If you can force the umask
of the users you can, at least, know which permissions files will have on creation, but, of course, nothing prevents users from running chmod
afterwards. So there are two (similar) options I can think of, you can "schedule" permission corrections with incron
# apt-cache show incron
Package: incron
Version: 0.5.10-1
Installed-Size: 227
Maintainer: Emmanuel Bouthenot
Architecture: amd64
Depends: libc6 (>= 2.8), libgcc1 (>= 1:4.1.1), libstdc++6 (>= 4.4.0), lsb-base (>= 3.2-14), adduser
Description-en: cron-like daemon which handles filesystem events
incron is an "inotify cron" system. It works like the regular cron but is
driven by filesystem events instead of time events. This package provides two
programs, a daemon called "incrond" (analogous to crond) and a table
manipulator "incrontab" (like "crontab").
incron uses the Linux Kernel inotify syscalls.
like cron, each user can edit its own incron tables.
incron can be used to :
- notifying programs (e.g. server daemons) about changes in configuration
- guarding changes in critical files (with their eventual recovery)
- file usage monitoring, statistics
- automatic on-crash cleanup
- automatic on-change backup or versioning
- new mail notification (for maildir)
- server upload notification
- installation management (outside packaging systems)
- ... and many others
Homepage: http://inotify.aiken.cz/
or have a custom service running in the background "listening" for inotify
events:
# apt-cache show inotify-tools
Package: inotify-tools
Version: 3.14-1
Installed-Size: 60
Maintainer: Ryan Niebur
Architecture: amd64
Depends: libc6 (>= 2.8), libinotifytools0 (>= 3.11)
Description-en: command-line programs providing a simple interface to inotify
inotify-tools is a set of command-line programs for Linux providing a
simple interface to inotify. These programs can be used to monitor and
act upon filesystem events. inotify-tools consists of two utilities:
.
inotifywait simply blocks for inotify events, making it appropriate
for use in shell scripts.
.
inotifywatch collects filesystem usage statistics and outputs counts
of each inotify event.
Homepage: https://github.com/rvoicilas/inotify-tools/wiki/
Check here for an example.
umask
is just a default anyway, anyone can change the file withchmod
at any time.