launchD StartOnMount help

pittmantechno · 06-21-2010, 05:25 PM

Hello,

Forgive me, Im not very XML savvy. I am looking for a way periodically or at mount...send, $ chmod -R 777 to the /Users/Shared folder.

I have a bunch of users that like to open files right out of shared locations and end up getting locked out of files within or vice versa - so to avoid permissions issues I though this would be great for my Users. at the moment I ssh in and send the chmod -R 777 to the Users/Shared folder

So I am wondering if any of you know how I could do this with launchD and maybe the StartOnMount feature ? so anytime they open the shared Directory it blasts the permissions on it ?

tw · 06-22-2010, 02:05 PM

roughly speaking, what you're asking for is something like this:

Code:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>Label</key>
	<string>my.permissions.zapper</string>
	<key>ProgramArguments</key>
	<array>
		<string>chmod</string>
		<string>-R</string>
		<string>777</string>
		<string>/path/to/folder</string>
	</array>
	<key>StartOnMount</key>
	<true/>
</dict>
</plist>

but I'm confused as to why this would be necessary. what is changing the permissions so that they have to constantly be reset to 777? once you set the permissions on a folder they ought to stay at where you set them.

tlarkin · 06-22-2010, 02:30 PM

an ACL would fit here nicely too, you could just give 'everyone' read/write access via ACL and it should honor the parent folder and all children items inside that folder.

vostrushka · 07-07-2010, 05:55 PM

Even without ACL this can work nicely:
chown -R root:shared_group /Users/Shared
Add all your participating users to this shared_group.
chmod -R 775 /Users/Shared
chmod -R g+s /Users/Shared
The last command will set up S-bit on groups permissions, which will automatically apply the group of the parent directory to the files and child directories.
Users will be managed through group access only.
You need to run these commands once after that just keep an eye on that folder.
Regards
Leonid

ganbustein · 07-10-2010, 05:25 PM

Quote:

Originally Posted by vostrushka


	chown -R root:shared_group /Users/Shared Add all your participating users to this shared_group. chmod -R 775 /Users/Shared chmod -R g+s /Users/Shared

You could combine the last two:

chmod -R 2775 /Users/Shared

but it doesn't matter, because it still won't work. SUID and SGID on folders is incompatible with ACLs, so support for it was disabled when ACL support was added. But no matter. New files/folders are given the group of the enclosing folder anyway. (You only ever needed SUID on folders.)

The trouble is that, with the default umask of 022, the group won't have write access to any new files/folders. Anything that one user creates will be read-only to other users, even if they're in the same group.

You have to either set umask globally (which may have unintended consequences elsewhere), or re-issue the chmod periodically (but new files will still be read-only to others until the next periodic chmod), or use ACLs.

06-21-2010, 05:25 PM	#1
pittmantechno Prospect Join Date: Jun 2010 Location: Los Angeles Posts: 1	launchD StartOnMount help Hello, Forgive me, Im not very XML savvy. I am looking for a way periodically or at mount...send, $ chmod -R 777 to the /Users/Shared folder. I have a bunch of users that like to open files right out of shared locations and end up getting locked out of files within or vice versa - so to avoid permissions issues I though this would be great for my Users. at the moment I ssh in and send the chmod -R 777 to the Users/Shared folder So I am wondering if any of you know how I could do this with launchD and maybe the StartOnMount feature ? so anytime they open the shared Directory it blasts the permissions on it ?

06-22-2010, 02:05 PM	#2
tw Hall of Famer Join Date: Apr 2007 Posts: 4,262	roughly speaking, what you're asking for is something like this: Code: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>my.permissions.zapper</string> <key>ProgramArguments</key> <array> <string>chmod</string> <string>-R</string> <string>777</string> <string>/path/to/folder</string> </array> <key>StartOnMount</key> <true/> </dict> </plist> but I'm confused as to why this would be necessary. what is changing the permissions so that they have to constantly be reset to 777? once you set the permissions on a folder they ought to stay at where you set them. __________________ Philosophy is a battle against the bewitchment of our intelligence by means of language. -LW-

06-22-2010, 02:30 PM	#3
tlarkin League Commissioner Join Date: Mar 2003 Location: Kansas City Posts: 11,347	an ACL would fit here nicely too, you could just give 'everyone' read/write access via ACL and it should honor the parent folder and all children items inside that folder. __________________ sudo make me a sammich http://www.tlarkin.com "It just told me what I already knew, that I'm a great and amazing guy, didn't I tell you baby, I'm Zaphod Beeblebrox."

Thread Tools
Show Printable Version Email this Page
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

07-07-2010, 05:55 PM	#4
vostrushka Prospect Join Date: Jul 2010 Posts: 14	Even without ACL this can work nicely: chown -R root:shared_group /Users/Shared Add all your participating users to this shared_group. chmod -R 775 /Users/Shared chmod -R g+s /Users/Shared The last command will set up S-bit on groups permissions, which will automatically apply the group of the parent directory to the files and child directories. Users will be managed through group access only. You need to run these commands once after that just keep an eye on that folder. Regards Leonid