On 2007-11-05, Stefan Palme <kleiner@hora-obscura.de> wrote: > > Hi all, > > have the following setup: > > - two groups zope and users > - an user zope in group zope > - an user a in group users (main group) and in group zope > - an user b in group users (main group) and in group zope > > A directory /var/lib/zope has following permissions: > > drwxrwsr-x zope zope /var/lib/zope > > So it is writable by all users in group zope, and a files > created here will also be owned by group zope. > > When user b creates a file here, it will get the following > permissions: > > -rw-r--r-- b zope /var/lib/zope/a_file > > > As a result, user a will not be able to modify this file. > > How can I achieve this? > > > Some things I already have thought of: > > 1) A possible solution would be to automatically set the > g+w bit to newly created files. Is there any such mechanism > (like the +s bit for automatically setting the group)? > A cron job could run at regular intervals to set the permissions of all files in that directory. Make sure that it only works on plain files and directories, not links. > 2) Another solution would be to automatically set the owner > of the file to "zope" instead of "b". But this does not > work (at least not by simply setting the u+s bit on the > directory). > And even *if* this worked, user b could not edit this file > afterwards, because the g+w bit is still now set... > > I explicitly do not want to set umask for users a and/or b > to something like 0002... > On some Linux systems, each user has his/her own group. Changing the umask would not be a problem in that case. > Any hints? > Thanks and regards > -stefan- >