For school I have an open assignment which states that I should create 10 users scattered over 5 departments with their own department-folder. Users of the same department should be able to access files of their colleagues (Read/Write/Execute/NOT DELETE).
The BOSS department however should be able to access every user's files(access to all departments)(Read/Write/Execute/NOT DELETE).
My teacher stated that there's tons of ways on how to do this but this is what I have so far:
#FOR EASE OF READING I TRUNCATED THE SCRIPT SO THAT IT ONLY SHOWS A FEW DEPARTMENTS/USERS#
groupadd -g 750 -f Boss
groupadd -g 751 -f Sales
chown -R :Boss /home/Boss
chown -R :Sales /home/Sales
setfacl -Rm g:Boss:rwx /home/Boss
setfacl -Rm g:Boss:rwx /home/Sales
chmod 1770 /home/Boss -R
chmod 1770 /home/Sales -R
chage -d 0 -m 0 -M 90 boss
chage -d 0 -m 0 -M 90 employee
What I'm trying to accomplish:
Boss-users should be able to access ALL files in ANY department. (Read/Write/Execute)
Standard users should be able to access files of colleagues in the SAME department. (Read/Write/Execute)
Only the creator of the file or directory should have rights to delete.
My reasoning for creating the folder structure as is because it should make rights-delivering easier. Not sure if this way is best or correct at all.
My problem however is that although I can read newly created files it does not inherit rights from the original directories.
new.txt created by j.doe in /home/Sales/
only inherits 'READ'-rights for the group.
I want users of the same GROUP to be able to Read/Write/Execute but only the original creator of the file/directory should be able to delete.