new to linux permission question please help

[am09]

Hello all,

I am new to the linux world and have a question about permission. I will appreciate all the help.

My question is i have sftp server set up at work.

Lets say i have a directory /home/sftp/sys

In the sys directory there are sub directories sys1 and sys2 with many files in them.

drwxrwx---+ 4 sys operator 4096 Oct 11 2010 sys
drwxrwx---+ 2 sys operator 16384 Sep 6 17:35 sys1

now the files that gets dropped in sys1 folder by sys user gets permission

rw------- 1 sys sys 13110 Aug 29 14:36 test.txt

I want that whoever drops files in the sys1 folder inherit permission of the parent folder? is this possible in linux?

Thank you

[Rubberman]

The default settings for a specific user can be set with umask. Set the appropriate mask in the sys user's login profile. FWIW, file and directory permissions are different entities, even though they use the same bit patterns. So, you would not want a file to have the same permissions as the directory they are uploaded into.

[mike-ocs]

You might also consider adding SGID (set group id) on those directories. By doing that, any new file or directory created within those directories will automatically inherit the group owner of the parent. Either root or the user sys could run:
chmod g+s sys ... or ... chmod 2770 sys
chmod g+s sys1 ... or ... chmod 2770 sys1

The resulting permissions would then look something like:
drwxrws---+ 4 sys operator 4096 Oct 11 2010 sys
drwxrws---+ 2 sys operator 16384 Sep 6 17:35 sys1

And a new file created in one of these directories would look like:
rw------- 1 sys operator 13110 Aug 29 14:36 test.txt

Since "operator" is the group owner of the parent directory, "operator" becomes the group owner of any new file or directory created within it. This really isn't too useful unless you also change the umask settings for the user's in the operator group -- like Rubberman said. You might consider a umask of 0002, which would mean new files would have initial permissions of -rw-rw-r-- and new directories would have initial permissions of drwxrwxr-x.

A couple more things... Because members of the operator group have write permission on both directories, they will be able to force changes or force delete files in those directories even though they may not have write permission on individual files within those directories. Of course some users aren't going to know that they can do this.

Finally, the + symbol at the end of the directory permissions tells me that file access control lists might also be set on the directories. You might take a look at the man pages for getfacl and setfacl.

Mike

[am09]

Is there any way in linux i can assign 2 groups permission to the same folder and files.

[Rubberman]

Is there any way in linux i can assign 2 groups permission to the same folder and files.

AFAIK, this is possible if you are using access control lists (ACL) for permissions instead of traditional user/group permissions. For more information, read the acl man page.

[am09]

Thank you everyone on this forum.

I read up on umask, sgid, ugid and that solved half of my problems. I am seeing that ACL's are set up on the server with users all over the place. I am going to add all these users according to group and add them with ACLs.