Linux bash way for unprivileged user to take ownership of contents of only one particular directory?

Question

I want a particular user to recursively change owner and group of all the contents of a particular directory, and only that directory. The directory is a kind of "inbox", where a service writes files, and subdirectories.

Currently, I have an administrator sudo chown, but I would prefer the destination owner to do it themselves, without that user having any more permissions then required. Let's say the original owner is "headsman", and the final owner should be "audience". Neither user is in the same group.

sudo chown -R audience:watchers /usr/files/pathofdir Is not quite right, because I don’t want audience to have unlimited authority to use chown. My first guess was to try to add "audience" to /etc/ sudoers with permission to /usr/bin/chown and /usr/bin/chgrp. But that is too much authority.

I thought of writing a script exclusively for audience, but I don’t know how to make that script have the correct permissions and no more.

What is a good way to do this?

Answer 1

You can specify a full command in sudoers, with arguments and all, in which case the user will have authority to run the specified command only with the specified arguments. So this sudoers entry should solve your problem:

audience  ALL=/usr/bin/chown -R audience\:watchers /usr/files/pathofdir

However, I think you should check out ACLs, as I suspect your problem can be more easily handled with the use of a default ACL on the directory. See this post for an example.

Answer 2

@Lasek pointed out that I probably wanted to use ACLS. This seems to be working for me:

sudo setfacl -RPdm user:audience:rwX /usr/files/pathofdir
sudo setfacl -RPdm group:watchers:rwX /usr/files/pathofdir
sudo setfacl -RPm user:audience:rwX /usr/files/pathofdir
sudo setfacl -RPm group:watchers:rwX /usr/files/pathofdir

There is probably a more concise syntax, but this is my first use of setfacl