Default Owner New File

[smithsm]

Is there any way in Leopard to set the owner of a file created in a directory to be the owner of the directory.
In other unixes, setting the uid bit on a directory will accomplish this.
chmod u+s.

This does not appear to work in Leopard. Leopard seems to ignore this.

Looking at the access control lists I don’t see a way to do this. I though that there might be an inheritance setting that does it but
I can’t figure it out. Anyone know if this is possible?

In other unixes that support acls the setfacl command has a default parameter that allows this
http://www.udel.edu/topics/os/unix/general/groupsharing.html

but Leopard doesn’t support setfacl.

It seems that in leopard the owner of a new file is always the owner of the application or shell that created the file.
This means that for shared folders only the group can get a default setting.

[smithsm]

I have a shared directory with a local copy on my machine and another copy on an AFP server. The problem arises when I synchronize the directory with a copy on an AFP Server. The synchronize program runs as root and so whenever it creates files on the local copy it gets owner of root. Which means I can’t change them unless I sudo or manually chown. If the owner defaulted to admin I wouldn’t have to give default write permissions to group.

I finally figured out that in Leopard I can set default write permission using the global umask of 002 using launchd.conf (since NSUmask no longer works) so that new directories and files have group write permissions by default. I can therefore give admin default write privilieges to the directory but I am concerned about loosening up permissions on everything in my system to group write using launchd.conf. If I could force owner to be admin then I wouldn’t have to allow group write permissions everywhere.

I suppose using ACLs with inheritance that I can give default give group write permissions to new files in a given set of directories only, so that would be an alternative. Which means I wouldn’t need to default ownership, but it would be nice to know, nonetheless, if only for the sake of curiosity. I couldn’t find any hints anywhere that showed how to do it for Leopard so I figured if anyone knew how to do it this forum would.

Also this does not help when moving in files created somewhere else. I suppose there is no way to automagically default change the owner or even group of a file moved into a directory.

[Eden.Nelson]

Here is what I would do

I would have a script like this run from launchd or cron every [i]n[/i] minutes.
[code]
#!/bin/bash –
# /usr/local/bin/fixpermissions.sh
# Eden Nelson – 4/14/08
#set -vx

SHAREPOINTPATH=”/Users/Shared”
CHMODMODE=”775″
CHMODUSER=”root”
CHMODGROUP=”wheel”

chown -R “$CHMODUSER”:”$CHMODGROUP” “$SHAREPOINTPATH”
chmod -R “$CHMODMODE” “$SHAREPOINTPATH”

exit
[/code]
Use a launchd manifiest to this effect.
[code]


Label
com.edennelson.fixpermissions
ProgramArguments

/usr/local/bin/fixpermissions.sh

RunAtLoad
ServiceDescription
Fix permissions on share point
StandardOutPath
/dev/null
StartInterval
3600
[/code]

[smithsm]

The problem with rsync is that it only copies one way, it doesn’t do 2 way synchronization.

I will try the ACL for admin to do everything.

I guess the answer to my last question is that there is no way to set a default owner in Leopard only the group can be defaulted?

[smithsm]

Looks like a cron or launchd script is the only way that works since ACLs are not inherited by GUI applications. ACLs are only inherited by shell apps and the Finder. Which means that I can get any kind of ownership and permissions inside the shared folder.

I set up a local directory to test out the ACL approach

$ chmod +a “group:admin allow read,write,delete,append,execute,list,search,add_file,add_subdirectory,delete_child,file_inherit,directory_inherit” test

I made admin the owner and group for the test directory

drwxrwxr-x+ 15 admin admin 510 Apr 15 15:35 test

my bash shell umask is 002
I removed the umask from /etc/launchd.conf so the default system umask for gui apps is 022 which means group has no write permissions

Anything (file or directory) I create inside test using a shell command has group of admin and inherits the ACL from test so admin has write permissions

Folders created by finder inherit the ACL. So far so good. Files drag and dropped into the directory by Finder will at least inherit group from the directory
but won’t inherit the ACL (expected).

What suprised me is that files created by some Apple GUI apps do not necessarily inherit the ACL. The Apple GUI apps Text Edit and Preview for example. Not only do they not inherit the ACL, they don’t even inherit the group from the directory’s group.

So for example if I am logged in under my personal account samuel with primary group staff but samuel is also an admin user (so is a member of group admin)
Any files I create in the test directory with apple test edit or preview (using save as) have permissions rwxr-xr-x and the owner:group is samuel:admin despite the fact that the group for the directory is admin and despite the ACL. This means that other admins cannot edit the file without explicitly sudoing or changing the permissions.

If I set the global umask in launchd.conf then at least the file has group write permissions set but the group is staff not admin.

Safari Downloads do inherit both the ACL and the group from the directory. BBEdit files created by save as also inherit the group and ACL.

Because some Apple GUI apps don’t inherit ACLs, there is no elegant way to ensure that files created in a shared directory amoungst users in the admin group can be writable by admin using only ACL’s without the global umask.

If the ~/.launchd.conf wasn’t broken in Leopard then at least one could set umask for gui apps on a user by user basis instead of globally.

Did I miss something?

[Author]

Posts