User Tools

Site Tools


linux:groups-how-to

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

linux:groups-how-to [2019/01/21 11:07] (current)
seanburns created
Line 1: Line 1:
 +<​markdown>​
 +# Create Groups and Share Directories
 +## Date: Tue Sep 11 14:10:55 EDT 2018
 +## Updated: Mon Sep 24 15:26:25 EDT 2018
  
 +**Demo Notes:** The "​user"​ and the *group* in the commands below should ​
 +indicate a real user and a real group on the machine.
 +
 +## Creating a new user and a new group
 +
 +First, let's created a new user on the system:
 +
 +``$ sudo useradd -m captkirk``
 +
 +And then create a password for the new user:
 +
 +``$ sudo passwd captkirk``
 +
 +Now let's create a new group on our system:
 +
 +``$ sudo groupadd warp_project1``
 +
 +Let's add myself and user '​captkirk'​ to the new group:
 +
 +``$ sudo usermod -aG warp_project1 sean``
 +
 +And:
 +
 +``$ sudo usermod -aG warp_project1 captkirk``
 +
 +Log out and log back in for the new membership in the group 
 +to take effect. To check that you're in the new group, ​
 +simply run the *groups* command:
 +
 +``$ groups``
 +
 +## Creating a shared directory, based on group membership
 +
 +Here I'll demonstrate how to create a shared directory using the *setgid* bit 
 +when controlling file permissions.
 +
 +First, let me make a directory for sharing. I'll make one at the root 
 +directory:
 +
 +``$ cd / ; sudo mkdir shared ; ls -ld shared/``
 +
 +Now I'll change the ownership of the directory:
 +
 +``$ sudo chown user:group shared/``
 +
 +I next need to change the directory'​s permissions using *chmod*. Note that in 
 +previous *chmod* commands, I only used three numbers (e.g., 775). But here I'​m ​
 +adding a new number. The new number, located in the first position, indicates ​
 +the *setuid*, *setgid*, or the sticky bit permissions,​ and like the others, is 
 +modified by either setting that first position to 4, 2, or 1, respectively,​ or 
 +summing up some combination of them.
 +
 +``$ sudo chmod -R 2775 shared/``
 +
 +The *ugo* (user, group, other) positions always need to be stated when using 
 +*chmod*, but the setuid, setgid, and sticky bit are optional. I've added the 
 +*-R* here, which means to act recursively on all sub-directories and files in 
 +those sub-directories,​ if they already exist. It's not necessary to use the 
 +recursive option if there are no preexisting such sub-directories and files, ​
 +and any new files and directories created in **shared/** will automatically ​
 +have the proper group ownership.
 +
 +Things to note: the *setuid* (4) bit only applies to files. The *setgid* (2) 
 +bit applies to both files and directories. The sticky bit (1) applies only to 
 +directories. Setting the *setgid* bit on, by adding a 2 as the first bit in the 
 +*chmod* command above, means that we are enabling group ownership on that 
 +directory and all files in it.
 +
 +Once the directory is created and the setgid is set, then anyone in the named 
 +group may be able to share and modify files in that directory.
 +
 +Here's a link to a [nice discussion of *setuid*, *setgid*, and also of
 +the sticky bit][1].
 +
 +[1]:​https://​linuxconfig.org/​how-to-use-special-permissions-the-setuid-setgid-and-sticky-bits
 +</​markdown>​
linux/groups-how-to.txt ยท Last modified: 2019/01/21 11:07 by seanburns