为Linux中的目录下新创建的文件和子目录设置默认权限?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/580584/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Setting default permissions for newly created files and sub-directories under a directory in Linux?
提问by David Dean
I have a bunch of long-running scripts and applications that are storing output results in a directory shared amongst a few users. I would like a way to make sure that every file and directory created under this shared directory automatically had u=rwxg=rwxo=rpermissions.
我有一堆长时间运行的脚本和应用程序,它们将输出结果存储在几个用户共享的目录中。我想要一种方法来确保在此共享目录下创建的每个文件和目录自动具有u=rwxg=rwxo=r权限。
I know that I could use umask 006at the head off my various scripts, but I don't like that approach as many users write their own scripts and may forget to set the umask themselves.
我知道我可以首先使用umask 006我的各种脚本,但我不喜欢这种方法,因为许多用户编写自己的脚本并且可能忘记自己设置 umask。
I really just want the filesystem to set newly created files and directories with a certain permission if it is in a certain folder. Is this at all possible?
我真的只希望文件系统在某个文件夹中设置具有特定权限的新创建的文件和目录。这是可能吗?
Update: I thinkit can be done with POSIX ACLs, using the Default ACL functionality, but it's all a bit over my head at the moment. If anybody can explain how to use Default ACLs it would probably answer this question nicely.
更新:我认为可以使用POSIX ACL来完成,使用默认 ACL 功能,但目前我有点想不通。如果有人可以解释如何使用默认 ACL,它可能会很好地回答这个问题。
采纳答案by Norman Ramsey
To get the right ownership, you can set the group setuid bit on the directory with
要获得正确的所有权,您可以在目录上设置组 setuid 位
chmod g+rwxs dirname
This will ensure that files created in the directory are owned by the group. You should then make sure everyone runs with umask 002 or 007 or something of that nature---this is why Debian and many other linux systems are configured with per-user groups by default.
这将确保在目录中创建的文件归组所有。然后你应该确保每个人都使用 umask 002 或 007 或类似的东西运行——这就是为什么 Debian 和许多其他 linux 系统默认配置为每个用户组的原因。
I don't know of a way to force the permissions you want if the user's umask is too strong.
如果用户的 umask 太强,我不知道有什么方法可以强制您获得所需的权限。
回答by innaM
It's ugly, but you can use the setfacl command to achieve exactly what you want.
这很丑陋,但您可以使用 setfacl 命令来实现您想要的。
On a Solaris machine, I have a file that contains the acls for users and groups. Unfortunately, you have to list all of the users (at least I couldn't find a way to make this work otherwise):
在 Solaris 机器上,我有一个文件,其中包含用户和组的 acl。不幸的是,您必须列出所有用户(至少我找不到其他方法来完成这项工作):
user::rwx
user:user_a:rwx
user:user_b:rwx
...
group::rwx
mask:rwx
other:r-x
default:user:user_a:rwx
default:user:user_b:rwx
....
default:group::rwx
default:user::rwx
default:mask:rwx
default:other:r-x
Name the file acl.lst and fill in your real user names instead of user_X.
将文件命名为 acl.lst 并填写您的真实用户名而不是 user_X。
You can now set those acls on your directory by issuing the following command:
您现在可以通过发出以下命令在您的目录中设置这些 acl:
setfacl -f acl.lst /your/dir/here
回答by pelle
Here's how to do it using default ACLs, at least under Linux.
下面是如何使用默认 ACL 来做到这一点,至少在 Linux 下是这样。
First, you mightneed to enable ACL support on your filesystem. If you are using ext4 then it is already enabled. Other filesystems (e.g., ext3) need to be mounted with the acloption. In that case, add the option to your /etc/fstab. For example, if the directory is located on your root filesystem:
首先,您可能需要在文件系统上启用 ACL 支持。如果您使用的是 ext4,那么它已经启用。其他文件系统(例如 ext3)需要使用该acl选项安装。在这种情况下,将该选项添加到您的/etc/fstab. 例如,如果目录位于您的根文件系统上:
/dev/mapper/qz-root / ext3 errors=remount-ro,acl 0 1
Then remount it:
然后重新安装它:
mount -oremount /
Now, use the following command to set the default ACL:
现在,使用以下命令设置默认 ACL:
setfacl -dm u::rwx,g::rwx,o::r /shared/directory
All new files in /shared/directoryshould now get the desired permissions. Of course, it also depends on the application creating the file. For example, most files won't be executable by anyone from the start (depending on the mode argument to the open(2) or creat(2) call), just like when using umask. Some utilities like cp, tar, and rsyncwill try to preserve the permissions of the source file(s) which will mask out your default ACL if the source file was not group-writable.
所有新文件/shared/directory现在都应该获得所需的权限。当然,这也取决于创建文件的应用程序。例如,大多数文件从一开始就不能被任何人执行(取决于 open(2) 或 creat(2) 调用的模式参数),就像使用 umask 一样。某些实用程序(如cp、tar和 )rsync会尝试保留源文件的权限,如果源文件不可组写入,则会屏蔽您的默认 ACL。
Hope this helps!
希望这可以帮助!
回答by user3270784
in your shell script (or .bashrc) you may use somthing like:
在您的 shell 脚本(或.bashrc)中,您可以使用以下内容:
umask 022
umask 022
umaskis a command that determines the settings of a mask that controls how file permissions are set for newly created files.
umask是确定掩码设置的命令,该掩码控制如何为新创建的文件设置文件权限。
