competes post production details and adds files.zip

modules/resources/exercise_sftp_postproduction.md

@@ -3,7 +3,7 @@
 Imagine a team of people working on a feature film.
 There are different departments such as the editors, sound designers, the team surrounding the director etc.
 They all have different files such as the video rushes, the audio recordings done on set, the written script, etc.
-How would we design a directory layout that accomodates the following restrictions?
+How would we design a directory layout and permission structure that accommodates the following restrictions?
 
 * the director department has the following people
 	* marie is the director of the movie
@@ -21,7 +21,7 @@ How would we design a directory layout that accomodates the following restrictio
 	* alex
 
 The director has full authority over the project and should be able to change every file possible, rename, delete, add, you name it.
-The people on her team can watch and listen to the audio and video clips and have access to the scenario, and planning files.
+The people on her team can watch and listen to the audio and video clips but have full write access to the scenario, and planning files.
 
 The video department is the first in line and can upload and modify all video files.
 Once they are done they make final renders which the audio team can read but not modify.
@@ -32,9 +32,9 @@ The video files are all mp4 files and the audio files are wav files.
 The scenario is just one big markdown file and the planning is a ics calendar file.
 
 None of the people working on the movie have any idea how Linux works so they do not need shell access to the server, except for the tech admin.
-Alex can ssh and pretty much anything to the files on the server, just in case somebody messes up something.
+Alex can ssh and do pretty much anything to the files on the server, just in case somebody messes up something.
 
-**Have a think about how to organise this before continueing below**
+**Have a think about how to organise this before continuing below**
 
 ## How to tackle this situation
 
@@ -55,6 +55,31 @@ I would make a table to visualise the problem.
 |eefje  |      |       |       |
 |alex   |      |       |       |
 
+For ease of use I would make this table in a spreadsheet program such as Libreoffice Calc or Excel.
+I created a zip file with all the files that you can download [here](./files.zip).
+
+Once you have a good overview of all the users and groups you need to create, try to create the following scripts to make your life easier.
+
+* a adduser script, like the previous challenge, that creates the users and groups
+* a counterpart to the adduser script that removes them so you can clean the system in case you want to restart the exercise
+* a script that creates your folder structure and changes the files and directories to the proper permissions
+
+At first I would approach the problem from a *static* point of view.
+With this I mean you create all users, groups, directories and files with correct ownership and permissions on the shell.
+Test the different user accounts via `filezilla` or `sftp` to see if the rights are correct.
+Once you're confident all users can access the files they need, try to upload some additional files.
+You'll quickly discover that everything can become a *big* mess.
+Something is missing!
+
+This is where [setuid](https://en.wikipedia.org/wiki/Setuid) and **setgid** come in place.
+They are what we call *special permissions*.
+I advise you to have a play with them in a different folder to see how they work.
+You'll see they are very powerful for these type of situations.
+
+One last thing that is missing to make the entire exercise perfect is the notion of `umask`.
+We haven't seen this concept but you're using it all the time.
+Where do you think the permissions come from when you `touch readme.md`?
+One last hint I'll leave you with is [this](https://unix.stackexchange.com/questions/393919/proper-way-to-set-the-umask-for-sftp-transactions).
 
 ## A directory proposition