Ask Doctor Shell ...
This site uses stylesheets and XHTML1.1. You might want to switch to a modern browser like Firefox, Mozilla, or maybe IE6.

My work group needs read/write access to a directory tree ...

This occured in a recent project, where different groups formed a project team, which had to share a directory tree. Team members belonged to different Unix groups as well. How to grant read/write access on the project files to all developers?


Access to the project files includes: reading and writing files as well as creating new subdirectories, which should later be populated by other people.

The simplest solution is to use the set-group-id bit at the directory level:

20#0  Set group	ID on execution	if # is	7, 5,  3, or 1.

      Enable mandatory locking if # is 6,  4,  2, or 0.

      For directories, files are created with BSD
      semantics	 for propagation of the	group ID.
      With this	option,	files and  subdirectories
      created  in the directory	inherit	the group
      ID of the	directory,  rather  than  of  the
      current  process.	For directories, the set-
      gid bit may only be set or cleared by using
      symbolic mode.

This means, that the directory ownership is propagated from the top level to all the lower level directories. It implies that the system turn on the set group id bit for lower level directories as well, but naturally not for plain files.

To turn on the set groupt id bit on directories, you must use symbolic mode, as opposed to absolute mode for plain files, e.g.:

$ ls -ld mydir
drwxr-xr-x   ... mydir
$ chmod g+s mydir
$ ls -ld mydir
drwxr-sr-x   ... mydir

How to setup such a directory structure?

First of all, all team members must share the same Unix group. This need not be any of the existing groups but could as well be a new group, specifically created for this purpose:

groupadd -g 1234 projxyz

where 1234 is the (new and) uniq group id, and projxyz is the unique group name.

Ensure, that every team member is added to the new group - at least (and at best) it should be one of the supplementary groups.

Now create the top level directory:

mkdir project_xyz
chmod 775 project_xyz
chmod g+s project_xyz

There still is a trap: people must create files and directories with an umask 002 to grant other team members read/write access to new objects.

Have fun!

Valid XHTML 1.1! Valid CSS!

@(#) $Id: 0002.shtml,v 1.5 2005/06/24 04:49:45 kdo Exp $