Permissions by path instead of file mode bits
I often find that the unix way of handling file permissions is powerful, particularly when combined with ACLs, but rather difficult to handle. Setting file modes, group ownership and extended attributes correctly for every created file can quickly become tedious.
Is there any approach out there which replaces this concept (probably per mount) with something simpler, where files inherit permissions from their containing directories by default?
I know this would probably violate a number of POSIX expectations, but on the other hand, thungs like quiet vfat mouts already disregard mode and several permission changes, so that shouldn't prevent new ideas from being developed.
To give an example, I'm looking for something where I can be sure that as long as a user drops his file inside a certain directory, it will be writable and deletable by a given group, and readable only by the rest of the world, no matter the user's umask and current group.
Reasons why what I know so far doesn't seem sufficient:
Permissive file in restrictive dir: Changing the umask to 0777 and the mode of a directory to 0770, one can grant read-write access within a group and lock out the rest of the world. The dir should also have to have the sgid bit set so its files get the correct group instead of the user's primary group. But an umask of 0777 has a risk of opening large holes in places not restricted in this fashion, and umask doesn't count for much if people start moving stuff around using e.g. mv.
ACL defaults: Using setfacl one can set defaults for newly created files in a given directory. This is better than the above, but it only works for newly created files. Agin this won't work if people start moving files around, and again it won't work for cases where the umask is too restrictive.
I often find that the unix way of handling file permissions is powerful, particularly when combined with ACLs, but rather difficult to handle. Setting file modes, group ownership and extended attributes correctly for every created file can quickly become tedious.
Is there any approach out there which replaces this concept (probably per mount) with something simpler, where files inherit permissions from their containing directories by default?
I know this would probably violate a number of POSIX expectations, but on the other hand, thungs like quiet vfat mouts already disregard mode and several permission changes, so that shouldn't prevent new ideas from being developed.
To give an example, I'm looking for something where I can be sure that as long as a user drops his file inside a certain directory, it will be writable and deletable by a given group, and readable only by the rest of the world, no matter the user's umask and current group.
Reasons why what I know so far doesn't seem sufficient:
Permissive file in restrictive dir: Changing the umask to 0777 and the mode of a directory to 0770, one can grant read-write access within a group and lock out the rest of the world. The dir should also have to have the sgid bit set so its files get the correct group instead of the user's primary group. But an umask of 0777 has a risk of opening large holes in places not restricted in this fashion, and umask doesn't count for much if people start moving stuff around using e.g. mv.
ACL defaults: Using setfacl one can set defaults for newly created files in a given directory. This is better than the above, but it only works for newly created files. Agin this won't work if people start moving files around, and again it won't work for cases where the umask is too restrictive.
No comments:
Post a Comment