Making a directory to be shared between users.

Problem: you want to create a space where several users can work together on the same files.

1) as root make a group that these users will belong to :

>  groupadd newgroup
This command my be different on your system: (man -k group |grep add should tell you what command or you can edit /etc/group see below)
Now : 
> cat /etc/group
Makes sense right. 
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
adm:x:4:root,adm,daemon
tty:x:5:
disk:x:6:root
lp:x:7:daemon,lp
mem:x:8:
kmem:x:9:
...
newgroup:x:506:

2) add users to this new group

The easiest way to add new users to your new group is to add them in a comma separated list to this file. (there are millions of ways of automating this of course, but vi /etc/group is foolproof) so 
 > vi /etc/group
change the last line to : 
newgroup:x:506:user1,user2
You should change the replace user1 and user2 with two actual users on your system who need to share a directory.
Usually when you use a groupadd type command it starts to add teh new groups starting the numbering at 500 and above hence the 506 in my example. This will probably be different on your system.

3) make the directory to be shared either in /home or /usr/local

(you probably still have to bee root to do this) 
> mkdir /home/newgrpshrd

4) change group of this directory

ls -l in the /home directory should show you that this directory belongs to root and group root (this is if your system uses user private groups - let me know if this is not the case and we will discuss what is going on) Anyway, for this example you want the directory /home/newgrpshrd to belong to your new group newgroup : 
> chown :newgroup /home/newgrpshrd  (chown accepts user:group ) or
> chgrp newgroup /home/newgrpshrd

5) change the permissions on this directory

> chmod 775 newgrpshrd

---Test out these permissions----

As each different user you should create files in this directory to answer these questions:
  • what permissions do these files have? (if your files don't return user:user1 group:user1 when you create a new file in this test send me a mail, your distribution isn't set up for user private groups, and the rest of this example may not make sense)
  • what users and groups do they belong to?
  • can you modify files created by the other users in this dir?
  • a
  • or delete the files created by the other users?.

6) the sticky bit.

Become root again and turn on the sticky bit for groups on the /home/newgrpshrd directory 
> chmod 2775 /home/newgrpshrd or 
> chmod g+s /home/newgrpshrd
ls -l /home what does this look like? 
drwxrwsr-x 3 root newgroup  240 Apr 18 12:00 newgrpshrd
see the "s" ?

-----Now test these permissions like you did above----

as each user create a file in this directory.
  • what permissions do these files have?
  • what users and groups do they belong to?
  • can you modify files created by the other users in this dir?
  • or delete the files created by the other users?.
  • can you change the permissions on another users files?

-----Now test further-----

as each user create a subdirectory in /home/newgrpshrd what permissions does it have? user and group? Do you understand why its called the sticky bit now?

---Last question----

what would a user do if he wanted a file in /home/newgrpshrd to be more protected. He wants all the other members of newgroup to be able to read it but not to modify it. or delete it. Test this out. What if this user wanted a whole subdirectory in /home/newgrpshrd where he could create or remove protected files but not change the permissions on them all the time?
Do you understand permissions better?

Copyright Marco Scoffier, released under the GFDL