```
chmod g+s
```



If you're saving files to a portable drive from one computer only to find those files inaccessible on another computer, then you're probably experiencing a [permission problem](https://opensource.com/article/19/8/linux-permissions-101).
You can verify this by interacting with your portable drive using ``sudo`` to grant your user temporary permission to access *everything* on the drive regardless of permission settings.
For example, if you've saved a file called ``foo.txt`` onto a drive from your laptop but you can't access the file from your desktop, then you might try launching an instance of your file manager (called ``nautilus`` on GNOME) with sudo:

```
$ sudo nautilus
```

If you don't want to bother with a GUI, you can just try to access the file directly in the terminal:

```
$ sudo cat /path/to/foo.txt
```

If you can access the forbidden file with sudo, then it's a permissions error standing in your way.
That's an easy fix.
You just have to configure your drive correctly.

### User names and IDs

Usually, if you have access issues with portable drives on Linux or Mac OS, it's because the POSIX user that created a file doesn't exist on the computer attempting to read the file.
Even though you may be the user on both computers involved, if the username and user ID are not the same on both systems, then as far as your computers are concerned, you're not the same entity.

To find out what your username and ID, us the ``id`` command.

Here's an example of how identities can sometimes mismatch.
On my home computer, I set up a profile for myself using just my given name:

```
$ id
uid=1000(seth) gid=[...]
```

But at most jobs, the IT department configures my computer:

```
$ id
uid=10032(kenlons) gid=[...]
```

If I transport a file from home to work, this mismatch could mean an extra step of escalating privileges to read the file.
I could circumvent the issue by creating the user ``kenlons`` with the ID 10032 on my home computer, or the user ``seth`` with ID 1000 on my work computer (which isn't possible, because the ID 1000 is most certainly already occupied, and I'm not an admin of the system).

If you're sharing files between computers and the user names and IDs do not match, there's an easier mechanism: groups.



You don't always have control over your computer username.
At home, you m



Most portable drives are sold in a Microsoft format (FAT or NTFS), which work well on Linux but aren't particularly great for Linux because they don't track Linux-specific file attributes.
If you want to use a good journaled Linux file system on your external drive, though, you could run into permission errors unless you know how to set it up properly.


I even use a 128 GB thumb drive as my home partition (functionally, not technically), storing all of my important user data to it and syncing the portable drive to the computer drive [upon connection](https://gitlab.com/slackermedia/attachup).



Here's the right way to configure your external drive on Linux:

1. Humans: determine which humans who need access to a folder
2. Accounts: determine the user accounts and groups assigned to those humans
3. Control: set access control lists (ACL)

## 1. Humans

The confusing thing about computers is that they refer to humans by username.
A username isn't an actual person, and it's barely even a name.
In fact, humans are actually assigned a User ID (UID) by a computer, to which a name is attached.
For instance, I'm ``seth`` on my home computer, my UID is 100, and my primary group ID (GID) is 100 (a group called ``users``):

```
$ whoami
seth
$ id
uid=1000(seth) gid=100(users) groups=100(users)...
```

On my laptop, I'm ``seth`` with a UID of 500, and my primary group ID is 500 (a group called ``seth``).
On my work computer, however, my user name is sethkenlon with a UID and several group IDs, including 10922 (a group called ``sethkenlon``) and 1000 (a group called ``staff``).

```
% whoami
sethkenlon
% id
uid=10922(sethkenlon) gid=10922(sethkenlon)
groups=10922(sethkenlon),1000(staff)...
```

Same human, different credentials.

Before you go about setting up an external drive to be shared among friends or just yourself, you need to know which humans you want to have access.

## 2. Accounts

For each human, there may well be several computer credentials, which means you'll either have to add some users more than once, or else that you should create a group common to all accounts.

### UID

If you're happy to add each user to your access list more than once, then you need their user id (UID) for each device the drive is going to be attached to.
Just getting their user *name* is not good enough, because POSIX systems use the user ID to resolve permissions.
In other words, if I'm ``seth`` with UID 1000 on my desktop and ``seth`` with UID 500 on my laptop, then for the purposes of resolving file access, those are two separate accounts (even though they both map back to one human).

### Groups

The easier technique, if you have the ability to make it happen, is to use groups.
The problem with groups is that you don't always have the ability to normalize them across all systems.
If you own or maintain all computers involved, then it's easy to create a group on each computer with a consistent name and group ID.
On larger systems, however, you may not have the ability to add each user to a standard group.

If there is a standard group ID each user can create and add themselves to, then you can just use group permissions to provide access to your many users.
Before creating a group of your own, look at the systems involved to see whether a logical group already exists.
For instance, a group called ``users`` at GID 100 is very common, although not all users may be added to the group by default.

If you have no common group across all systems to which you can add your users, create a new group on each system.
Use a relatively high group ID to ensure you don't take up a slot needed by something more important.
Using a terminal:

```
$ sudo groupadd --gid 10999 users
```

On each system, add each user to the group:

```
$ sudo usermod --append --groups users $USER
```

The user must log out and back in to activate their group membership.

You can confirm which groups you belong to on your own computer by typing the command ``groups`` into a terminal.

### Normalizing

The goal is to find a common thread to group together all the users you want to share a drive with.
Whether you do it by manipulating user IDs, creating a group, or just jotting down each user ID on a notepad, once you've gotten a consistent understanding of your user and group configuration, you're ready to create an Accell Control List.

You are viewing proxied material from sdf.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.