I am in-fact talking about groups in Linux Operating System; just thought the title may be misleading to some.
I write this post to share a thing I learnt, from having to do something, as simple as, allowing another user, have read-write access to my files. This is one of those things, that you will remember for rest of your life, but all you have to do, is to do it once..
I have two users in my computer, one named say User_A and another User_B. Now User_A owns a bunch of ‘Project’ Files that I would love to have access from User_B. User_A may give everyone a rw permission, but that would like firing a cannon to kill a bee. So what is the way.
I plan to take advantage of Groups. Every user in Linux can be part of multiple groups, so here’s what I planted to do:
- Create a new group named project_access. This group will have ownership of all the project files and folders that I want to share.
- I will assign the project_access group to those users, who I want to have access to the Project files.
- And give appropriate permission to the Project files and folders that will make the owner and thoes in the group to have rw, and everyone else, readonly access.
Now as the Project files are owned by User_a, all the following operations are done loged in as that user.
1. Create a new group:
We user the command groupadd.
> groupadd project_access
We can verify if indeed a group was created by viewing the /etc/group file, and searching for the group.
> cat /etc/group|grep project_access project_access:x:1002:
This indicates that the group was created with an ID of 1002.
2. Add my existing users to the group:
The command in this case is usermod
> usermod -aG project_access user_a > usermod -aG project_access user_b
The -aG means simply ‘Append Group’
Then I had to restart the computer. I checked if the commands worked by looking at the /etc/group file once again,
> cat /etc/group|grep project_access project_access:x:1002:user_a,user_b
This shows that, now we have two users assigned to the group project_access.
3. Gave permissions to the Project files and folders:
> chmod 664 demo.py > ll demo.py -rw-rw-r-- 1 user_a user_a 24 Jan 28 21:07 demo.py
The 664 meanes that the owner, and users, in the same group as the file, will have rw access and everyone else has only reading permission.
I am showing this for one of the files in the project, so that the text remains clean on this blog.
All that is left to do now, is to change the group owner for the file. This is done using the command chgrp
> chgrp project_access ./demo.py > ll demo.py -rw-rw-r-- 1 user_a project_access 24 Jan 28 21:07 demo.py
And that is all done. My Project files are shared among the group.
However, there is a restriction, no one except the owner of file or folder can chmod on it. This is obvious, you do not want anyone in the group to chmod & make a file or folder private.
If you want to know more about the commands follow the links.
- groupadd – create a new group
- usermod – modify a user account
- chmod – change file mode bits
- chgrp – change group ownership
- How to change ‘mode bits’ of files recursively?
chmod 664 `find /home/user_a/Projects -type f`
- How to change ‘mode bits’ of directories recursively?
chmod 754 `find /home/user_a/Projects -type d`
664 permission will not work for directories, becasue dirctories need x permission which files dont. Thats the reason I had to do chmod for files and direcories separately. Why this is the case is because the permission bits has different meaning for directories.
- How to change owner group recursively?
chgrp project_access `find /home/user_a/Projects`
This command is same for files and directories, thats why we are specifing type as we did in case of chmod.