How to create a folder in Linux for other users which I can delete later?

Question

I need to run a docker-compose up -d --build command to run a project. Some containers will write files to the volume, which will be mounted to a subfolder in my home folder.

I want to delete this folder later later with my technical user, but it's impossible to delete these folders without 'sudo' command, because docker will create the subfolders with different users which I don't recognize or don't have on my system:

technical@mysystem $ ls -l ~
drwxr-xr-x. 5 polkitd   root      4096 Apr 21 16:18 data_1
drwxr-xr-x. 5        33 tape      4096 Apr 21 16:18 data_2

e.g.: 33 is an unknown user to my system and tape group is an unknown group (I assume they are used by docker)

technical@mysystem $ groups
technical wheel docker

technical@mysystem $ awk -F':' '{ print $1}' /etc/passwd | paste -sd " "
root bin daemon adm lp sync shutdown halt mail operator games ftp nobody systemd-network dbus polkitd sshd postfix technical

I've tried to use setuid or setgid bits on the folders, but the result is the same: when I try to delete these folders with their content written be docker I get an error and I can't do it without sudo privileges:

technical@mysystem $ rm -R data_1/
rm: cannot remove ‘data_1/myfile’: Permission denied

Questions:

• What is the proper way to handle these folders?
• How could I delete the contents of these folders (written by docker) with my technical user (without sudo privileges)?
  • What permissions should be set on the folder to be able to achieve this?
• Where to put these kind of files/project in Linux file system?
• Which best practices and patterns should I follow in this case?

Answer 1

Unfortunately due to the way Linux handles permissions on your system you will not be able to modify these files as your current user and group as you only have read and execute permissions set. To fix things as they are would require root access. Once you are root you would change ownership of the file or or folder by issuing the command chown technical:technical data1

Now assuming the above is not an option you could make your own folders and set permissions. In order to create a folder in which the users from the technical group can use, you can issue the following command as the technical user mkdir data3 This should create a folder named data3 and both user and group should be "technical" when running ls -l data3

Folder and file placement is up to you, It is generally best to follow an existing data flow that you have already on the system if there is one. Personally I would put files like this in /home/technical/Documents so that it is easy to remember and access, especially if you are not the only person accessing the files in the group.

As far as best practices are concerned, I would just make sure that any files that are owned by the technical group are contained only to those members of the group. You can do this by setting permissions on the folder that contains files the group will use with setfacl -d -m g:technical:rw /home/technical/Docmuents which will enforce read and write permission only for new files created in the specified folder. Of course you can add write access with rwx instead, or remove permissions you don't want that group to have.

Unfortunately I do not have docker experience, but it sounds like other services where it will have a config file that specifies where new files are created and who owns them. If this is your server you should be able to change those things with some added research.