Skip to main content

Setting Up a Workgroup Directory in Linux

The following procedure may be useful to create workgroup folder for a team of people.

The workgroup name is HR and has some members cbing, mgeller, rgreen
The folder is /data/hr
Only the creators of files in /data/hr folder should be able to delete them.
Members shouldn't worry about file ownership, and all members of the group need full access to files.
Non-members should not have access to any of the files.

The followings will match the requirements written above:

Create the hr group:
# groupadd hr

Create the users:
# useradd -G hr cbing
# useradd -G hr mgeller
# useradd -G hr rgreen

Create /data/hr folder for the group:
# mkdir -p /data/hr

Set the group ownership of the /data/hr folder:
# chown :hr /data/hr

Protect the folder from non-members:
# chmod 770 /data/hr 

SGID bit should be set to ensure that the hr group will have ownership of all newly created files, and also the sticky bit should be set to protect files from deletion by non-owners:
# chmod g+s,o+t /data/hr

Now we can test what we have done:
# su - cbing
$ cd /data/hr
$ touch test_file
$ ls -l test_file
-rw-rw-r-- 1 cbing hr 0 Mar 13 14:21 test_file
$ exit
# su - mgeller
$ cd /data/hr
$ rm test_file
rm: cannot remove 'test_file': Operation not permitted

After the ls command, we can see that the group ownership is set to hr. After the rm command, we can see that mgeller can not delete test_file, which was created by cbing. We also note that although test_file has mode 664 and the folder containing it has mode 770, preventing other users from reading test_file.

Etiketler:

Comments

Post a Comment

Popular posts from this blog

Creating Multiple VLANs over Bonding Interfaces with Proper Routing on a Centos Linux Host

In this post, I am going to explain configuring multiple VLANs on a bond interface. First and foremost, I would like to describe the environment and give details of the infrastructure. The server has 4 Ethernet links to a layer 3 switch with names: enp3s0f0, enp3s0f1, enp4s0f0, enp4s0f1 There are two bond interfaces both configured as active-backup bond0, bond1 enp4s0f0 and enp4s0f1 interfaces are bonded as bond0. Bond0 is for making ssh connections and management only so corresponding switch ports are not configured in trunk mode. enp3s0f0 and enp3s0f1 interfaces are bonded as bond1. Bond1 is for data and corresponding switch ports are configured in trunk mode. Bond0 is the default gateway for the server and has IP address 10.1.10.11 Bond1 has three subinterfaces with VLAN 4, 36, 41. IP addresses are 10.1.3.11, 10.1.35.11, 10.1.40.11 respectively. Proper communication with other servers on the network we should use routing tables. There are three
Post a Comment
Read more

3 Node (Master Slave Slave) Redis Cluster with Sentinel

It is possible to make your Redis cluster Fault Tolerant and Highly Available by building a replica set and then monitor these nodes using sentinel for automatic failover. I am going to give an example setup to explain it. The structure is built with three nodes running one as a master and two as slaves. Master Node: (Centos 7.2) 192.168.1.11 Slave1 Node: (Centos 7.2) 192.168.1.12 Slave2 Node: (Centos 7.2) 192.168.1.13 Edit System settings on each node: /etc/sysctl.conf Disable transparent hugepage (transparent_hugepage=never) on each node: /etc/default/grub Apply grub config and reboot each node: Master Node: /etc/redis/6379.conf Slave1 Node: /etc/redis/6379.conf Slave2 Node: /etc/redis/6379.conf Master Node: /etc/redis/sentinel.conf Slave1 Node: /etc/redis/sentinel.conf Slave2 Node: /etc/redis/sentinel.conf Each Node: /etc/systemd/system/multi-user.target.wants/redis-server.service Each Node: /etc/
1 comment
Read more