The following procedure may be useful to create workgroup folder for a team of people.
The workgroup name is HR and has some members cbing, mgeller, rgreen
The folder is /data/hr
Only the creators of files in /data/hr folder should be able to delete them.
Members shouldn't worry about file ownership, and all members of the group need full access to files.
Non-members should not have access to any of the files.
Create the hr group:
# groupadd hr
Create the users:
# useradd -G hr cbing
# useradd -G hr mgeller
# useradd -G hr rgreen
Create /data/hr folder for the group:
# mkdir -p /data/hr
Set the group ownership of the /data/hr folder:
# chown :hr /data/hr
Protect the folder from non-members:
# chmod 770 /data/hr
SGID bit should be set to ensure that the hr group will have ownership of all newly created files, and also the sticky bit should be set to protect files from deletion by non-owners:
# chmod g+s,o+t /data/hr
Now we can test what we have done:
# su - cbing
$ cd /data/hr
$ touch test_file
$ ls -l test_file
-rw-rw-r-- 1 cbing hr 0 Mar 13 14:21 test_file
$ exit
# su - mgeller
$ cd /data/hr
$ rm test_file
rm: cannot remove 'test_file': Operation not permitted
After the ls command, we can see that the group ownership is set to hr. After the rm command, we can see that mgeller can not delete test_file, which was created by cbing. We also note that although test_file has mode 664 and the folder containing it has mode 770, preventing other users from reading test_file.
Comments
Post a Comment