site
contact
newsSetting up permissions under /files take-2
Yesterday I posted about folder permission and ownership problems for kdenlive:
https://bkhome.org/news/202305/fixed-kdenlive-project-setup.html
In a nutshell, Kdenlive runs as user "kdenlive", but if the
administrator creates folders in the Kdenlive project path
/files/apps/kdenlive, they will be owner:group root:root and
permissions 755, which means that Kdenlive will not be able to
write into that folder.
We want the human user to be able to create folders, without any hassles such as this. So, I have had a rethink, and come up with a fix.
The fix has two parts. Firstly, /etc/profile had this line:
umask 022
That I have now changed to:
umask 002
The second part is that the setgid bit is set on all folders under /files.
The effect is that any folders or files created will have permissions 775 (and 2775 under /files) instead of 755 and will have the same group as the parent folder. The group ownership of all folders under /files is "filesgrp", and you will see in /etc/group that user "kdenlive" belongs to this group. Hence, kdenlive will have full read-write-execute in that folder.
...that may be as clear as mud. If you want to see the exact changes, see the commit:
https://github.com/bkauler/woofq/commit/512ad9d3e34b18deb40f2c0b610abef41d57be59
I think that it all hangs together. We shall see. There is some consideration when update from an earlier installation, that everything under /files is correct.
The end result is what matters. If the human user can create folders and drop files into /files/apps/kdenlive, without any concerns about folder/file permission and ownership, that is what we are aiming for.
Note that /files/apps/kdenlive folder has 2700 permissions, to
prevent other non-root apps from looking into it.
Tags: easy