Skip to main content

Setting Up a Workgroup Directory in Linux

The following procedure may be useful to create workgroup folder for a team of people.

The workgroup name is HR and has some members cbing, mgeller, rgreen
The folder is /data/hr
Only the creators of files in /data/hr folder should be able to delete them.
Members shouldn't worry about file ownership, and all members of the group need full access to files.
Non-members should not have access to any of the files.

The followings will match the requirements written above:

Create the hr group:
# groupadd hr

Create the users:
# useradd -G hr cbing
# useradd -G hr mgeller
# useradd -G hr rgreen

Create /data/hr folder for the group:
# mkdir -p /data/hr

Set the group ownership of the /data/hr folder:
# chown :hr /data/hr

Protect the folder from non-members:
# chmod 770 /data/hr 

SGID bit should be set to ensure that the hr group will have ownership of all newly created files, and also the sticky bit should be set to protect files from deletion by non-owners:
# chmod g+s,o+t /data/hr

Now we can test what we have done:
# su - cbing
$ cd /data/hr
$ touch test_file
$ ls -l test_file
-rw-rw-r-- 1 cbing hr 0 Mar 13 14:21 test_file
$ exit
# su - mgeller
$ cd /data/hr
$ rm test_file
rm: cannot remove 'test_file': Operation not permitted

After the ls command, we can see that the group ownership is set to hr. After the rm command, we can see that mgeller can not delete test_file, which was created by cbing. We also note that although test_file has mode 664 and the folder containing it has mode 770, preventing other users from reading test_file.

Comments

Popular posts from this blog

Sending Jboss Server Logs to Logstash Using Filebeat with Multiline Support

In addition to sending system logs to logstash, it is possible to add a prospector section to the filebeat.yml for jboss server logs. Sometimes jboss server.log has single events made up from several lines of messages. In such cases Filebeat should be configured for a multiline prospector. Filebeat takes lines do not start with a date pattern (look at pattern in the multiline section "^[[:digit:]]{4}-[[:digit:]]{2}-[[:digit:]]{2}" and negate section is set to true ) and combines them with the previous line that starts with a date pattern. server.log file excerpt where DatePattern: yyyy-MM-dd-HH and ConversionPattern: %d %-5p [%c] %m%n Logstash filter:

Creating Multiple VLANs over Bonding Interfaces with Proper Routing on a Centos Linux Host

In this post, I am going to explain configuring multiple VLANs on a bond interface. First and foremost, I would like to describe the environment and give details of the infrastructure. The server has 4 Ethernet links to a layer 3 switch with names: enp3s0f0, enp3s0f1, enp4s0f0, enp4s0f1 There are two bond interfaces both configured as active-backup bond0, bond1 enp4s0f0 and enp4s0f1 interfaces are bonded as bond0. Bond0 is for making ssh connections and management only so corresponding switch ports are not configured in trunk mode. enp3s0f0 and enp3s0f1 interfaces are bonded as bond1. Bond1 is for data and corresponding switch ports are configured in trunk mode. Bond0 is the default gateway for the server and has IP address 10.1.10.11 Bond1 has three subinterfaces with VLAN 4, 36, 41. IP addresses are 10.1.3.11, 10.1.35.11, 10.1.40.11 respectively. Proper communication with other servers on the network we should use routing tables. There are three