Overclock.net banner

1 - 5 of 5 Posts

·
Linux > All
Joined
·
1,665 Posts
Discussion Starter #1
Can't create or write to folder though I clearly have group permissions. Losing my hair on this one as no clear explanation.

Code:
[email protected]:/snapraid/pool/music$ ls -al | grep root
drwxrwxr-x 61 root  ourmedia 4096 Jul  4 13:46 .
drwxr-xr-x 15 root  root     4096 Jul  3 18:15 ..
[email protected]:/snapraid/pool/music$ touch lol
touch: cannot touch 'lol': Permission denied
[email protected]:/snapraid/pool/music$ groups
jason adm cdrom sudo dip plugdev lxd lpadmin sambashare mythtv ourmedia
Found this problem when trying to give my wife a writable samba mountpoint to drop media in the storage system.
 

·
Premium Member
Joined
·
5,047 Posts
Network shares can be fun. You have permissions for the system that is mounted on and there are permissions on the system being mounted. Have you verified permissions on both sides?
 

·
Linux Lobbyist
Joined
·
2,039 Posts
You'll need to set "2xxx" for the permission. (SETGID)
Basically the standard "0xxx" means that the owner is the USER not the group.
You want to set the owner to the GROUP not the USER in this particular case.
For example your current permissions are set to 775 (too relaxed, imho) so:
Code:
find /path/to/base/dir -type d -exec chmod 2775 {} +
Note that this will ONLY set the SetGID bit on directories. If you need to set it for files as well, use chmod -R.
After setting that bit you'll have group permissions. Note that if you are sharing this via samba you'll want to set the directory mask variable in smb.conf to contain the 2 as well as the samba user and group to match something on the local host, otherwise you'll run into permissions issues later.
For example:
Code:
directory mask = 2775
You can read more about what setting other primary bits do here:
https://major.io/2007/02/13/chmod-and-the-mysterious-first-octet/



EDIT:
You *SHOULD* only set the SetGID bit on DIRECTORIES for this purpose.
Any files that have the SetGID bit can be executed by users belonging to the group as well. It's up to you whether or not this is desired. It should be fine in most cases, but if you have a "public" user that shouldn't be allowed to run code, that belongs to the the fileshare group, and they try to run a script contained in the share, they will be able to. Sorry for not putting that in originally.
EDIT2: You need both Write and Execute bits set to work inside a directory, whoops.
 
1 - 5 of 5 Posts
Top