June 10, 2009

Unix shared directory permissions: GUID and umask

Posted in Software at 20:11 by graham

I setup my Mercurial repository in the same way we used to do CVS, then SVN: A directory owned by a group, with the GUID bit, and all users who need to commit are in that group.

The steps are, create the group and add relevant users to it:

sudo groupadd topsecretgroup
sudo usermod -a -G topsecretgroup graham

Change the project directory to be owned by that group, and accessible by no-one else:

cd topsecretproject/
sudo chown graham:topsecretgroup -R .
sudo chmod g=u,o= -R .

Set the GUID bit on all the directories, so that new files and directories are created owned by the group:

find . -type d | sudo xargs chmod g+s

Change the umask for everyone, so that new files are created with read and write permissions for the group:

sudo vim /etc/profile

Change umask 022 to umask 002

The last part, changing the umask, isn’t ideal. It works on Debian and Ubuntu, because every user has their own group. I would rather a more focused solution, just for that directory – suggestions welcome.

References:

Mercurial and permissions Multiple Committers Change Ubuntu global umask Collaboration models

2 Comments »

  1. Jay Goldberg said,

    September 29, 2011 at 12:20

    According to some Ubuntu posts, the proper way to get a granular umask is to use access control lists or acls.

    http://ubuntuforums.org/showthread.php?t=1400084

    Control the director acls using the setfacls command and be sure to mount the filesystem with the ‘acl’ as a mount option in /etc/fstab.

  2. software development said,

    October 20, 2009 at 16:03

    Quite inspiring,

    This is some really helpful advice, thanks for sharing

    Keep up the good work

    http://www.geeks.ltd.uk/

Leave a Comment

Note: Your comment will only appear on the site once I approve it manually. This can take a day or two. Thanks for taking the time to comment.