MUKU OWNERS

Creating a User Group and Shared Directory

Creating a User Group and Shared Directory

 To understand this article you should to be familiar with Linux adva-
nced file permissions, otherwise go throw bellow link before following
this article.
Advanced File Permissions

My Obejective: 
 I have a folder which I want to share with "rw" permissions for a
selected group of users. Lets say the folder is /home/project and I
want to share it with the group development. What I want is not only
having users accessing files in /home/project with rw access, but also
to ensure that all files created in /home/project will have ownership
username:development and permissions -rw-rw-r--.

 Sharing a directory among users in same group is one of the essential
tasks.To let a group of users work on a set of files without infringing
on security, youll have to do this:

1.Create a common group for these users in /etc/group

# groupadd development
check group created or not
# tail -1 /etc/group
development:x:501:

2.Add user project administrator (padmin) and setup password

# useradd -g development -d /home/project -c "Project Admin" 
-m padmin
# tail -1 /etc/passwd
padmin:x:501:501:Project Admin:/home/project:/bin/bash
#passwd padmin

3.Create separate user accounts for the rest of users but specify the
 same home directory.

# useradd -d /home/project/ -g development user1
# passwd user1
 Add another user:
# useradd -d /home/project/ -g development user2
# passwd user2

Create as many user accounts as you want.

4.Make sure the home directory and all subdirectories are not owned by
 any of the users. Use chown to surrender ownership to padmin.

# chown padmin:development /home/project/
# ls -ld /home/project/
drwxrwxr-x 18 padmin development 4096 Mar 28 16:18 /home/project/

5.Make the directories group-writable and set their SGID and Sticky
 Bits with chmod 3775 (1 for sticky and 2 for SGID).

# chmod -R 3775 /home/project/
# ls -ld /home/project/
drwxrwsr-t 18 padmin development 4096 Mar 28 18:22 /home/project/

 In this scenario, every user of the group has write permission on the
directory and can create files and directories, but can only delete
those he owns. SGID bit ensures that all files created in
/home/project will have ownership username:development and Sticky bit
ensures that only owner can delete files those he owns

 Note that setting the SGID permission on a directory only affects the
groupID of new files and subdirectories created after the SGID bit is
set, and is not applied to existing entities. Setting the setgid bit
on existing subdirectories must be done manually.

Can You Inherit File Permissions?

 When you create a file or directories under a directory the default
permission for them will be determined by your umask, files or
directories wont inherit parent directory permissions, only SGID bit
inherited by newly created directories under it. So even your shared
directory has group writable, you cant edit other users files.

Login as user1 and create a temp file.

# su – user1
$ touch temp ; ls -l temp
-rw-r--r-- 1 user1 development 0 Mar 28 18:54 temp

Now logins as user2 and try to edit temp file.

# su - user2
$ cat > temp
-bash: temp: Permission denied

 There is no way to inherit permissions from a directory, its contro-
lled by the processs umask. But there is a way to make file permissi-
ons group writable when it is created.Add umask 002 command to .bashrc
file if it exist, otherwise create it and add the command.

# su - padmin
$ ls -l .bashrc
-rwxrwsr-t 1 padmin development 124 Mar 28 13:05 .bashrc
$ cat >> .bashrc
umask 002
Ctrl+d

Now login as user1 and create a temp file.

# su - user1
$ touch temp ; ls -l temp
-rw-rw-r-- 1 user1 development 0 Mar 28 19:38 temp

File created with default group writable permissions.

Note: Inform already logged in users to logout and login again.

  Have you thought about using ACLs? They will give you much finer
grained control over the permissions you can set on files and directo-
ries. ACLs will also allow you to set a default mask for any given
directory.

 To know more about ACLs(Access Control Lists) Google it as Linux acls
 or wait for my next article.

Available link for download

Posted by Unknown at 5:31 AM

Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest

Labels: a, and, creating, directory, group, shared, user