site  contact  subhomenews

Setting up permissions under /files take-2

May 28, 2023 — BarryK

Yesterday I posted about folder permission and ownership problems for kdenlive:

In a nutshell, Kdenlive runs as user "kdenlive", but if the administrator creates folders in the Kdenlive project path /files/apps/kdenlive, they will be owner:group root:root and permissions 755, which means that Kdenlive will not be able to write into that folder.

We want the human user to be able to create folders, without any hassles such as this. So, I have had a rethink, and come up with a fix.

The fix has two parts. Firstly, /etc/profile had this line:

umask 022

That I have now changed to:

umask 002

The second part is that the setgid bit is set on all folders under /files.

The effect is that any folders or files created will have permissions 775 (and 2775 under /files) instead of 755 and will have the same group as the parent folder. The group ownership of all folders under /files is "filesgrp", and you will see in /etc/group that user "kdenlive" belongs to this group. Hence, kdenlive will have full read-write-execute in that folder.

...that may be as clear as mud. If you want to see the exact changes, see the commit:

I think that it all hangs together. We shall see. There is some consideration when update from an earlier installation, that everything under /files is correct.

The end result is what matters. If the human user can create folders and drop files into /files/apps/kdenlive, without any concerns about folder/file permission and ownership, that is what we are aiming for.

Note that /files/apps/kdenlive folder has 2700 permissions, to prevent other non-root apps from looking into it.   

Tags: easy