81
63
There is a folder that is owned by user tomcat6:
drwxr-xr-x 2 tomcat6 tomcat6 69632 2011-05-06 03:43 document
I want to allow another user (ruser) write permissions on document folder. The two users (tomcat6 and ruser) does not belong to same group. I have tried using setfacl:
sudo setfacl -m u:ruser:rwx document
but this gives me setfacl: document: Operation not supported error. Kindly help me.
TheVillageIdiot
Posted 2011-05-09T08:44:23.717
Reputation: 1 187
151
There are two ways to do this: set the directory to "world" writable or create a new group for the two users and make the directory writeable to that group.
Obviously making it world writeable is a Bad Thing, so the second option is preferable.
Users in Linux can belong to more than one group. In this case you want to create a brand new group, let's call it tomandruser:
sudo groupadd tomandruser
Now that the group exists, add the two users to it:
sudo usermod -a -G tomandruser tomcat6
sudo usermod -a -G tomandruser ruser
Now all that's left is to set the permissions on the directory:
sudo chgrp -R tomandruser /path/to/the/directory
sudo chmod -R 770 /path/to/the/directory
Now only members of the tomandruser group can read, write, or execute anything within the directory. Note the -R argument to the chmod and chgrp commands: this tells them to recurse into every sub directory of the target directory and modify every file and directory it finds.
You may also want to change 770 to something like 774 if you want others to be able to read the files, 775 if you want others to read and execute the files, etc. Group assignment changes won't take effect until the users log out and back in.
If you also want (you probably do) that new files created inside the directory by one of the users are automaticaly writable by others in the group, then see here.
Andrew Lambert
Posted 2011-05-09T08:44:23.717
Reputation: 7 136
3
Example script shows an example to give w (write)/ r (read) / x (execute) permission to the given folder path /path/to/the/directory for USER1 and USER2. If you want to give only write access please replace rwx with w.
#!/bin/bash
# Block others and people in the same group to do read/write/execute on give folder:
sudo chmod 700 /path/to/the/directory
#Give read/write/execute access to USER1 on give folder:
sudo setfacl -R -m user:USER1:rwx /path/to/the/directory
#Give read/write/execute access to USER2 on give folder:
sudo setfacl -R -m user:USER2:rwx /path/to/the/directory
alper
Posted 2011-05-09T08:44:23.717
Reputation: 131
I would not mess around with set-group-ID flag with chmod 2770 UNLESS you are 100% user you know what that does and what you are trying to do! – None – 2015-10-04T13:13:52.700
2Note: "Group assignment changes won't take effect until the users log out and back in." I have missed that :) – Vladimir Vukanac – 2015-12-04T11:50:41.077
What happens if the file was originally owned by
rootinstead oftomcat6? – ComputerScientist – 2019-11-22T17:58:48.950works like a charm – swapnilsarwe – 2012-08-21T19:36:25.857
2You probably want to also set the set-group-ID flag for directories, to make new files and sub-directories automatically owned by the right group:
sudo find /path/to/the/directory -type d -exec chmod 2770 '{}' \;– Marcello Nuccio – 2012-12-13T14:28:44.0838I'd avoid using chmod 770, 775 or whatever. That messes with the permissions of all files. Instead use something like
chmod -R g+wto add write permissions without mucking up everything else. – Christian Varga – 2013-01-03T15:11:10.9002If a user creates a new file there (say, mysql by
SELECT INTO OUTFILE), it sets permissions to its primary group (mysqlin this case), and the file is not accessible by another user anyway. How to workaround this? – Olexa – 2013-05-15T11:53:11.123Found an answer for my question here: http://superuser.com/a/19333/171762
– Olexa – 2013-05-15T12:37:06.123Does
-R 770change permission for all subdirectories AND FILES in that directory? – Jürgen Paul – 2013-06-24T10:17:13.730@WearetheWorld Yes. – Andrew Lambert – 2013-06-24T15:47:51.427
2What if you want to grant users write access to a folder without changing the folder's ownership e.g. you don't want to mess with apache's permissions on a public_html folder? – codecowboy – 2014-02-12T16:45:16.907