0

On a Linux machine, I exported a few directories via NFS.

Within the directories, I want to keep all the files of permission 0644, but I can't stop people from copying a file of 0600 there.

Currently I run a script periodically to chmod all files recursively. That works, but is getting slow, as number of files increases.

Are there any ways to specify a 'reversed' fmask, which sets certain permission flag of new file?

Improve this question
1
  • In a word: no. Remember that umask is just a default anyway, anyone can change the file with chmod at any time.
    – Rich Homolka
    Commented May 1, 2013 at 17:17

1 Answer 1

Reset to default
0

If you can force the umask of the users you can, at least, know which permissions files will have on creation, but, of course, nothing prevents users from running chmod afterwards. So there are two (similar) options I can think of, you can "schedule" permission corrections with incron 


# apt-cache show incron
Package: incron
Version: 0.5.10-1
Installed-Size: 227
Maintainer: Emmanuel Bouthenot 
Architecture: amd64
Depends: libc6 (>= 2.8), libgcc1 (>= 1:4.1.1), libstdc++6 (>= 4.4.0), lsb-base (>= 3.2-14), adduser
Description-en: cron-like daemon which handles filesystem events
 incron is an "inotify cron" system. It works like the regular cron but is
 driven by filesystem events instead of time events. This package provides two
 programs, a daemon called "incrond" (analogous to crond) and a table
 manipulator "incrontab" (like "crontab").
 incron uses the Linux Kernel inotify syscalls.
 like cron, each user can edit its own incron tables.
 incron can be used to :
  - notifying programs (e.g. server daemons) about changes in configuration
  - guarding changes in critical files (with their eventual recovery)
  - file usage monitoring, statistics
  - automatic on-crash cleanup
  - automatic on-change backup or versioning
  - new mail notification (for maildir)
  - server upload notification
  - installation management (outside packaging systems)
  - ... and many others
Homepage: http://inotify.aiken.cz/

or have a custom service running in the background "listening" for inotify events:


# apt-cache show inotify-tools
Package: inotify-tools
Version: 3.14-1
Installed-Size: 60
Maintainer: Ryan Niebur 
Architecture: amd64
Depends: libc6 (>= 2.8), libinotifytools0 (>= 3.11)
Description-en: command-line programs providing a simple interface to inotify
 inotify-tools is a set of command-line programs for Linux providing a
 simple interface to inotify. These programs can be used to monitor and
 act upon filesystem events. inotify-tools consists of two utilities:
 .
 inotifywait simply blocks for inotify events, making it appropriate
 for use in shell scripts.
 .
 inotifywatch collects filesystem usage statistics and outputs counts
 of each inotify event.
Homepage: https://github.com/rvoicilas/inotify-tools/wiki/

Check here for an example.

Improve this answer
1
  • I second the inotify option.
    – tink
    Commented May 1, 2013 at 17:42

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .