(be kind, it's been years since I had to do any day-to-day Linux administration ...)
I will have a set of vendors who will be uploading (sftp) files to us on our DMZ. I want each vendor to have ownership and full permissions into only their own folder (obviously), but I want our employee to have access rights into each of those folders (so they can sftp the files out of there and into the protected LAN).
SO what I am planning is something like this:
useradd -d /sftp-area/<vendor-id> -m -s /bin/bash <vendor-id>
This will add the user, and create their home folder.
I want to add the group "employees" to the access of that folder ("employees" will be the group I put our employees into). That way both <vendor-id> and anyone in the group "employees" will be able to get into that folder, but no other users.
Is this the right command for what I want to do?
chgrp "employees" /sftp-area/<vendor-id>
That should allow <vendor-id> R/W access to be able to copy files into there, and then allow my employees to log in (as long as they are a member of the group "employees") to navigate around and transfer files from any <vendor-id>.
I'm pretty sure this will work. BUT ... what might be a better way to do that?
(i can probably just do "chgrp 'employees' /sftp-area", so that if I create new vendors in the future, all I have to do is create the vendor, not need to chmod anything further)
I'm happy to live with it as shown, but you folks are a lot better at this than I am, at this point.
Thanks!
--