Labs

By Luke Simmons | 1st March 2012

Setting up a Linux server for group write

We work on projects on remote servers where a number of developers might log in and edit a file. This often results in the file permissions changing, so that they own it, which can cause problems.

A simple solution is for everyone to be a member of the same group, then make it so that, by default, it is that group which is set on a file when someone creates it. We also then want to set the group write flag by default, so that anyone can edit that file.

The steps involved in setting this up on a server are as follows.

– create a new group everyone will share (mygroup)

	groupadd mygroup

– create any new users (if required, this can be skipped if you have existing users)

	useradd -G mygroup -m myusername
	passwd myusername

– make the default group for a user to be mygroup so everyone in that group can access the files

	usermod -g mygroup myusername

– set the global umask by editing the global bashrc file, which makes all users set the group write flag on newly created files (this will need everyone to log out and in again); you need to open /etc/bashrc with your favourite editor, e.g. 

	nano /etc/bashrc

normally the umask is set as 022 (which is read only for group and others); change to 002, which is read write for owner and group, then read only for others 

# By default, we want this to get set.
# Even for non-interactive, non-login shells.
if [ $UID -gt 99 ] && [ "`id -gn`" = "`id -un`" ]; then
    umask 002
else
    umask 002
fi

Note that for the bashrc function to work, it has to be called from the user's local .bashrc file in their home directory. Most Linux distros do this by default, but it is possible for individuals to remove the include for the global bashrc, which will then mean that group write is not set on files they create. The part in the user's .bashrc file that includes the global bashrc looks like this: 

# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi

Now, for example, if your shared work is in /var/www/html you'll need to change the group owner on all files in that directory to the new mygroup 

	chgrp -R mygroup /var/www/html

And you will also want to make sure every file is writable by the group 

	chmod -R g+w /var/www/html

Comments

mattl
mattl

This was super useful, thank you. I've been looking for an easy explanation for a while and this was just what I needed. Thanks for sharing.

Add new comment