LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-24-2013, 08:57 AM   #1
digitalbiopharm
LQ Newbie
 
Registered: Dec 2013
Posts: 6

Rep: Reputation: Disabled
How to give read-only permission for specific user for specific folder in RedHat


Question is about user permissions in RedHat. How to give read-only permission to specific user just to read a specific folder and its sub-folders and files?

How can I do it?
I ve tried:
chmod a+r -R folder
but it doesn t work - permission is still denied.

So, the situation is, I work under root, I have:
user1
user2
I need to user2 give an opportunity to read-only folder and all files and sub-folders of user1.
How can I do that?
I ve tried:
chmod user2 r -R user1

and it doesn t wotk either.
It still has permission as denied.
 
Old 12-24-2013, 10:45 AM   #2
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,358

Rep: Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989
The easiest way is probably to add user2 to user1's group, and then remove group write access from all of user1's files and directories.

Remember, in order to go into a directory and view its contents, you need both read and execute permission on the directory.
 
1 members found this post helpful.
Old 12-24-2013, 10:51 AM   #3
digitalbiopharm
LQ Newbie
 
Registered: Dec 2013
Posts: 6

Original Poster
Rep: Reputation: Disabled
Then user2 will have the same rights as user1, which I don t want. User2 should not be able to do anything with files in user1 folders, only to read.
I also can give ALL other users than user1, permission to read.
How to do that?
 
Old 12-24-2013, 10:58 AM   #4
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US, Earth, end border$! ◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest; has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 3,288
Blog Entries: 2

Rep: Reputation: 929Reputation: 929Reputation: 929Reputation: 929Reputation: 929Reputation: 929Reputation: 929Reputation: 929
Hi. What RH version and DE? Many times you can right click on a folder and go to a permission tab with check boxes... best wishes and have fun.
But, don't do this.

Last edited by jamison20000e; 12-24-2013 at 11:04 AM.
 
Old 12-24-2013, 11:02 AM   #5
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US, Earth, end border$! ◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest; has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 3,288
Blog Entries: 2

Rep: Reputation: 929Reputation: 929Reputation: 929Reputation: 929Reputation: 929Reputation: 929Reputation: 929Reputation: 929
^Sorry wrong link at first, I fixed it.^
 
Old 12-24-2013, 11:03 AM   #6
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,358

Rep: Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989
Quote:
Originally Posted by digitalbiopharm View Post
Then user2 will have the same rights as user1, which I don t want.
No they won't, they'll only be able to do what you let them do with the group permissions. Presumably user1 would be the owner of the files/dirs, which has its own set of permissions.

Quote:
Originally Posted by digitalbiopharm View Post
User2 should not be able to do anything with files in user1 folders, only to read.
Which is why I said to remove group write access from the files/dirs.

Quote:
Originally Posted by digitalbiopharm View Post
I also can give ALL other users than user1, permission to read.
How to do that?
For that you would just grant read access for files and read/execute access for dirs for "other".



Each file and dir has an owner and a group. These do not necessarily have to be the same (and often aren't). Each file/dir also has read, write, and execute permission for three separate entities. The owner of the file has its own rwx set of permissions, any members of the same group have their own rwx set of permissions, and "everybody else" has their own rwx set of permissions.

When you use chmod, you can explicitly set the permissions for each entity separately.

Read access is a 4
Write access is a 2
Execute access is a 1

Add the access you want to get a number between 0 and 7. Then you can use chmod to set it for all entities like so:
Code:
chmod 750 file
That will give "7" (read/write/execute) permission to the owner, "5" (read/execute but not write) to any members of the same group, and "0" (no access) to everybody else.

Last edited by suicidaleggroll; 12-24-2013 at 11:07 AM.
 
1 members found this post helpful.
Old 12-24-2013, 11:13 AM   #7
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US, Earth, end border$! ◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest; has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 3,288
Blog Entries: 2

Rep: Reputation: 929Reputation: 929Reputation: 929Reputation: 929Reputation: 929Reputation: 929Reputation: 929Reputation: 929
First hit: http://www.linux.org/threads/file-pe...ns-chmod.4094/
 
Old 12-24-2013, 11:55 AM   #8
mddnix
Member
 
Registered: Mar 2013
Distribution: Redhat, Ubuntu
Posts: 516

Rep: Reputation: 139Reputation: 139
The best candidate for this is ACL. Following example is self-explanatory:

Code:
[root@server1 ~]# ls -l /home
drwx------. 2 dummy dummy  4096 Dec 24 22:04 dummy
drwx------. 2 root  root  16384 Dec 24 12:51 lost+found
drwx------. 2 user1 user1  4096 Dec 24 21:57 user1
drwx------. 2 user2 user2  4096 Dec 24 21:55 user2

[root@server1 ~]# su - user1

[user1@server1 ~]$ tree
.
├── MyProj
│   └── myfile
└── OurProj
    └── ourfile

[root@server1 ~]# mount -o remount,acl /home

[root@server1 ~]# mount | grep home
/dev/vda3 on /home type ext4 (rw,acl)

[root@server1 ~]# setfacl -m u:user2:x /home/user1
[root@server1 ~]# setfacl -R -m u:user2:r-x /home/user1/OurProj

[root@server1 ~]# getfacl /home/user1
# file: home/user1
# owner: user1
# group: user1
user::rwx
user:user2:--x
group::---
mask::--x
other::---

[root@server1 ~]# getfacl /home/user1/OurProj
# file: home/user1/OurProj
# owner: user1
# group: user1
user::rwx
user:user2:r-x
group::rwx
mask::rwx
other::r-x

[root@server1 ~]# su - dummy

[dummy@server1 ~]$ ls -l /home/user1
ls: cannot open directory /home/user1: Permission denied

[dummy@server1 ~]$ ls -l /home/user1/OurProj
ls: cannot access /home/user1/OurProj: Permission denied

[dummy@server1 ~]$ cat /home/user1/OurProj/ourfile
cat: /home/user1/OurProj/ourfile: Permission denied

[dummy@server1 ~]$ su - user2

[user2@server1 ~]$ ls -l /home/user1
ls: cannot open directory /home/user1: Permission denied

[user2@server1 ~]$ ls -l /home/user1/OurProj
-rw-rwxr--+ 1 user1 user1 20 Dec 24 21:57 ourfile

[user2@server1 ~]$ cat /home/user1/OurProj/ourfile
This is a test line

Last edited by mddnix; 12-24-2013 at 12:04 PM.
 
1 members found this post helpful.
Old 12-24-2013, 12:28 PM   #9
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US, Earth, end border$! ◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest; has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 3,288
Blog Entries: 2

Rep: Reputation: 929Reputation: 929Reputation: 929Reputation: 929Reputation: 929Reputation: 929Reputation: 929Reputation: 929
@mddesai: Nice; I like that tree command unless in a largely populated directory as far as "self-explanatory" for the in me, somethings will need digging but in Linux I won't brake my back, awesome.

Last edited by jamison20000e; 12-24-2013 at 05:18 PM.
 
Old 12-24-2013, 04:35 PM   #10
digitalbiopharm
LQ Newbie
 
Registered: Dec 2013
Posts: 6

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by suicidaleggroll View Post

Read access is a 4
Write access is a 2
Execute access is a 1

Add the access you want to get a number between 0 and 7. Then you can use chmod to set it for all entities like so:
Code:
chmod 750 file
That will give "7" (read/write/execute) permission to the owner, "5" (read/execute but not write) to any members of the same group, and "0" (no access) to everybody else.
Thank you! That is almost what I was looking for.

How to do that with folder and all its contents?

chmod 750 folder -R

that way?
 
Old 12-24-2013, 09:46 PM   #11
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,358

Rep: Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989
Sure, but that would grant execute permissions to all of the files. I usually do it in two passes using find, first for the dirs, and then for the files
Code:
find folder -type d -exec chmod 750 "{}" \;
find folder -type f -exec chmod 640 "{}" \;
Of course you'd have to go back and add execute permission to any files that are supposed to have it.
 
Old 12-28-2013, 04:36 AM   #12
digitalbiopharm
LQ Newbie
 
Registered: Dec 2013
Posts: 6

Original Poster
Rep: Reputation: Disabled
Protection from writing, means also that files cannot be deleted, or copied etc., right?
So, just read and executed? Then I ll just make it recursively.
 
Old 12-28-2013, 09:33 AM   #13
digitalbiopharm
LQ Newbie
 
Registered: Dec 2013
Posts: 6

Original Poster
Rep: Reputation: Disabled
doesn t work

I did this under "root":

chmod 750 -R folder_name
and it is still not working, when I switch to another user.
 
Old 12-28-2013, 10:57 AM   #14
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,358

Rep: Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989
They can be copied, since all copying requires is reading. They just can't be deleted, edited, or overwritten without write permission. You shouldn't add execute permission to files that don't need it though.

750 permission means the file's owner can read/write/execute and any members of the file's group can read/execute. Was the other user you tested a member of the file's group?
 
Old 12-28-2013, 02:07 PM   #15
digitalbiopharm
LQ Newbie
 
Registered: Dec 2013
Posts: 6

Original Poster
Rep: Reputation: Disabled
No, he wasn t. But I probably can try also 755? The everybody else can read and execute without being a member of the group?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Permission on specific Directory / File to specific group AbidDhanaiser Linux - Desktop 1 08-28-2013 04:38 AM
Change the permission of the folder or file for a specific user it-secret Linux - Newbie 3 08-14-2012 02:38 AM
[SOLVED] Using sudo to give read access to specific directory savona Linux - Security 14 01-31-2012 11:50 AM
Way to make autofs mount to specific USB flash drive to specific folder? utahnix Linux - Software 2 11-24-2010 06:27 PM
can i give directory permission to a group and not specific user? SamuraiCoder Linux - Newbie 5 05-26-2010 05:23 PM


All times are GMT -5. The time now is 05:30 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration