this post was submitted on 13 May 2024
10 points (100.0% liked)
linux4noobs
1356 readers
1 users here now
linux4noobs
Noob Friendly, Expert Enabling
Whether you're a seasoned pro or the noobiest of noobs, you've found the right place for Linux support and information. With a dedication to supporting free and open source software, this community aims to ensure Linux fits your needs and works for you. From troubleshooting to tutorials, practical tips, news and more, all aspects of Linux are warmly welcomed. Join a community of like-minded enthusiasts and professionals driving Linux's ongoing evolution.
Seeking Support?
- Mention your Linux distro and relevant system details.
- Describe what you've tried so far.
- Share your solution even if you found it yourself.
- Do not delete your post. This allows other people to see possible solutions if they have a similar problem.
- Properly format any scripts, code, logs, or error messages.
- Be mindful to omit any sensitive information such as usernames, passwords, IP addresses, etc.
Community Rules
- Keep discussions respectful and amiable. This community is a space where individuals may freely inquire, exchange thoughts, express viewpoints, and extend help without encountering belittlement. We were all a noob at one point. Differing opinions and ideas is a normal part of discourse, but it must remain civil. Offenders will be warned and/or removed.
- Posts must be Linux oriented
- Spam or affiliate links will not be tolerated.
founded 1 year ago
MODERATORS
I don't really understand your use case.
It sounds like you have multiple users creating files in a directory, and some users are creating them with more-restrictive permissions than you want -- like, you want to force them to make their stuff accessible by everyone else -- and you're trying to avoid that by regularly modifying all the permissions?
If you set the sgid bit on the parent directory, then by default, things created in that directory will inherit the group of the parent directory.
But a user can still change permissions so that that isn't the case.
It's possible that you could use ACLs or something like that to address your problem, but I don't know what it is that you're trying to achieve.
What you proposed with sgid sounds like it might be what i need. All of the users are controlled my me, it's just when they connect to the smb share of the main system from other devices, i figured it was good security to use an account that is separate from my main account on the system, so they can't access the entire system or execute sudo commands
If this is specific to a Samba server, it looks like you can set it to use whatever uid/gid you want.
https://unix.stackexchange.com/questions/530038/remap-uid-in-samba-share