7

I want to have a shared media drive be transparently usable to all users, whilst also sticking to FHS and Ubuntu standards. The former takes priority if necessary. I currently mount it at /media/Stuff but /media is supposed to be for external media, i believe. The main issue is setting right permissions so that access to read and write to the drive can be granted to multiple users working within the same directories.

InstallingANewHardDrive seems both slightly confused and not what I want. It claims that this sets ownership for the top-level directory (despite the recursion flag):

    sudo chown -R USERNAME:USERNAME /media/mynewdrive

And that this will let multiple users create files and sub-directories but only delete their own:

    sudo chgrp plugdev /media/mynewdrive
    sudo chmod g+w /media/mynewdrive
    sudo chmod +t /media/mynewdrive

However, the group writeable bit does not seem to get inherited, which is troublesome for keeping things organised (prevents creation inside sub-folders originally made by another user). The sticky bit is probably also unwanted for the same reason, although currently it seems that one userA (perhaps the owner of the mount-point?) can delete the userB's files, but not vice-versa. This is fine, as long as userB can create files inside the directory of userA. So:

  • What is the correct mount point?
  • Is plugdev the correct group?
  • Most importantly, how to set up permissions to maintain an organised media drive?

I do not want to be running cron jobs to set permissions regularly!

v2r
  • 9,547
Sam Brightman
  • 270

2 Answers2

3

The correct mount point is /mnt/mynewdrive; plugdev is not correct; on permissions, why not use access control lists (ACL)?

Are the ACL tools installed by default? Can't remember, but, cannot hurt to...

sudo apt-get install acl

Mount the file systems with the acl option in /etc/fstab.

sudo vim /etc/fstab

UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx / ext4 defaults,acl 0 1

sudo mount -o remount,acl /

Then make a group to which a user may belong for this purpose, which I'll call stone, and then make a user a member of that group.

sudo groupadd stone
sudo usermod -a -G stone $username

The user needs to log out and in again to become a member of the group. If the directory, /mnt/mynewdrive, is mounted and completely empty:

sudo chown root.stone /mnt/mynewdrive
sudo chmod 0775 /mnt/mynewdrive
sudo chmod g+s  /mnt/mynewdrive
sudo chmod +t   /mnt/mynewdrive
sudo setfacl -d -m u::rwx,g::rwx,o::r-x /mnt/mynewdrive

Above...

  • Change owner to root and group owner to stone
  • Give write ability to the stone group
  • Cause all new files to be group-owned by stone
  • Restrict delete and rename to all but the user who created the file
  • By default, allow user and group rwx, others: rx.
0

For now, I would suggest setting up a drive without permissions. Use FAT32 or some other non-secure file system and share it over samba.

In the future, I think we need to seriously look at how we enable these kinds of features in Ubuntu.

Martin Owens -doctormo-
  • 20,060