You can use UNIX groups to share files with a small number of University of Delaware users. Each person who uses the central UNIX servers is associated with a list containing at least one group, and each file or directory on the central UNIX servers is associated with one group. This is usually referred to as group membership and group ownership, respectively. That is, users are in groups and files are owned by a group.
You do not need to do anything to be in a group—this is all managed for you. All users with an email account are in group 4000. Many students, registered for class, are in a group created specifically for their class section. Researchers using Strauss for computing work are in a group created for their computing projects. At the University of Delaware we also use UNIX groups for accounting purposes, and that is why the group names are usually four-digit account project codes. Each accounting project has a project director who is responsible for adding or removing members from the group. The project director is an instructor for a class project, a principal investigator for a sponsored project, or the university staff member who originally requested the project. The project director manages the members of the project by contacting Access.
All files or directories are owned by the person who creates them. In addition, each file or directory is owned by a group. Managing group ownership of files and directories requires some action by the person who created them. It is important to have group ownership correct if you want to share files with your group. Group ownership does not imply group access. You must set the file access permissions so your group can use the files. You can set permissions to restrict the type of access group members have to your directories and files. You can use different UNIX groups to share files with separate sets of users.
Users are organized into groups. Every user is in at least one group and may be in other groups. Group membership gives you special access to files and directories that are permitted to that group.
You are in a primary group and may be in several secondary groups. You are said to be in a group if the group name is in your list of groups. You do not have to be logged in to be in a group. When you are logged in, you are assigned a group which is called your current group. This is also termed "being in a group," but it is better to say "your shell is assigned to the group." When you first log in, you are assigned your primary group, which is also called your default group. You can change your current group, i.e., start a shell with a secondary group as the current group, with the newgrp command. You can change your primary group, i.e., set a default group for your next login, from the UD Network page. You can see your group list or the group list of any user with the groups command. For example:
strauss<1>% groups dnairn anita
dnairn : 1864 0123 0191 0217 0361 0363 0379 0380 0400 0583 4000
anita : 1864 0123 0388 0400 0583 4000
lists all the groups for dnairn and anita. The first group is the primary group, and the remaining groups are in alphabetical order. If you just type groups, you will see the names of your groups.
Note: Currently, the UNIX systems are configured to allow only 16 total groups in the group list. If you see exactly 16 projects in your list, then you may be in a project, but not in the UNIX group for that project.
Every file and directory has a username and a groupname associated with it. The username is the owner, and the groupname owns the file or directory. A directory is a collection of files and possibly other sub-directories. There are commands for managing group ownership for both directories and files. In the example commands given in this document we use filename to indicate the name of a file, but in most cases you can use the same command with the name of a directory.
The long format of the listing command shows the permission modes, the owner, and the group for both files and directories. Use the ls -dl filename command to get a one-line listing for a single file or directory. The command ll (or ls -l ) will list all the files and directories in your current directory. The ones beginning with a "d" are directories.
When a file or directory is first created, it takes as its group the current group of your shell. This is the default group for all login shells, but you can start another shell for any group with the command newgrp project. If you are going to create files for a secondary group then it easier to create all these files from a shell started with the newgrp command.
If you want to change the group associated with a file or directory that already exists, use the command chgrp project filename. You must be the owner of the file filename, and you must be a member of the group project to make the change. If the long listing shows a file that is not owned by the proper group, you must contact the owner of the file and get them to change the group.
In many cases, the group ownership does not matter, but if you want to share a file with a group, then it is important that you get the ownership correct. Otherwise, you may be inviting all users to put their large files in your directory.
<2>% ls -dl kneeland
drwxr-x--- 3 dnairn 0217 512 Aug 14 15:14 kneeland
The first set of characters are the mode, the following number is a count, the user name is the owner, and the 4 digit account code is the group:
Command Description Example chdgrp List groups with title and remaining balance chdgrp groups See groups to which you belong with primary group first groups id See current group as part of your id id newgrp Start a shell in a different group newgrp 1234 chmod Change permissions for directories and files chmod g+rwx myfile chgrp Change group ownership of directories and files chgrp 1234 myfile ls List file permissions ls -l
By itself, chdgrp will list your current groups with a short description:
Project Title Remaining Valid on hosts
0068 WWW-IDEA CENTER 100.00 mahler strauss
1864 US-STAFF 1740.58 mahler strauss
0123 RESTRICTED DATA 50.00 mahler strauss
0583 WWW-IT 89.57 mahler strauss
0191 USMAILTEST-ALIAS 100.00 mahler strauss
0217 WWWMAINT 100.00 mahler strauss
0380 US-QUOTA-REQUESTS 100.00 mahler strauss
0400 US-ALTERNATE INBOX 200.00 mahler strauss
4000 U. OF D. E-MAIL 50.00 mahler strauss
Your default group is currently 1864.
To change your default group please go to http://www.udel.edu/network
This is helpful if you forget which project number to use for your groups.
1864 0123 0217 0380 0400 0583 4000
The first group that is listed is your primary group. That may be the only group to which you belong.
Both the chdgrp and groups commands will list your groups and tell you which one is the default group. However, the chdgrp command cannot be used to get information about another account, whereas the groups command can be used to list the groups for any user.
The current group is the project code 1864.
<5>% newgrp 0217
1864 0123 0191 0217 0361 0363 0379 0380 0400 0583 4000
Use the exit command to exit the shell, and your current group will be restored to what it was before the newgrp command.
The first group in the groups list is your primary group, whereas the group in the id information is your current group. You can also find all your groups with the id -a command.
The command syntax to enable all members of a group to read a file is:
chmod g+r filename
where filename is the name of the file you want to share. The file is now readable to the group associated with the file filename.
chmod -R g+rX dirname
where dirname is the name of the directory that contains the files you want to share.
The chmod command can also be used to allow members of a group to put files in a directory. The owner of the directory can open it for shared writing with the command:
chmod g=swrx,+t dirname
where dirname is the name of the directory in which you want members of your group to create files. The s is the group set-ID setting, which means all new files in this group will be owned by the user putting them there, but the group ownership will be set to match the group of the directory, not the current group of the owner. This is the recommended way to keep all group ownerships correct. The +t makes this a "sticky" directory. This means only the owner of a file (or the owner of the directory) can delete or rename a file. This is recommended if several users will be putting files in the same directory.
The syntax for the chgrp command is:
chgrp groupname filename
where groupname is the name of the group with which you would like to share a file named filename.
Whereas the chmod command determines the type of access that group members may have to a file or directory, the chgrp command determines which group may access that file or directory.
will list all the files and directories in the current directory. You can use this command to verify that:
You can use a UNIX group to share an unlimited number of files on an ongoing basis with others who have their own central UNIX account and are members of the same UNIX group.
One of the most common mistakes in sharing files on a UNIX system is to forget to set file permissions or to set them incorrectly. If permissions are not set correctly then a user will see the following message or a similar one when they try to access your directory or files:
<1>% groups $USER anita
dnairn : 1864 0123 0191 0217 0361 0363 0379 0380 0400 0583 4000
anita : 1864 0123 0388 0400 0583 4000
Project code 1864 is a good group name to choose.
<2>% ls -dl myfile
-rw-r----- 1 dnairn 1864 0 Dec 21 15:09 myfile
chmod g+r myfile
<2>% ls -dl . .. ../.. ../../..
drwxrwsr-x 2 dnairn 1864 512 Oct 16 10:42 .
drwxrwsr-t 3 dnairn 1864 512 Oct 16 10:26 ..
drwxr-xr-x 84 dnairn 1864 6656 Dec 21 11:07 ../..
drwxr-xr-x 198 root root 9216 Aug 22 04:10 ../../..
Another common problem is to set file permissions for existing files, but to neglect to set permissions for newly created files. By default, others cannot access your files. You must give explicit permissions to each file when it is created.Contents