UNIX Group Directory -- Info, Hints and Tips... ------------------------------------------------------------------------------ Read the manpages for "ls" and "chmod" for full information on unix groups. ------------------------------------------------------------------------------ Every file is owned by someone (who created it), belongs to a group (usally the gid of the creator (see note below) ), and has certain access permissions for owner, group, and others A long listing will display this information about a file... :::prompt:::> ls -l -rw------- 1 anthony staff 1598 Jul 29 23:20 my_file drwxr-xr-x 19 anthony staff 1536 Aug 12 14:05 public_html Access to a file or sub-directory is then determined by the permissions of that file. `ls' permissions You own the file, (you created it) owner permissions determines access -rwx------ The file's group is in your groups list group permissions of the file apply ----rwx--- You nether own or belong to the files group other permissions of the file apply -------rwx All users of the system have a uid (login name), gid (login group) and membership of a "groups" list The "uid" is who you are (name and number) IE: your account login The "gid" is your initial ``login group'' you normally belong to. The "groups" list is the file groups you can access via group permissions To find out about this information you can use the two commands id List your user (login) name and current unix group groups List other unix groups you also belong to When you create a new file or directory the owner is set to you and the group to your current group (usally your ``login group''). Group commands... chgrp change the group a file belongs to ( only owner can apply ) newgrp change your current unix group to one of the others you have access to. This group is then used when creating NEW files, UNLESS you are in a directory with the `s' flag set, in which case the group of the directory itself will be used for NEW files. Also when you create a new file or driectory the permisions is set according to a inverse of a special value called the "umask" (see manpage). umask Command to view and change your current umask. Which turns off the permissions represented when creating NEW files/dirs. Typical values 77 Only you can read/write/access/execute 22 anyone read/access but only you can write 7 only you and group have read/write/access 2 you and group can write, others only read By default you "umask" is set to 77. chmod Change the current permission of a file (only owner may apply) Typical values used by the command (for group directories)... chmod 700 directory private directory - only you can use chmod 770 directory group usable directory chmod 775 directory group write, but publically accessable chmod 600 file private data file chmod 660 file group usable (read/write) files chmod 664 file group write and publically readable chmod 700 command executable script of binary (private) chmod 775 command public script (cgi perl script) chmod 711 command public binary (compiled code) Special Directory Permission flag for UNIX group shared directories.... Normally the `login group' of the person creating the file sets the group the new file belongs to. However a special flag can be set for a directory so that any file created in that directory will be given the same group as that directory. This is the ``Set-GID'' flag on a directory, and can be set with the command.. chmod g+s directory In a directory listing the group `x' permsion will then appear as an `s' to show that the directory has this ``Set-GID'' flag set. The `s' flag on directories is only important for shared group directories, so that any NEW file created in the directory will have the correct group. NOTE: this does not apply to a existing files "moved" into the directory. ------------------------------------------------------------------------------ DIY Guide to creating a UNIX Group Directory... Get root to... create the unix group and membership -- DONE create directory if you can't create it (like in /www/teaching) The rest you can do yourself (if owner of files/directories)... Set all files and directories in that directory to belong to that group (the -R is recursive) -- this is usally also done by the super-user. chgrp -R group dir Set top level directory permissions chmod 775 dir chmod g+s dir Change that 5 to a 0 to disable non-group member access Then if you already have files in that directory you can set the rest of the file and directory permissions as follows... Make files rw to owner and group (4 become 0 to disable world read)... find dir -type f -print | xargs chmod 664 Then for directories set rwx access for owner and group... (Change that 5 to 0 to disable world read and access) find dir -type d -print | xargs chmod 775 And set the `SGID' flag for directories (see chmod). WARNING: do NOT do this for files where the SGID flag has a very different meaning!!! find dir -type d -print | xargs chmod g+s ------------------------------------------------------------------------------