June 10, 2009

Unix shared directory permissions: GUID and umask

Posted in Software at 20:11 by Graham King

I setup my Mercurial repository in the same way we used to do CVS, then SVN: A directory owned by a group, with the GUID bit, and all users who need to commit are in that group.

The steps are, create the group and add relevant users to it:


    sudo groupadd topsecretgroup
    sudo usermod -a -G topsecretgroup graham

Change the project directory to be owned by that group, and accessible by no-one else:


    cd topsecretproject/
    sudo chown graham:topsecretgroup -R .
    sudo chmod g=u,o= -R .  

Set the GUID bit on all the directories, so that new files and directories are created owned by the group:


    find . -type d | sudo xargs chmod g+s

Change the umask for everyone, so that new files are created with read and write permissions for the group:


    sudo vi /etc/profile
    change 'umask 022' to 'umask 002'

The last part, changing the umask, isn’t ideal. It works on Debian and Ubuntu, because every user has their own group. I would rather a more focused solution, just for that directory – suggestions welcome.

References:

Mercurial and permissions
Multiple Committers
Change Ubuntu global umask
Collaboration models

1 Comment »

  1. software development said,

    October 20, 2009 at 16:03

    Quite inspiring,

    This is some really helpful advice, thanks for sharing

    Keep up the good work

    http://www.geeks.ltd.uk/

Leave a Comment

Note: Your comment will only appear on the site once I approve it manually. This can take a day or two. Thanks for taking the time to comment.