share directory with different users on a workstation on linux/bsd
https://stackoverflow.com/questions/4599677
-
15-10-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm setting up a development workstation that used to have only one shared account to have an account for each developer that may be using it.
We commonly switch workstations. I would like to have certain directories "shared" by all users in a transparent manner.
I created /usr/local/share/workspace and /usr/local/share/rvm directories, which are symlinked to ~/workspace and ~/.rvm.
Subdirectories/files that are created within the directory should also be writable by all developers by default (without having to use sudo). I also would prefer not to set the directory to be world writable, since ruby gives me a warning because the rvm directory is on the path (I don't care about the security implications however).
How do I do this? Are there any resources that outline good practices?
Solution
If you want to share the directory on a single workstation, put all relevant users in a group (see man addgroup, and /etc/group), then run "chgrp -R yourgroup yourdir" on your directory trees. To give write permissions, run "chmod -R g+w yourdir".
If you want to share it between different computers, you can use NFS. See for instance this HOWTO.
OTHER TIPS
I'm assuming that /usr/local/share/workspace and all contained files/directories are owned by a group that all of the users are in. If that's true, then all you need to do is apply the setgid and group execute bits to every directory, and also set the group write bit on every file and directory:
find /usr/local/share/workspace -type d -exec chmod +s {} \;
chmod -R g+wX /usr/local/share/workspace
The setgid bit, when applied to directories, means that:
- All files and directories created in the directory will have their group ownership defaulted to the owner of the directory.
- All directories created in the directory will also have their setgid bit set, so that this is effective for new directories as well. (In other words, this bit gets applied recursively to new directories automatically.)
Users will also need to supply a umask that permits write access to other group members. So they should put something like umask 002 in their ~/.profile. If they don't, then any files or directories that they create may not be writable by other group members.
