Accessing files in a group directory or NoLogin account
Files in a NoLogin account can be accessed, created, modified, and deleted without logging in to that account by setting correct permissions on the files and directories. Files are controlled largely via group permissions and are administered by users who are in the account's group. Therefore, each file will be owned by the user who created it and group owned by the account in its home directory.
There are a couple of important details that need to be set up for file access to function properly. The manual pages for chmod and
umask have full details about the following points:
All directories, including the account's home directory, should have the setgid bit turned on (chmod g+s). The setgid bit ensures that any files or subdirectories created inherit the group from the parent directory, which means that all files will remain group owned correctly.
The second thing is to make sure that all users who create files maintain appropriate permissions on the files. The easiest way to ensure this is to use the command umask 007 in the .login or .profile files. The value for umask determines which permissions are set for newly created files,
and 007 means that both the user and the group will, by default, have full access to the files. As a result, files in the group's home directory should have correct access permissions.