Hi Bart,

You could also consider using the Private User Group Scheme, which is common in
RedHat linux.
Every user is put in his own private group. All umask are 002. Each homedir is
owned by the user and
has the gid of the user. So nobody has 'illegal' access to it.
Then each project dir is owned by the group 'project' and the S bit is set on
the project directory. This
means that all subdirs and files created there inherit the gid. This way,
projects keep being
writable for the whole group and not only for the owner. You do retain the uid
on the file, so you can
still see who last wrote a certain file.

See
http://www.redhat.com/docs/manuals/linux/RHL-7.2-Manual/ref-guide/s1-users-groups-private-groups.html

for a comlete discussion. It works for me!

Regards,

Edwin Hakkennes


"Brashers, Bart -- MFG, Inc." wrote:

<SNIP>

> The default permissions for newly created files and directories on this disk
> are 644 and 755, respectively.  /home/proj is a space for shared projects,
> where many people work on the same sets of files (e.g. ken and eric_a
> above).  The script does essentially this:
>
> foreach user (...list of users...)
>     foreach dir (home/proj/*)
>         if (-eof $dir) chmod -f  goa+rw $dir
>         if (-ed $dir)  chmod -fR goa+rw $dir
>     end
> end
>
> That is, it recursively sets all the permissions to 666 and 777,
> respectively.  AND CHANGES THE CTIME!  D'oh!  I didn't realize that amanda
> was going off the ctime, not the time that's listed by a normal `ls -lF`.
>
> I did this because people were constantly forgetting to chmod files they
> created.  Setting umask to 002 would also make files they create in their
> own home directories (/home/user) public, which is not right.  I don't know
> of a way to set umask to 022 for some directories and not for others.  The
> man page for chmod doesn't list a switch like --preserve-ctimes.
>
> So this should fix amanda's problem (YAY!) that's been plaguing me for a
> long time, but it re-introduces the chmod/umask problem.  After some messing
> around, I added a line to the system-wide csh.cshrc file:
>
> alias cwdcmd "source /etc/cwdcmd"
>
> where the latter file is
>
> if ($PWD =~ /home/proj*) then
>     umask 000
> else
>     umask 022
> endif
>
> I can't figure out how to do conditional execution inside an alias, so I had
> to source a file.  "alias cwdcmd 'if ($PWD =~ /home/proj*) then; umask 000;
> else umask 022; endif'" doesn't work.  If anyone knows how to do use an if
> statement inside an alias, please let me know...
>
> Thanks so much to Dietmar Goldbeck, Paul Bort, Jean-Louis Martineau, Frank
> Smith, Gene Heskett, and everyone else who helped me track down the source
> of this problem!
>
> Bart
>
> Bart
> ---
> Bart Brashers                           MFG Inc.
> Air Quality Meteorologist               19203 36th Ave W Suite 101
> bart.brashers AT mfgenv DOT com            Lynnwood WA 98036-5707
> http://www.mfgenv.com                   425.921.4000 Fax: 425.921.4040