Thursday, February 12, 2009

inheriting correct group ownership on home linux server

Directory Set Group ID

If the setgid bit on a directory entry is set, files in that directory will have the group ownership as the directory, instead of than the group of the user that created the file.

This attribute is helpful when several users need access to certain files. If the users work in a directory with the setgid attribute set then any files created in the directory by any of the users will have the permission of the group. For example, the administrator can create a group called spcprj and add the users Kathy and Mark to the group spcprj. The directory spcprjdir can be created with the set GID bit set and Kathy and Mark although in different primary groups can work in the directory and have full access to all files in that directory, but still not be able to access files in each other's primary group.

The following command will set the GID bit on a directory:
chmod g+s ictadmin
recursive:
chmod -R g+s ictadmin
The directory listing of the directory "spcprjdir":
drwxrwsr-x 2 kathy spcprj 1674 Sep 17 1999 spcprjdir
The "s'' in place of the execute bit in the group permissions causes all files written to the directory "spcprjdir" to belong to the group "spcprj" .

For the shared directories to work files created must be group as well as owner writeable. The default umask setting, which define the permissions on a users newly created files, need changing from 022 to 002. In  more recent versions of Ubuntu this is set in the UMASK section of /etc/login.defs

No comments: