Ubuntu: How do I set up a folder so that anything created in it inherits permissions?



Question:

I have a /data folder (actually a partition) for all data that should be accessible by all users (in this case family members). We all have individual user accounts and are often all logged in at any time on this one PC.

How can I set up permissions so that we all retain access to files there no matter who creates them, including new folders? If I create a folder it gets my user and group, so nobody else can write to it.


Solution:1

Another approach is to use Access Control Lists, a superset of file permissions.

First of all, we have to install the acl Install acl package:

sudo apt-get install acl  

Before Ubuntu 14.04, the partition has to be mounted with the option acl for the following to work. It could be added in /etc/fstab, as in

UUID=<XXXX>  /media/shared  ext4  noatime,acl  0  2  

or for an already mounted filesystem

sudo mount -o remount,acl /media/shared  

Next, you should create a new group, to which all users allowed to access the share in read/write mode will be added. I call it usershare. An already existing group could be used.

sudo addgroup usershare  

Now we add the users enzotib and steevc to that group:

sudo gpasswd -a steevc  usershare  sudo gpasswd -a enzotib usershare  

(effective at the next login).

Then we add an ACL with rwx permissions for the group usershare to all files already in /media/shared

sudo setfacl -Rm g:usershare:rwX /media/shared  

Finally we add a default ACL with rwx permissions for the group usershare for all files created from now on inside /media/shared

sudo setfacl -d -Rm g:usershare:rwX /media/shared  

Now all users of the usershare group have full permissions on all files under /media/shared. Permissions of each user on his and other's home directories are not affected.

I tested this solution and seems to work, but suggestions and corrections are welcome.

Remark: new files and directories created in the considered directory will have write permission for the usershare group, but files copied or moved in the folder will retain their original permissions. If the user, as I understand, only require write access to newly created directories, this is not a problem. Otherwise it should modify permissions by hand. See this answer on how to overcome this by defining the umask of users to 002.


Solution:2

  1. Make folder.

    For example:

    mkdir /mnt/family  

    If you need mount partition to them... if ext4 all you need in /etc/fstab is

    UUID=xxx    /mnt/family ext4    **rw,exec,defaults,auto,async   0   2**  
  2. Create group myfam.

    addgroup myfam  
  3. Add some users to that group

    adduser papa myfam    adduser mom myfam  
  4. Now take and give permission.

    I think you should start, from changing umask.

    Default filesystem permissions and access rights in 12.04

    chown -R you.myfam /mnt/family    chmod -R g+rwx /mnt/family    

    Now most important. That line create setgid anything you create under that folder have your users as owner and group myfam. That let system override user primary group.

    chmod -R g+s /mnt/family     


Solution:3

The simplest thing that come to mind is to add each user to the group of all other users.

Then change umask of each user from 022 to 002, this could be done in /etc/profile.

Edit

The first step could be replaced with the following: make all users belong to users group as the primary group.

Edi2

As @James_Henstridge suggested, it can be convenient to set the setgid bit on the main directory, so that new files and directories created will have its same group, indipendently of the user. In this way you can avoid the set users as the primary group for users.


Solution:4

This sounds like a job for ACLs. Giles has a very thorough answer on the SE Unix and Linux site that helped me solve the very same issue.


Solution:5

I dont understand, are all linux-linux, linux-windows, linux-???, using Samba?, SSH?, Pigeons?; anyways you need to include the others into the Group with your username (your Group), and they will get the same permissions as you.


Solution:6

I came across this question while searching for answers for my GROUP PERMISSION problem. I've read the question and It seems I am already implementing what the question tries to accomplish.

So I bothered to answer it.

I have already a setup up of a share for all users on my lan with read and execute only, and only my account has the permission to write on the shared folders.

I have a multi-purpose server on my lan that uses ubuntu 12.04 LTS Desktop Edition. I have a mix client machines of linux and windows.

Heres how I have set it up:

1.On my server, I have user accounts named admin and clientone

The admin account is the account created when I installed ubuntu and the clientone account is the account created using the USER ACCOUNTS menu in ubuntu. It only has a standard permission, no admin priveleges and it is added to the users group. You may of course do these using only the terminal. Add more additional user accounts for your client machines.

2.The shared partition/folder is automounted in fstab using only the defaults option.

3.My network is in a workgroup environment, and It is on mylan workgroup.

All machines in my lan is set to use the mylan workgroup.

4.My shared folder named shared already have files in it. So I change the owner and group for it recursively using the command below.

 sudo chown -Rv admin:users /shared  

5.I also set folder and file permission to /shared folder recursively using the command

 sudo chmod -Rv 750 /shared  

guest machines in my mylan workgroup does not have access to the share using chmod 750

you may use

 sudo chmod -Rv 755 /shared  

All future user accounts within the users group only has read execute permission.

6.In my client machine one (windows xp) I setup a user account named clientone. The same user name and password as with the one created in my ubuntu server. A second account named clienttwo is also created in ubuntu server and it's the same user account used in my second machine (linuxmint 15).

7.In my client machine one upon logging in using the clientone account, I go to run command then enter

 //192.168.10.254/shared  

192.168.10.254 is the ip address of my ubuntu server, /shared is the folder shared in my ubuntu server In my client machine two (linuxmint 15), I go to Menu > Network and in the Location: dialog bar I typed in:

 smb://192.168.10.254/shared  

If you were prompted for password, enter your user accoun'ts password. And also your keyring password if KEYRING is enable in your linux machines.

This one works for me in my own network setup. My server is a multi purpose server serving as squid server, xbmc and mediatomb server and amahi server.

I am still looking ways on how to improve the file sharing part of my setup. The instruction above is not a bullet proof solution, buy you may try it out. I test and try the ACL” thing together with auto mounting shared folders. As your folder sharing requirement gets complicated, the above instruction will not guaranty you success.

Added Info:

I have Amahi Server installed in my server, I also used it to create user accounts that I wanted to have access to the shared folders. I also used it to create new folder shares.

When you want more complex user permission for different users, ACL is the one to go.


Solution:7

I have video files on my name, but when I sign in with my daughters name her account can't see the video files. So, what I did was went to user accounts, unlocked (top right), then changed her account type from "standard" to "administrator(which is what my account is), and now all the video files, really everything, shows up when logged in under her account.


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »