How can we do it? We use an ingenious feature of the Unix family of operating systems. Unix lets us create ``groups'' of users who can share the work of maintaining a file or a directory full of files.
Each file on a Unix (including Debian GNU/Linux) system is owned by a user. That's usually the person who created the file. And it is also owned by some group.
If you own a file, you can adjust its permissions so that only you can change it, or everybody in the group who owns it can change it. And if you are a member of a group, you can transfer group ownership of that file to that group. If you tell me, when we start your account, that you expect to be part of a development team, I will set this all up for you and you won't even have to know how it works. (WinSCP2 users, take note. You have to adjust WinSCP2's default file creation settings. Otherwise, it will override the unix defaults and lock your team-mates out. Turn on the group-write bit.) The following examples are for the folks who like to peek under the hood.
There is
a group named alameda, and
its members are robmarsh,
martini,
and mrochmes.
Mrochmes creates a file index.htm
,
but decides robmarsh will make changes to it.
Mrochmes has to do two things:
So mrochmes brings up his trusty Secure Shell and logs into Petra-k, and types the following commands. Petra-k's responses are shown in green:
~$ cd /w/cal/alameda
/w/cal/alameda$ chgrp alameda index.htm
/w/cal/alameda$ chmod g+w index.htm
While he is there he emails robmarsh.
/w/cal/alameda$ mailx robmarsh
Subject: sharing the frameset
Hey Rob, guess what! You can fix up /w/cal/alameda/index.htm now!
Isn't that wonderful?
.
Cc: martini mrochmes
/w/cal/alameda$
Our friend mrochmes logs in once more.
~$ cd /w/cal/alameda
/w/cal/alameda$ chgrp alameda .
/w/cal/alameda$ chmod 2775 .
/w/cal/alameda$ ls -ld .
drwxrwsr-x 3 mrochmes alameda 3072 Dec 17 20:50
.
/w/cal/alameda$
What the heck was that?!
He changed the ``modes'' (permissions) of the directory, using a numeric
value because there is no mnemonic for what he wanted to do. The dot
(.
) is the name of the current directory.
The 2
sets a special permission flag on the
directory that says ``any files created here will be
group-owned by the
group that owns this directory.''
This obscure Unix feature is called ``sticky directory mode.''
Notice the ``s
''
in the permission string produced by the ls
command.
The 775
, when it is applied to a directory,
says ``anybody in the group that owns this
directory can see, write, and search this directory, but everybody
outside this group can only see and search it.''