the file having a create mask of 0666. sgid on a directory tends to just preserve the group on created files in the directory although it is up to the filesystem to decide the exact meaning. – icarus Aug 30 '19 at 17:43
  • @Icarus yes you have outlined the problem exactly. And one solution (control the umask of every user on your system. Unfortunately this can only be done with co-operation. And you may need a different umask in a different situation.) Another solution, that does not have these problems, is FACLs. Note the user is not wishing to manipulate umasks (that was just the tool that they tried). What they want is for a particular permission to apply to all new files. – ctrl-alt-delor Aug 30 '19 at 19:44
  • @ctrl-alt-delor I don't see anything that suggests Rahul is unwilling to alter his umask. If the question is "I want every new file to have mode 0770 in this directory tree", then I suggest it is an https://meta.stackexchange.com/questions/66377/what-is-the-xy-problem/66378 – icarus Aug 30 '19 at 22:46
  • @icarus I don't see where I said unwilling. I only said that the OP has a goal. So changing the umask, can be a solution. But you will have to change it for every user (that writes to this directory), and enforce it, and hope that you don't have a reason (elsewhere), to have a different one. – ctrl-alt-delor Sep 01 '19 at 08:49
  • @ctrl-alt-delor "I don't see where I said unwilling" see "Note the user is not wishing to manipulate umasks". The problem is it is not clear what the OP actually is asking for, we have different interpretations and my request for the OP to clarify has gone unanswered. – icarus Sep 01 '19 at 22:39
  • @icarus I agree that OP would do well to clarify. However I do not disagree with your interpretation: You have done a task based interpretation. I have done a goal based interpretation (With goal based, you can change the task). – ctrl-alt-delor Sep 02 '19 at 17:29

1 Answers1

1

Set gid on directories only sets the group, not the mode.

You will need file access control lists. see What are the different ways to set file permissions etc on gnu/linux

setfacl -R -m o:-,d:o:- «dir-name»

Explanation:

  • setfacl is used to set the facl (file access control list).
  • -R recurs through existing child files.
  • -m to modify the list
  • o:- set other to all clear
  • d:o:- set default for other to all clear.

You can also get the effect of sgid, and ensure that the user always has permission (no mater the owner).

setfacl -R -d -m u:user:rwx,g:mygroup:rwx,o:- «dir-name»
setfacl -R    -m u:user:rwx,g:mygroup:rwx,o:- «dir-name»
ctrl-alt-delor
  • 27,993