UNIX Group Directory -- Info, Hints and Tips... ------------------------------------------------------------------------------ Read the manpages for "ls" and "chmod" for full information on unix groups. ------------------------------------------------------------------------------ Every file is owned by someone (who created it), belongs to a group (usally the gid of the creator (see note below) ), and has certain access permissions for owner, group, and others A long listing will display this information about a file... :::prompt:::> ls -l -rw------- 1 anthony staff 1598 Jul 29 23:20 my_file drwxr-xr-x 19 anthony staff 1536 Aug 12 14:05 public_html Access to a file or sub-directory is then determined by the permissions of that file. 'ls' permissions You own the file, (you created it) owner permissions determines access -rwx------ The file's group is in your groups list group permissions of the file apply ----rwx--- You nether own or belong to the files group other permissions of the file apply -------rwx All users of the system have a "uid" (login name), "gid" (login/current group) and membership of a "groups" list The "uid" is who you are (name and number) IE: your account login The "gid" is your initial ''login group'' you normally belong to. The "groups" list is the file groups you can access via group permissions To find out about this information you can use the two commands id List your user (login) name and current unix group groups List other unix groups you also belong to When you create a new file or directory the owner is set to you and the group to your current group (usally your ''login group''). Group commands... chgrp Change the group a file belongs to ( only owner can apply ) newgrp Start a shell with a different unix group as the primary group. This group is then used when creating NEW files, UNLESS you are in a directory with the 's' flag set, in which case the group of the directory itself will be used for NEW files. sg Run a command with a specific unix group as its primary group. Also when you create a new file or driectory the permisions is set according to a inverse of a special value called the "umask" (see manpage). umask Command to view and change your current umask. Which turns off the permissions represented when creating NEW files/dirs. Typical values 77 Only you can read/write/access/execute 22 anyone read/access but only you can write 7 only you and group have read/write/access 2 you and group can write, others only read By default your "umask" is set to 77 (some machines use 22) chmod Change the current permission of a file (only owner may apply) Typical values used by the command (for group directories)... chmod 700 directory private directory - only you can use chmod 770 directory group usable directory chmod 775 directory group write, but publically accessable chmod 600 file private data file chmod 660 file group usable (read/write) files chmod 664 file group write and publically readable chmod 700 command executable script of binary (private) chmod 755 command public script (cgi perl script) chmod 711 command public binary (compiled code) stat List a files permissions as a number (as well as other details) This may be better that the "ls" output of permission flags Special Directory Permission flag for UNIX group shared directories.... Normally the 'login group' of the person creating the file sets the group the new file belongs to. However a special flag can be set for a directory so that any file created in that directory will be given the same group as that directory. This is the ''Set-GID'' flag on a directory, and can be set with the command.. chmod g+s directory In a directory listing the group 'x' permsion will then appear as an 's' to show that the directory has this ''Set-GID'' flag set. The 's' flag on directories is only important for shared group directories, so that any NEW file created in the directory will have the correct group. NOTE: This does not apply to an existing file that is 'moved' into the directory. That is the file was not created, just 'moved'. File groups should be checked every so often to ensure thet do have the right group. ------------------------------------------------------------------------------ DIY Guide to creating a UNIX Group Directory... Get root to... create the unix group and membership create the shared group directory set unix group permmsions for that top level directory The rest you can do yourself... Set all files and directories in that directory to belong to that group (the -R is recursive) -- this is usally also done by the super-user. chgrp -R group dir Set top level directory permissions (should be done for you) chmod 775 dir chmod g+s dir Change that 5 to a 0 to disable non-group member access Then if you already have files in that directory you can set the ALL the files and directories permissions using... Make files rw to owner and group (4 become 0 to disable world read)... find dir -type f -print | xargs chmod 664 (now fix any executable file permissions) Then for directories set rwx access for owner and group... (Change that 5 to 0 to disable world read and access) find dir -type d -print | xargs chmod 775 And set the SGID flag for directories (see chmod). WARNING: do NOT do this for files where the SGID flag has a very different meaning!!! This should be automatically done for you by the system. find dir -type d -print | xargs chmod g+s ------------------------------------------------------------------------------