Possible to force ALL files created in a specific directory to include g+w ?

Possible to force ALL files created in a specific directory to include g+w ?

Post by noon » Wed, 07 Jan 2004 09:42:55



In the process of removing root privileges from developers, I did the
following:

        groupadd develprs
        usermod -g develprs john
        usermod -g develprs joe
        usermod -g develprs smith

The developers will need to run a JVM:

        cd /opt
        chown -R nobody application/
        chgrp -R develprs application/

The JVM application logs to a a specific directory ( and sub-directories ).

        cd /var/log/
        chown -R nobody application/
        chgrp -R develprs application/

Now when I su - as john:

        su - john
        cd /opt/application
        ./start

... the log files are created on /var/log/application.
The files are owned by john but the group-ownership is by develprs
As an example:

-rw-r--r--   1 john     develprs   452119 Jan  6 11:17 generic.log

The problem here is, if the application is stopped, and then user joe
starts the application:

        ./stop
        exit
        su - joe
        cd /opt/application
        ./start

... because the log files are owned by john and not joe, and the
group-ownership is read-only, the application won't start. The log files
are actually created by Apache Log4J.

So question is, is there a way to force files that are ___created__ in a
specific directory to have g+w ??

If not, the only alternative for me is to run the app as root and let
them run the app via sudo.

Thanks

 
 
 

Possible to force ALL files created in a specific directory to include g+w ?

Post by Rich Tee » Wed, 07 Jan 2004 10:17:39



> So question is, is there a way to force files that are ___created__ in a
> specific directory to have g+w ??

A default ACL will probably do the trick.

--
Rich Teer, SCNA, SCSA

President,
Rite Online Inc.

Voice: +1 (250) 979-1638
URL: http://www.rite-online.net

 
 
 

Possible to force ALL files created in a specific directory to include g+w ?

Post by Darren Dunha » Wed, 07 Jan 2004 10:37:00



> So question is, is there a way to force files that are ___created__ in a
> specific directory to have g+w ??

No.  File permissions are usually decided by the creating application,
and then permissions removed via masks.

You can change your umask to 002 before running the application.

% (umask 002 ; ./start)

If the app attempts to create the file with 666 perms (as a good app
should), then it will work.  However if the app is already enforcing
policy by creating the file 644, then umask modifications will do no
good.

'touch' is a good program that will attempt 666 and allow the umask to
set the final permissions...

$ touch foo
$ (umask 002 ; touch bar)
$ ls -l foo bar
-rw-rw-r--   1 root     other          0 Jan  5 17:42 bar
-rw-r--r--   1 root     other          0 Jan  5 17:41 foo

Quote:> If not, the only alternative for me is to run the app as root and let
> them run the app via sudo.

Potentially if it's just a log file, you could write a script wrapper
that would 'touch' the file first (ensuring the proper permissions),
then launch the program.  If the program rotated the file itself though,
that wouldn't do you much good.

--

Unix System Administrator                    Taos - The SysAdmin Company
Got some Dr Pepper?                           San Francisco, CA bay area
         < This line left intentionally blank to confuse you. >

 
 
 

Possible to force ALL files created in a specific directory to include g+w ?

Post by noon » Wed, 07 Jan 2004 10:50:59



> So question is, is there a way to force files that are ___created__ in a
> specific directory to have g+w ??

Never mind .. umask was the answer
 
 
 

Possible to force ALL files created in a specific directory to include g+w ?

Post by Rich Tee » Wed, 07 Jan 2004 12:11:31



> > So question is, is there a way to force files that are ___created__ in a
> > specific directory to have g+w ??

> Never mind .. umask was the answer

No it isn't.  umask CLEARS bits in the permission of a
created file, it doesn't set them.

--
Rich Teer, SCNA, SCSA

President,
Rite Online Inc.

Voice: +1 (250) 979-1638
URL: http://www.rite-online.net

 
 
 

1. Creating a temporary file in a specific directory?

Is there any easy way to create a temporary file in a specific (but random
from time to time( directory?

I needed to modify some files and rather than creating a temp-file in /tmp,
writing it's contents, then closing and copying it back to the original
file, I decided to create a temp-file in the same directory as the
input/output file. The code works (but may not always do so because the
find-a-name algorithm isn't very robust) but it's not pretty.  Is there some
library function call that I missed?

Thanks
    Norm

2. freeze when bringing up interface lo on boot

3. Specific files in a specific directory?

4. xdos03f & stacker (dblspace)

5. disk usage of specific directory including sub-dir

6. Squid & Apache

7. Force "login" of a specific user to be redirected to a specific zone...

8. Solaris 8 Install CD Size

9. Create mask on specific directories.

10. How to check which rpm package a specific file includes ?

11. Method for searching some file including specific keyword??

12. CPIO: Possible to extract to current directory (without creating subdirs) ?

13. specific size file creating