We will use /opt/projects as our shared folder where all code will be developed. The /opt directory is appropriate for optional software and shared resources.
Let's create the directory /opt/projects where our code will be stored:
sudo mkdir /opt/projectsWe’ll create a group named devs that all users who need access to the code folder will be added to. This allows us to manage access via group-based permissions:
sudo groupadd devsNext, we’ll change the group ownership of the /opt/projects directory to the devs group:
sudo chown :devs /opt/projectsWe want to ensure that all files and subdirectories within /opt/projects are accessible to our devs group and that any new files or directories inherit the correct group ownership. We achieve this by setting the following permissions:
sudo chmod 2775 /opt/projects- The
2in2775ensures that any new files and directories inherit thedevsgroup ownership. - The
775ensures that the owner and group members have read, write, and execute permissions, while others have only read and execute permissions.
To further ensure that files created by different users within this directory automatically have the correct group, we can set the SGID (Set Group ID) on the directory:
sudo chmod g+s /opt/projectsThis command ensures that all new files created within /opt/projects inherit the devs group, which helps maintain consistent permissions.
For each user that needs access to the shared folder, we add them to the devs group:
sudo usermod -aG devs usernameReplace username with the actual username of each user who needs access.
Improvement: Verifying Group Membership After adding users to the group, it’s a good idea to check that they have been successfully added:
groups usernameThis command shows all the groups a user belongs to and helps us verify that devs is listed.
We now verify the setup by logging in as a different user and ensuring they can access and create files in /opt/projects. This can be done as follows:
- Switch to a user in the
devsgroup:su - username
- Navigate to the shared directory and try creating a file:
cd /opt/projects touch testfile
To ensure all files and directories created by users have the correct permissions, we can set a umask value in the users' shell configuration (~/.bashrc or /etc/profile).
Adding the following line sets a umask of 002 which ensures group-write permission is maintained:
umask 002For even finer control over permissions, we can enable and use Access Control Lists (ACLs). ACLs allow us to specify permissions for individual users or groups beyond the standard Unix permissions.
For example, we could give specific permissions to another group or user like so:
sudo setfacl -m g:othergroup:rwx /opt/projectsThis would give othergroup full access to the /opt/projects directory.
Finally, we should regularly monitor access and maintain backups of /opt/projects to ensure the integrity and availability of our code.
These steps provide a robust and flexible setup for managing a shared code folder on our Ubuntu VPS. By carefully configuring group ownership, permissions, and additional security measures like umask and ACLs, we ensure that all users can collaborate effectively while maintaining the security and integrity of our codebase.