Setting up a Linux server for group write

1st March 2012

Luke Simmons

Developer

We work on projects on remote servers where a number of developers might log in and edit a file. This often results in the file permissions changing, so that they own it, which can cause problems.

A simple solution is for everyone to be a member of the same group, then make it so that, by default, it is that group which is set on a file when someone creates it. We also then want to set the group write flag by default, so that anyone can edit that file.

The steps involved in setting this up on a server are as follows.

– create a new group everyone will share (mygroup)

groupadd mygroup

– create any new users (if required, this can be skipped if you have existing users)

useradd -G mygroup -m myusername passwd myusername

– make the default group for a user to be mygroup so everyone in that group can access the files

usermod -g mygroup myusername

– set the global umask by editing the global bashrc file, which makes all users set the group write flag on newly created files (this will need everyone to log out and in again); you need to open /etc/bashrc with your favourite editor, e.g.

nano /etc/bashrc

On some platforms, the bashrc is located elsewhere, e.g. /etc/bash.bashrc

normally the umask is set as 022 (which is read only for group and others); change to 002, which is read write for owner and group, then read only for others

# By default, we want this to get set. # Even for non-interactive, non-login shells. if [ $UID -gt 99 ] && [ "`id -gn`" = "`id -un`" ]; then umask 0022 else umask 002 fi

Note that for the bashrc function to work, it has to be called from the user's local .bashrc file in their home directory. Most Linux distros do this by default, but it is possible for individuals to remove the include for the global bashrc, which will then mean that group write is not set on files they create. The part in the user's .bashrc file that includes the global bashrc looks like this:

# Source global definitions if [ -f /etc/bashrc ]; then . /etc/bashrc fi

Now, for example, if your shared work is in /var/www/html you'll need to change the group owner on all files in that directory to the new mygroup

chgrp -R mygroup /var/www/html

And you will also want to make sure every file is writable by the group

chmod -R g+w /var/www/html