<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.6.2">
</HEAD>
<BODY>
Hi List,<BR>
<!--+GtkHTML:<DATA class="ClueFlow" key="orig" value="0">--><BR>
I've got a system with a directory that all members of a group (say accounts) should have write access to.<BR>
<BR>
Currently it's setup like so:<BR>
<BR>
rwxrws--- 2 root accounts 4096 2005-07-23 15:24 accounts<BR>
<BR>
The primary group of each user is a group by the same name, and the umask is set to 0002. This all works well as the system home directories are kept read/writable by only the user, and files created in the shared directories have the correct permissions set<BR>
<BR>
I should mention that this directory is shared via Samba and NFS to the client workstations.<BR>
<BR>
Now the issue is that the system is using LDAP for authentication. For a small number of users I didn't mind creating a new group for each user, but it's quickly becoming annoying. I'd much prefer if all users had a primary group of staff for example.<BR>
<BR>
Unfortunately I can't see how the above example can work if this is the case. Here is my reasoning:<BR>
<BR>
If the user's primary group is staff, they can't have a umask of 0002 as it will make home directories writable by all members of the group. So the umask must be 0022.<BR>
<BR>
Which means I now need to force group read/write permissions on files created with the accounts directory. This is easy enough to do under Samba (<B><I>force create mask</I></B>) but I couldn't see a way todo a similar thing under Linux (for the NFS clients).<BR>
<BR>
Until I found out about POSIX acl's. Setting the default mask does exactly what I want. All files created within the shared directories have to correct permissions.<BR>
<BR>
</BODY>
</HTML>