Happy new year to all of you.
I want to share an configuration folder for an group where i can't specify in which directory
to store the configuration. Which is true for the most of all apps i think. I made it this way and think this is
not the best way (security):
+ group "<softuser>" holds the users for access to "<program>"
+ chmod 750 for /usr/bin/<program>
+ added shell-script "/usr/bin/<program>-start" in with chmod 750,chown root,chgrp "<softuser>"
chgrp <softuser> -R /opt/<programdir>/.<program-config>
chown root -R /opt/<programdir>/.<program-config> # <--- user can't change owner to root !!!
chmod 770 -R /opt/<programdir>/.<program-config>
so user can now start program with "<program>-start" and has access to same documents which another
user modified/created etc. This is what i want. Full Acess for everyone in the group but only in this dir.
I tried 's' flag for <program> but the rights are only then for the specific user. I thought it will be using
the group context but it sets the group to the user-group, how it should be, but not what i want in this case.
I need this on my single-pc. No network access. I have 3 accounts and want them to share this directory for the application only.
Any 'good' advises how to setup something like this in a professional and secure way ?
I forgot to write the reason why it is not a good solution is that the files will be stored with user/usergroup rights so that another account has no access. How said above this is ok but not for my purpose.