User Tools

Site Tools


linux:groups-how-to

Create Groups and Share Directories

Date: Tue Sep 11 14:10:55 EDT 2018

Updated: Mon Sep 24 15:26:25 EDT 2018

Demo Notes: The "user" and the group in the commands below should indicate a real user and a real group on the machine.

Creating a new user and a new group

First, let's created a new user on the system:

$ sudo useradd -m captkirk

And then create a password for the new user:

$ sudo passwd captkirk

Now let's create a new group on our system:

$ sudo groupadd warp_project1

Let's add myself and user 'captkirk' to the new group:

$ sudo usermod -aG warp_project1 sean

And:

$ sudo usermod -aG warp_project1 captkirk

Log out and log back in for the new membership in the group to take effect. To check that you're in the new group, simply run the groups command:

$ groups

Creating a shared directory, based on group membership

Here I'll demonstrate how to create a shared directory using the setgid bit when controlling file permissions.

First, let me make a directory for sharing. I'll make one at the root directory:

$ cd / ; sudo mkdir shared ; ls -ld shared/

Now I'll change the ownership of the directory:

$ sudo chown user:group shared/

I next need to change the directory's permissions using chmod. Note that in previous chmod commands, I only used three numbers (e.g., 775). But here I'm adding a new number. The new number, located in the first position, indicates the setuid, setgid, or the sticky bit permissions, and like the others, is modified by either setting that first position to 4, 2, or 1, respectively, or summing up some combination of them.

$ sudo chmod -R 2775 shared/

The ugo (user, group, other) positions always need to be stated when using chmod, but the setuid, setgid, and sticky bit are optional. I've added the -R here, which means to act recursively on all sub-directories and files in those sub-directories, if they already exist. It's not necessary to use the recursive option if there are no preexisting such sub-directories and files, and any new files and directories created in shared/ will automatically have the proper group ownership.

Things to note: the setuid (4) bit only applies to files. The setgid (2) bit applies to both files and directories. The sticky bit (1) applies only to directories. Setting the setgid bit on, by adding a 2 as the first bit in the chmod command above, means that we are enabling group ownership on that directory and all files in it.

Once the directory is created and the setgid is set, then anyone in the named group may be able to share and modify files in that directory.

Here's a link to a nice discussion of setuid, setgid, and also of the sticky bit.

linux/groups-how-to.txt · Last modified: 2019/01/21 11:07 by seanburns