Collaborating on shared data requires setting up Linux file permissions correctly on your project directories. This guide walks you through the three key steps: identifying your group membership, setting directory permissions, and configuring your shell environment so that new files automatically inherit the right permissions.

Understanding Linux Permissions

Linux permissions are assigned to three identities on every file and directory:

• user (u) – the owner of the file
• group (g) – a named group of users
• others (o) – everyone else on the system

Each identity can be granted read (r), write (w), and execute/traverse (x) access. For shared project directories the group permission is what enables your colleagues to access your files.

Step 1: Find Your User and Group Information

Before changing any permissions you need to know which groups you belong to. Run the id command on shell.sci.utah.edu:

$ id
uid=12345(jdoe) gid=10001(jdoe) groups=10001(jdoe),20050(sci-group),20099(sci-group2)

The output tells you:

• uid – your numeric user ID and login name
• gid – your primary (default) group
• groups – all groups you are a member of; the shared group you want to use for a project must appear here

If the group you need is not listed, contact SCI IT to be added. If you were just added to a group, log out and back in (or start a new SSH session) for the membership to take effect, then run id again to confirm.

Step 2: Set the Group on Your Base Directory

Use chgrp to assign the owning group to your project directory. The -R flag applies the change recursively to all existing contents and you must be the owner of the file(s) you are trying to change:

# Set the group on the base directory only
$ chgrp sci-group /sci-it/projects/new-project

# Set the group recursively on all existing files and subdirectories
$ chgrp -R sci-group /sci-it/projects/new-project

Set What the Group Can Do with chmod

After assigning the group, use chmod to define what that group is allowed to do. Note the s (setgid) bit — when set on a directory it causes files and subdirectories created inside it to automatically inherit the group of the parent directory rather than your default group, which is essential for ongoing collaboration so your colleagues’ new files are also accessible to the group.  Please read the man pages, e.g. man chmod, for the full details, but here are some examples:

If you want the group to be able to read and write files in the directory:

$ chmod g=rwxs /sci-it/projects/new-project

If you want the group to be able to read only (no write access):

$ chmod g=rxs /sci-it/projects/new-project

You should also set the others permission explicitly. To block all access by anyone outside the group:

$ chmod o= /sci-it/projects/new-project

Or if users outside the group should be able to read (but not write):

$ chmod o=rx /sci-it/projects/new-project

You can combine both group and others settings in a single command:

# Group read/write, others blocked entirely
$ chmod u=rwx,g=rwxs,o= /sci-it/projects/new-project

# Group read-only, others blocked entirely
$ chmod u=rwx,g=rxs,o= /sci-it/projects/new-project

Step 3: Set Your umask

The chmod and chgrp commands above fix the permissions on existing files and directories. To ensure that new files and directories you create automatically have the right permissions, you need to set your umask. The umask is a bitmask that removes permissions from the default when new files are created.

To allow your group to read and write new files, and block others entirely, add the following to your shell startup file (~/.bashrc, ~/.zshrc, etc.):

umask 0007

To allow your group to read only new files, and block others entirely:

umask 0027

To verify your current umask setting, simply run:

$ umask
0022

The table below summarizes common umask values and the resulting permissions on newly created files and directories:

Note that the umask only applies to new files and directories created after the umask is set. Use chmod and chgrp -R to fix permissions on existing content as described in Step 2.

Putting It All Together: A Complete Example

The following example sets up a new shared project directory at /sci-it/projects/new-project for the group sci-group, where group members can read and write, and others have no access.

# 1. Confirm your group membership
$ id
uid=12345(jdoe) gid=10001(jdoe) groups=10001(jdoe),20050(sci-group)

# 2. Assign the group to the directory tree
$ chgrp -R sci-group /sci-it/projects/new-project

# 3. Set permissions: group read/write with setgid, others blocked
$ chmod g=rwxs,o= /sci-it/projects/new-project

# 4. Set your umask so new files inherit group read/write
$ umask 0007

# 5. Verify the result
$ ls -la /sci-it/projects/
drwxrws--- 4 jdoe sci-group 4096 Mar  5 09:15 new-project

After creating some files and subdirectories the structure should look like the following. Notice that all entries show sci-group as the group owner, and the s in the group execute position on directories confirms the setgid bit is active:

$ tree -pug /sci-it/projects/new-project
/sci-it/projects/new-project
[drwxrws--- jdoe     sci-group]  .
[drwxrws--- jdoe     sci-group]  ├── data
[drwxrws--- jdoe     sci-group]  │   ├── raw
[-rw-rw---- jdoe     sci-group]  │   │   ├── dataset_001.csv
[-rw-rw---- jdoe     sci-group]  │   │   └── dataset_002.csv
[drwxrws--- jdoe     sci-group]  │   └── processed
[-rw-rw---- jdoe     sci-group]  │       └── results.csv
[drwxrws--- jdoe     sci-group]  ├── docs
[-rw-rw---- jdoe     sci-group]  │   └── README.md
[drwxrws--- jdoe     sci-group]  └── scripts
[-rw-rw---- jdoe     sci-group]      ├── analyze.py
[-rw-rw---- jdoe     sci-group]      └── preprocess.sh

5 directories, 6 files

If you had instead used umask 0027 and chmod g=rxs,o= for a read-only share, the tree would show r-x on directories and r-- on files for the group column:

$ tree -pug /sci-it/projects/new-project
/sci-it/projects/new-project
[drwxr-s--- jdoe     sci-group]  .
[drwxr-s--- jdoe     sci-group]  ├── data
[-rw-r----- jdoe     sci-group]  │   └── dataset_001.csv
[drwxr-s--- jdoe     sci-group]  └── scripts
[-rw-r----- jdoe     sci-group]      └── analyze.py

2 directories, 2 files

Fixing Permissions on an Existing Directory Tree

If a directory already contains files with incorrect permissions you can fix them all at once using find combined with chmod. Because files and directories need different permission bits it is best to handle them separately.   Again you need to be the owner of the files you’d like to change:

# Fix group on everything recursively
$ chgrp -R sci-group /sci-it/projects/new-project

# Fix permissions on directories (need execute/traverse + setgid)
$ find /sci-it/projects/new-project -type d -exec chmod g=rwxs,o= {} +

# Fix permissions on files (no execute bit for regular files)
$ find /sci-it/projects/new-project -type f -exec chmod g=rw,o= {} +

For a read-only share substitute g=rxs for directories and g=r for files accordingly.

Common Issues and Troubleshooting

New files are not inheriting the group

Check that the setgid bit is set on the parent directory — it should show as s in the group execute position (e.g. rwxrws---). If it shows as S (uppercase), the execute bit is missing. Re-run chmod g=rwxs <dir> to correct it.

A colleague can see a directory but not its contents

The execute bit on a directory controls the ability to traverse into it and access its contents. Make sure the directory itself has g=rwx (or g=rx for read-only), not just g=rw.

Permission denied when writing even though the group is set correctly

Check the id output to confirm the user is actually a member of the group in the current session. New group memberships require logging out and back in before they take effect.

The umask I set is not being applied

Ensure the umask line is in the correct shell startup file for your shell (~/.bashrc for bash, ~/.zshrc for zsh, ~/.config/fish/config.fish for fish). Open a new terminal session after editing the file and confirm with umask.