Creating files and directories with a certain owner (user/group) while sudoing

root linux permissions chmod chown

You can always sudo -u username touch filename when your script is executed as root. It usually requires no password, depending on your sudoers configuration.

Alternatively, run su username -c touch filename. The additional arguments are supplied to the user's shell, and the -c option to the shell executes the specified commands by convention.

Some commands (like mkdir) support arguments to specify the permissions:

mkdir -m 0700 foo

By default, file operations respect the umask set for the shell. It defines which permissions are denied. A umask of 0022 for example does not set write permissions for group and others. Set to 0077 to prevent group and others from getting any permissions.

You can set the setgid on directories to have all files created within inherit their group membership:

chmod g+s someDir

Some Unixes support the same behavior for setuid (chmod u+s), but not Linux.


There is another way, quite elegant I think. Using install(1)

For example, zabbix-agentd needs a subfolder inside /var/run, but recent distributions are using tmpfs for /var/run, so the directory does not survive reboots. I solved it by creating a file /etc/sysconfig/zabbix-agentd containing:

install -g zabbix -o zabbix -d /var/run/zabbix

On Unix-like systems newly created files and directories are owned by the owner of the process which created them. Standard utilities normally do not have option to change the owner of the created files.

Variables with UID and GID of the original user

If you run some commands repeatedly, you can use the variables $SUDO_UID and $SUDO_GID to refer to the user who invoked sudo:

sudo sh -c "do_something ; chown -R \"\$SUDO_UID:\$SUDO_GID\" files and directories"

Getting the list of created files and directories automatically

If you want to get the list of created (and possibly modified) files and directories automatically you can run your commands under strace surveillance which is based on the ptrace() syscall:

strace -qqfe open,creat,mkdir,link,symlink,mknod -o '|your_processing_of_strace_output' do_something

or you can use for example Installwatch which is based on the LD_PRELOAD mechanism.

Ideas for further work

Based on the methods mentioned above it is possible to create a tool which would automatically change the owner and possibly access rights of the created/modified files. The use could be as simple as:

sudo watch-chown do_something

Related

Is there a way to see all files and registry entries that an application installs?
How can I add a search domain in Windows 7?
removing write permission does not prevent root from writing to the file
Set one background to stretch across multi-monitor display?
How to start Google Chrome with maximized window?
LANG and LANGUAGE environment variable in Debian based systems
How would I validate digital signature for PDFs in linux?
How to convert a multi-page PDF file to PNG files, with one PNG file per page of the PDF document?
Lossless extraction of streams from WebM
How to make Windows 10 BSOD show more details like older versions of Windows
How can I export all email addresses I have sent to from Outlook or any other Email Client?
How to use a Linux system as a land phone