Script to set file permissions on a shared document tree

When using a shared document tree you probably want to keep the the same groupid when saving and creating documents. To do this you set a sticky bit on the folder. I wrote a script to set/correct the permissions in a shared older.

#! /bin/sh
# shellscript to set user permissions on files and folders
# it also sets a sticky bit for the group on all subfolders
# primarily for use on shared folders

if [ "$1" != "" ] && [ "$2" != "" ]; then
        echo "Setting file group..."
        find "$1" -type f -print0 |xargs -0 chown :"$2"
	echo "Setting file permissions..."
	find "$1" -type f -print0 |xargs -0 chmod 660
	echo "Setting folder group..."
	find "$1" -type d -print0 |xargs -0 chown :"$2"
	echo "Setting folder permissions..."
	find "$1" -type d -print0 |xargs -0 chmod 2770
else
	echo "USAGE:"
	echo "    xperm PATH GROUP"
fi

Change system wide default file permissions

By default debian and ubuntu give all users read permission on files and folders. If you work in a shared environment with files stored on NFS you probably want to change this to:

u g o
folders rwx rwx
files rw rw

The achieve this you need to edit the umask in several places.

Bash sessions

 /etc/profile
# The default umask is now handled by pam_umask.
# See pam_umask(8) and /etc/login.defs.* `/etc/login.defs`
/etc/login.defs
#!diff
--- /etc/login.defs 2012-04-09 04:32:02.000000000 +0200
+++ login.defs 2014-03-27 13:58:04.637305820 +0100
@@ -148,7 +148,7 @@
 #
 ERASECHAR 0177
 KILLCHAR 025
-UMASK 022
+UMASK 007
 
 #
 # Password aging controls:

Checking:

 # ~$ ssh $user@$server
 # user@server:~$ umask
 0007

Explanation from bash man page:

# ~$ man bash
When bash is invoked as an interactive login shell, or as a non-inter active shell with the --login option, it first reads and executes commands from the file /etc/profile, if that file exists. After reading that file, it looks for ~/.bash_profile, ~/.bash_login, and ~/.profile, in that order, and reads and executes commands from the first one that exists and is readable.

Xsession sessions

To make sure your X11 applications use the correct umask you have to create an extra file in the `/etc/X11/Xsession.d`-folder:

~$ echo "umask 007" | sudo tee /etc/X11/Xsession.d/10x11-common-umask

Checking:

Nautilus application:
Open the `Desktop` location:

~$ nautilus ~/Desktop

Create a new file from the `file`-menu and check the permissions in bash:

user@server:~/Desktop$ ls -lha new file
-rw-rw----+ 1 user user 0 2010-02-05 12:00 new file

OpenOffice application:
Create a new document on the Desktop and check the permissions in bash:

user@server:~/Desktop$ ls -lha *.odt
-rw-rw----+ 1 user user 7,3K 2010-02-05 12:00 testdocument.odt

 Explanation from bash man page:

# ~$ man xsession
Xsession next confirms that its script directory, Xsession.d, exists. If it does not, the script aborts. After the script directory is confirmed to be present, Xsession uses run-parts(1) to identify files in that directory that should be sourced (executed) in the shell's environment. Only files named in a certain way are sourced; see the run-parts manual page for a description of valid characters in the filename.
(This restriction enables the administrator to move experimental or problematic files out of the way of the script but keep them in an obvious place, for instance by renaming them with ‘.old’ or ‘.broken’ appended to the filename.)

Samba

If you use samba to share documents you might also want to change the samba settings:

/etc/samba/smb.conf
create mask = 0660
directory mask = 2770

References:

Setting up DHCP and DNS services on your own network

In most home networks the role of DHCP and DNS server is performed by the router supplied by your ISP. This is fine until you want more complex things as PXE boot or an internal DNS view. To use these functions you need to run a server in your network. This can be an old PC or – if you are environmentally conscious – a device with a low energy consumption. I prefer an old – atom based – thin client. Continue reading

Converting video to mp4 (H.264) and WEBM with avconv (ffmpeg)

Avconv is a fork of ffmpeg used by debian and ubuntu. For now they use the same commandline syntax. Avconv can convert almost every video format there is. I am using it to convert my video’s to mp4 and webm format. These formats are compatible with most HTML5 browsers. I use the video.js library to select which format to use and to provide a flash fallback (mostly IE).
Continue reading