Configuring Group Access to Directories

Set a user's primary group to be different to their user private group (UPG), and grant access to files owned by the group.

A user whose primary group is a UPG has a umask of 0002. No other user has the same group.

Users whose primary group isn't a UPG have a umask of 0022 set by /etc/profile or /etc/bashrc, which prevents other users, including other members of the primary group, from changing any file that the user owns.

To grant users in the same group write access to files within the same directory, change the group ownership on the directory to the group, and set the setgid bit on the directory:

sudo chgrp groupname directory
sudo chmod g+s directory

Files that are created in such a directory have their group set to that of the directory rather than the primary group of the user who creates the file.

The restricted deletion bit prevents unprivileged users from removing or renaming a file in the directory unless they own either the file or the directory. To set the restricted deletion bit on a directory, use the following command:

sudo chmod a+t directory    

For more information, see the chmod(1) manual page.