linux_course_doc/modules/resources/exercise_sftp_postproductio...

# Post production file sharing scenario

Imagine a team of people working on a feature film.
There are different departments such as the editors, sound designers, the team surrounding the director etc.
They all have different files such as the video rushes, the audio recordings done on set, the written script, etc.
How would we design a directory layout and permission structure that accommodates the following restrictions?

* the director department has the following people
	* marie is the director of the movie
	* hugo is the first assistant of marie
	* victor is also an assistant of marie and in charge of the planning
	* camille does the script
* the video department has three editors working on the project
	* dave
	* sarah
	* ester
* the sound team is just two people 
	* adam
	* eefje
* one tech admin
	* alex

The director has full authority over the project and should be able to change every file possible, rename, delete, add, you name it.
The people on her team can watch and listen to the audio and video clips but have full write access to the scenario, and planning files.

The video department is the first in line and can upload and modify all video files.
Once they are done they make final renders which the audio team can read but not modify.
The audio team can upload and change the audio files and delivers a final audio render for video department to include in the actual movie.

As for the data there there where 15 shooting days which each about a 100 recordings, both audio and video.
The video files are all mp4 files and the audio files are wav files.
The scenario is just one big markdown file and the planning is a ics calendar file.

None of the people working on the movie have any idea how Linux works so they do not need shell access to the server, except for the tech admin.
Alex can ssh and do pretty much anything to the files on the server, just in case somebody messes up something.

**Have a think about how to organise this before continuing below**

## How to tackle this situation

You should map out all users and groups needed before you start adding them.
Think before you act and try to look at the situation from all angles.
I would make a table to visualise the problem.

| user  | prod | video | audio |
|-------|------|-------|-------|
|marie  |	   |       |       |
|hugo   |      |       |       |
|victor |      |       |       |
|camille|      |       |       |
|dave   |      |       |       |
|sarah  |      |       |       |
|ester  |      |       |       |
|adam   |      |       |       |
|eefje  |      |       |       |
|alex   |      |       |       |

For ease of use I would make this table in a spreadsheet program such as Libreoffice Calc or Excel.
I created a zip file with all the files that you can download [here](./files.zip).

Once you have a good overview of all the users and groups you need to create, try to create the following scripts to make your life easier.

* a adduser script, like the previous challenge, that creates the users and groups
* a counterpart to the adduser script that removes them so you can clean the system in case you want to restart the exercise
* a script that creates your folder structure and changes the files and directories to the proper permissions

At first I would approach the problem from a *static* point of view.
With this I mean you create all users, groups, directories and files with correct ownership and permissions on the shell.
Test the different user accounts via `filezilla` or `sftp` to see if the rights are correct.
Once you're confident all users can access the files they need, try to upload some additional files.
You'll quickly discover that everything can become a *big* mess.
Something is missing!

This is where [setuid](https://en.wikipedia.org/wiki/Setuid) and **setgid** come in place.
They are what we call *special permissions*.
I advise you to have a play with them in a different folder to see how they work.
You'll see they are very powerful for these type of situations.

One last thing that is missing to make the entire exercise perfect is the notion of `umask`.
We haven't seen this concept but you're using it all the time.
Where do you think the permissions come from when you `touch readme.md`?
One last hint I'll leave you with is [this](https://unix.stackexchange.com/questions/393919/proper-way-to-set-the-umask-for-sftp-transactions).

## A directory proposition

```bash
.
└── oneswellmovie
    ├── audio
    │   ├── day01
    │   │   ├── recording00.wav
    │   │   ├── more files...
    │   │   └── recording89.wav
    │   ├── day02
    │   ├── day03
    │   ├── day04
    │   ├── day05
    │   ├── day06
    │   ├── day07
    │   ├── day08
    │   ├── day09
    │   ├── day10
    │   ├── day11
    │   ├── day12
    │   ├── day13
    │   ├── day14
    │   └── day15
    ├── planning.ics
    ├── renders
    │   ├── final_render.mp4
    │   └── final_render.wav
    ├── scenario.md
    └── video
        ├── day01
        │   ├── clip00.mp4
        │   ├── more clips...
        │   └── clip84.mp4
        ├── day02
        ├── day03
        ├── day04
        ├── day05
        ├── day06
        ├── day07
        ├── day08
        ├── day09
        ├── day10
        ├── day11
        ├── day12
        ├── day13
        ├── day14
        └── day15
```
adds post prodution exercise 2021-04-21 22:27:56 +02:00			`# Post production file sharing scenario`

			`Imagine a team of people working on a feature film.`
			`There are different departments such as the editors, sound designers, the team surrounding the director etc.`
			`They all have different files such as the video rushes, the audio recordings done on set, the written script, etc.`
competes post production details and adds files.zip 2021-04-22 15:32:47 +02:00			`How would we design a directory layout and permission structure that accommodates the following restrictions?`
adds post prodution exercise 2021-04-21 22:27:56 +02:00
			`* the director department has the following people`
			`* marie is the director of the movie`
			`* hugo is the first assistant of marie`
			`* victor is also an assistant of marie and in charge of the planning`
			`* camille does the script`
			`* the video department has three editors working on the project`
			`* dave`
			`* sarah`
			`* ester`
			`* the sound team is just two people`
			`* adam`
			`* eefje`
			`* one tech admin`
			`* alex`

			`The director has full authority over the project and should be able to change every file possible, rename, delete, add, you name it.`
competes post production details and adds files.zip 2021-04-22 15:32:47 +02:00			`The people on her team can watch and listen to the audio and video clips but have full write access to the scenario, and planning files.`
adds post prodution exercise 2021-04-21 22:27:56 +02:00
			`The video department is the first in line and can upload and modify all video files.`
			`Once they are done they make final renders which the audio team can read but not modify.`
			`The audio team can upload and change the audio files and delivers a final audio render for video department to include in the actual movie.`

			`As for the data there there where 15 shooting days which each about a 100 recordings, both audio and video.`
			`The video files are all mp4 files and the audio files are wav files.`
			`The scenario is just one big markdown file and the planning is a ics calendar file.`

			`None of the people working on the movie have any idea how Linux works so they do not need shell access to the server, except for the tech admin.`
competes post production details and adds files.zip 2021-04-22 15:32:47 +02:00			`Alex can ssh and do pretty much anything to the files on the server, just in case somebody messes up something.`
adds post prodution exercise 2021-04-21 22:27:56 +02:00
competes post production details and adds files.zip 2021-04-22 15:32:47 +02:00			`Have a think about how to organise this before continuing below`
adds post prodution exercise 2021-04-21 22:27:56 +02:00
			`## How to tackle this situation`

			`You should map out all users and groups needed before you start adding them.`
			`Think before you act and try to look at the situation from all angles.`
			`I would make a table to visualise the problem.`

			`\| user \| prod \| video \| audio \|`
			`\|-------\|------\|-------\|-------\|`
			`\|marie \| \| \| \|`
			`\|hugo \| \| \| \|`
			`\|victor \| \| \| \|`
			`\|camille\| \| \| \|`
			`\|dave \| \| \| \|`
			`\|sarah \| \| \| \|`
			`\|ester \| \| \| \|`
			`\|adam \| \| \| \|`
			`\|eefje \| \| \| \|`
			`\|alex \| \| \| \|`

competes post production details and adds files.zip 2021-04-22 15:32:47 +02:00			`For ease of use I would make this table in a spreadsheet program such as Libreoffice Calc or Excel.`
			`I created a zip file with all the files that you can download [here](./files.zip).`

			`Once you have a good overview of all the users and groups you need to create, try to create the following scripts to make your life easier.`

			`* a adduser script, like the previous challenge, that creates the users and groups`
			`* a counterpart to the adduser script that removes them so you can clean the system in case you want to restart the exercise`
			`* a script that creates your folder structure and changes the files and directories to the proper permissions`

			`At first I would approach the problem from a static point of view.`
			`With this I mean you create all users, groups, directories and files with correct ownership and permissions on the shell.`
			Test the different user accounts via `filezilla` or `sftp` to see if the rights are correct.
			`Once you're confident all users can access the files they need, try to upload some additional files.`
			`You'll quickly discover that everything can become a big mess.`
			`Something is missing!`

			`This is where [setuid](https://en.wikipedia.org/wiki/Setuid) and setgid come in place.`
			`They are what we call special permissions.`
			`I advise you to have a play with them in a different folder to see how they work.`
			`You'll see they are very powerful for these type of situations.`

			One last thing that is missing to make the entire exercise perfect is the notion of `umask`.
			`We haven't seen this concept but you're using it all the time.`
			Where do you think the permissions come from when you `touch readme.md`?
			`One last hint I'll leave you with is [this](https://unix.stackexchange.com/questions/393919/proper-way-to-set-the-umask-for-sftp-transactions).`
adds post prodution exercise 2021-04-21 22:27:56 +02:00
			`## A directory proposition`

			```bash
			`.`
			`└── oneswellmovie`
			`├── audio`
			`│ ├── day01`
			`│ │ ├── recording00.wav`
			`│ │ ├── more files...`
			`│ │ └── recording89.wav`
			`│ ├── day02`
			`│ ├── day03`
			`│ ├── day04`
			`│ ├── day05`
			`│ ├── day06`
			`│ ├── day07`
			`│ ├── day08`
			`│ ├── day09`
			`│ ├── day10`
			`│ ├── day11`
			`│ ├── day12`
			`│ ├── day13`
			`│ ├── day14`
			`│ └── day15`
			`├── planning.ics`
			`├── renders`
			`│ ├── final_render.mp4`
			`│ └── final_render.wav`
			`├── scenario.md`
			`└── video`
			`├── day01`
			`│ ├── clip00.mp4`
			`│ ├── more clips...`
			`│ └── clip84.mp4`
			`├── day02`
			`├── day03`
			`├── day04`
			`├── day05`
			`├── day06`
			`├── day07`
			`├── day08`
			`├── day09`
			`├── day10`
			`├── day11`
			`├── day12`
			`├── day13`
			`├── day14`
			`└── day15`
			```