2

To allow write access to a specific group, shared files/folders can be made writeable by default for everyone in this group and the owning group can be automatically fixed to the group which owns the parent directory by setting the setgid bit on this directory:

chmod g+s our_shared_directory

Otherwise the file creator's default group (usually the same as the user name) is used.

The above quote is from Arch Linux Wiki. It is not clear to me how to make shared files and folders. Say user A and B both belong to a common group G. Now how do I create our_shared_directory such that by default everyone in G has write permission?

Second, why do I need setgid on our_shared_directory? Why do I need to make the owning group fixed to group of the parent directory of our_shared_directory?

Community
  • 1
Rich
  • 195
  • 1
  • 5
  • I suspect the phrase *shared files and folders* has no technical meaning, its not like there is a command `makefileshared `. I think its meant in a practical context. i.e. files that are used by all users, e.g. documentation files. – the_velour_fog Feb 29 '16 at 07:34

1 Answers1

3

If you want to share control of a folder between

  • user a
  • user b

Create the users

 % sudo adduser a
Adding user `a' ...
Adding new group `a' (1002) ...
Adding new user `a' (1001) with group `a' ...
Creating home directory `/home/a' ...
Copying files from `/etc/skel' ...
Enter new UNIX password: 
Retype new UNIX password: 
....

and

% sudo adduser b
Adding user `b' ...

Make a directory

% mkdir our_shared_directory

Create a new group and add the users to it

 % sudo addgroup cool_kids
Adding group `cool_kids' (GID 1001) ...
Done.
 % sudo adduser a cool_kids            
Adding user `a' to group `cool_kids' ...
Adding user a to group cool_kids
Done.
% sudo adduser b cool_kids
....

Make the directory belong to the cool_kids group and setgid bit

sudo chmod g+s our_shared_directory
sudo chown -v ubuntu:cool_kids our_shared_directory

check our work

ls -al
drwxrwsr-x 2 ubuntu cool_kids  40 Feb 29 20:37 our_shared_directory/
      ^ setgid bit is set and group is now "sticky"

Look what happens when a file is made by user a in a normal directory

% touch file_made_by_user_a
% ls -al
-rw-rw-r-- 1 a      a           0 Feb 29 20:57 file_made_by_a

now user a create a file in our_shared_directory

% cd our_shared_directory/
% ls -al
-rw-rw-r-- 1 a      cool_kids  0 Feb 29 20:59 another_by_a
                     ^^^^^^ note the group

Important

  1. The cool_kids group automatically applied to the new file

Now switch to user b

% su b
Password: ...

b can now edit the file made by a - because the another_by_a file has default mode of -rw-rw-r-- ,b could not normally edit it.
But with 

b% vim another_by_a
^ note this means we are user "b"   now  
[make some edit and save]

b was able to modify the file **because b belonged to the group cool_kids and because cool_kids was guaranteed to be applied to the new file by the setgid bit

ls -al
-rw-rw-r-- 1 a      cool_kids  7 Feb 29 21:03 another_by_a
                               ^ the file is 7bytes - slightly bigger because of changes made by b
the_velour_fog
  • 11,840
  • 16
  • 64
  • 109
  • Thanks for the example, but for me, any new directories or files under the `setgid` directory do *not* have group write permissions. However, in your example, both files and directories do. Are you sure you're not using ACLs or masks here? – rjcarr May 29 '20 at 18:05