This is the first episode of a mini series of Bash tips for Linux (in case you are wondering, yes, they are respectively my favorite shell and my favorite OS 
).
Episode 1: Deal with personal accounts and file permissions
Episode 2: Have a smart environment for personal accounts
Description:
Nowadays it is mandatory at many companies to log in on Linux servers with a personal account (either integrated with LDAP, kerberos or whatelse) to comply with strict auditing rules.
I need to be sure that I have an environment where my modifications do not conflict with my colleagues environment.
BAD:
-bash-4.1$ id uid=20928(ludo) gid=200(dba) groups=200(dba) -bash-4.1$ ls -lia total 8 8196 drwxrwxr-x 2 oracle dba 4096 Mar 15 15:14 . 2 drwxrwxrwt. 14 root root 4096 Mar 15 15:15 .. -bash-4.1$ vi script.sh ... edit here... -bash-4.1$ ls -l total 4 -rw-r--r-- 1 ludo dba 8 Mar 15 15:15 script.sh -bash-4.1$
the script has been created by me, but my colleagues may need to modify it! So I need to change the ownership:
$ chown oracle:dba script.sh chown: changing ownership of `script.sh': Operation not permitted $
But I can only change the permissions:
$ chmod 775 script.sh $
If I really want to change the owner, I have to ask to someone that has root privileges or delete the file with my account and create it with the correct one (oracle or something else).
GOOD:
- Set the setgid bit at the directory level
- Define an alias for my favorite editor that use sudoedit instead:
$ chmod 2751 . $ ls -lia total 4 8196 drwxr-s--x 2 oracle dba 4096 Mar 15 15:26 . $ alias vi='SUDO_EDITOR=/usr/bin/vim sudoedit -u oracle ' $ vi script.sh [sudo] password for ludo: ... edit here ... $ ls -l script.sh total 8 -rw-r--r-- 1 oracle dba 6 Mar 15 15:24 script.sh $
In case I need to modify other files with MY account, I can either use the full path (/usr/bin/vim) or define another alias:
alias vime="/usr/bin/vim"
