Setting Up a Workgroup Directory

The steps you may use to create a useful workgroup directory for a small team of people are briefly described here. The goals of the directory are as follows:

  • The workgroup is to be called sales and has members jdoe, bsmith, and jbrown.

  • The directory is /home/sales.

  • Only the creators of files in /home/sales should be able to delete them.

  • Members shouldn’t worry about file ownership, and all group members require full access to files.

  • Nonmembers should have no access to any of the files.

The following steps will satisfy the goals:

  1. Create the new group:

    # groupadd sales
  2. Add the existing users to the group:

    # usermod –a -G sales jdoe
    # usermod –a -G sales bsmith
    # usermod –a -G sales jbrown
  3. Create a directory for the group:

    # mkdir /home/sales
  4. Set the ownership of the new directory:

    # chgrp sales /home/sales
  5. Protect the directory from others:

    # chmod 770 /home/sales
  6. Set the SGID bit to ensure that the sales group will own all new files. Also set the sticky bit to protect files from deletion by nonowners:

    # chmod g+s,o+t /home/sales
  7. Test it:

    # su - jdoe
    $ cd /home/sales
    $ touch afile
    $ ls -l afile
    -rw-rw-r--   1 jdoe     sales      0 Jan  3 02:44 afile
    $ exit
    # su - bsmith
    # cd /home/sales
    # rm afile
    rm: cannot unlink 'afile': Operation not permitted

After the ls command, we see that the group ownership is correctly set to sales. After the rm command, we see that bsmith cannot delete afile, which was created by jdoe. We also note that although afile has mode 664, the directory containing ...

Get LPI Linux Certification in a Nutshell, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.