June 10, 2009
Unix shared directory permissions: GUID and umask
I setup my Mercurial repository in the same way we used to do CVS, then SVN: A directory owned by a group, with the GUID bit, and all users who need to commit are in that group.
The steps are, create the group and add relevant users to it:
sudo groupadd topsecretgroup
sudo usermod -a -G topsecretgroup graham
Change the project directory to be owned by that group, and accessible by no-one else:
cd topsecretproject/
sudo chown graham:topsecretgroup -R .
sudo chmod g=u,o= -R .
Set the GUID bit on all the directories, so that new files and directories are created owned by the group:
find . -type d | sudo xargs chmod g+s
Change the umask for everyone, so that new files are created with read and write permissions for the group:
sudo vim /etc/profile
Change umask 022
to umask 002
The last part, changing the umask, isn’t ideal. It works on Debian and Ubuntu, because every user has their own group. I would rather a more focused solution, just for that directory – suggestions welcome.
References:
Mercurial and permissions Multiple Committers Change Ubuntu global umask Collaboration models
Jay Goldberg said,
September 29, 2011 at 12:20
According to some Ubuntu posts, the proper way to get a granular umask is to use access control lists or acls.
http://ubuntuforums.org/showthread.php?t=1400084
Control the director acls using the setfacls command and be sure to mount the filesystem with the ‘acl’ as a mount option in /etc/fstab.
software development said,
October 20, 2009 at 16:03
Quite inspiring,
This is some really helpful advice, thanks for sharing
Keep up the good work
http://www.geeks.ltd.uk/