The steps you may use to create a useful workgroup directory for a small team of people are briefly described here. The goals of the directory are as follows:
The workgroup is to be called sales
and has members jdoe
, bsmith
, and jbrown
.
The directory is /home/sales.
Only the creators of files in /home/sales should be able to delete them.
Members shouldn't worry about file ownership, and all group members require full access to files.
Nonmembers should have no access to any of the files.
The following steps will satisfy the goals:
Create the new group:
# groupadd sales
Add the existing users to the group:
#usermod -G sales jdoe
#usermod -G sales bsmith
#usermod -G sales jbrown
Create a directory for the group:
# mkdir /home/sales
Set the ownership of the new directory:
# chgrp sales /home/sales
Protect the directory from others:
# chmod 770 /home/sales
Set the SGID bit to ensure that the sales
group will own all new files. Also set the sticky bit to protect files from deletion by non-owners:
# chmod g+s,o+t /home/sales
Test it:
#su - jdoe
$cd /home/sales
$touch afile
$ls -l afile
-rw-rw-r-- 1 jdoe sales 0 Jan 3 02:44 afile $exit
#su - bsmith
#cd /home/sales
#rm afile
rm: cannot unlink 'afile': Operation not permitted
After the ls command, we see that the group ownership is correctly set to sales
. After the rm command, we see that bsmith
cannot delete afile, which was created by jdoe
. We also note that although afile has mode 664, the directory containing it has mode 770, preventing other users from reading the file.