5

I want to give write permission to a specific user on a dir recursively without loosing any existing permissions that the user may have. I believe I can use something like this to give write permissions to the user:

setfacl -R -m u:user:w dir/*

but the issue with this is that it takes away any existing permissions that the user may already have. For example if the user had execute permissions before executing the setfacl command, it will replace the execute permission with write permissions.

How can I give write permission to the user while retaining the existing permissions?

peterh
  • 4,914
  • 13
  • 29
  • 44
comatose
  • 151
  • 1
  • 3

1 Answers1

5

What you want are called "relative permissions", a feature that some setfacl implementation provide, basically using the classic "+/-" syntax used by chmod

However, on RHEL7 and Ubuntu 16.04 LTS at least, setfacl does not provide such feature. For example, something as setfacl -m user:root:+r /root/ return an error stating setfacl: Option -m: Invalid argument near character 11

If your setfacl implementation lacks this feature, you have two possibilities:

  • use getfacl to output all the ACLs to a file, editing such a file to match your required access permission, then use setfacl --restore to load/apply the new permissions;
  • create a script to iterate on each file, read the current ACLs and write the new access permissions.
shodanshok
  • 44,038
  • 6
  • 98
  • 162