Setting permission for multiple users to a directory

sen · 02-25-2010, 10:58 PM

Hi,

I'm a linux newbie and I'm having trouble breaking down permissions in linux. Here's the scenario.

I have two users: UserA & UserB with each having to ownership and access to directories myDirA and myDirB respectively.

UserA --> /source/myDirA
UserB --> /source/myDirB

I need to set the permissions so that userA can access myDirA and myDirB. There are other users and directories but they should not be able to view outside of their own directories (which is the way it is now).

I don't have groups set up for them and I'd rather not change anything else but just the permissions.

rwxr_x_r_x UserA
rwxr_x_r_x UserB

They're read/write/exec permissions are identical.

Please help.

Thanks.

ashok.g · 02-25-2010, 11:20 PM

I think you should have a group of users to have access of a file to different users.
So create a group containing the users whom you want to access the files/directories and make respective file permission changes to those.
Also, have a look at man chown on how to achieve this.

HTH

chrism01 · 02-25-2010, 11:20 PM

You need to add UserA to the same group UserB is in.

saifkhan123 · 02-25-2010, 11:26 PM

man, first of all, whenever you post a question on LQ, must mention you distro!

Now about your question, you should read about ACLs (Access Control Lists) on directory and files, lets say if you are using Red Hat Linux, the command is "setfacl" for setting up ACL on a particular directory,

Quote:

I need to set the permissions so that userA can access myDirA and myDirB. There are other users and directories but they should not be able to view outside of their own directories (which is the way it is now).

type this command

Code:

setfacl -m u:userA:rwx myDirB/

this command will give read-write-execute permission to the userA on directory myDirB, you can setup permission to any directory like this regardless of what permissions and ownership you have already set on your directories.

This answer was just for help, you should read about ACLs in your distro and then you can set even more complex permissions in the future.
Regards

ashok.g · 02-25-2010, 11:34 PM

saifkhan123,
Thats really an important information....

I tried that as below:

Code:

[root@station130 home]# setfacl -m u:Ashok:rwx srinivas/PerlEx/
setfacl: srinivas/PerlEx: Operation not supported

Actually I logged in as root and I want Ashok(a user) to access the directory srinivas/PerlEx/.
But it's not happening. Can you please help me?

saifkhan123 · 02-26-2010, 12:05 AM

Quote:

Originally Posted by ashok.g

saifkhan123,
Thats really an important information....

I tried that as below:

Code:

[root@station130 home]# setfacl -m u:Ashok:rwx srinivas/PerlEx/
setfacl: srinivas/PerlEx: Operation not supported

Actually I logged in as root and I want Ashok(a user) to access the directory srinivas/PerlEx/.
But it's not happening. Can you please help me?

First you should check that you have ACL package installed in your machine (it should be present already, just to confirm), for this type

Code:

rpm -q acl

it should show you the installed package and version, if not install the package through yum.

Also Read ACL details here
http://www.redhat.com/docs/manuals/e...s-setting.html

hope this will help

ashok.g · 02-26-2010, 12:11 AM

I think I did the same as what the link you posted suggest. But why am I getting this problem "operation not supported"?

saifkhan123 · 02-26-2010, 12:16 AM

Quote:

Originally Posted by ashok.g

I think I did the same as what the link you posted suggest. But why am I getting this problem "operation not supported"?

read my previous reply and do the "rpm -q", also post your /etc/fstab contents, as ACLs has much to do with the mounted partitions.

jschiwal · 02-26-2010, 12:21 AM

Please post the results of "mount". The filesystem type needs to support ACLs and you need to add the "acl" option to it's entry in /etc/fstab. But for only two users, what you want to do is done easily by creating a group for the purpose of sharing files in a directory. That is what groups are for. When you need to use acls, is when more users need access but that access is different. Suppose you have two users who can create files. A group of users who read the files they produce but don't have permission to create files in the directory.

ashok.g · 02-26-2010, 12:24 AM

Quote:

Originally Posted by saifkhan123

read my previous reply and do the "rpm -q", also post your /etc/fstab contents, as ACLs has much to do with the mounted partitions.

Ok here is what you have requested for.

Code:

[Ashok@station130 ~]$ rpm -q acl
acl-2.2.23-5

Code:

[Ashok@station130 ~]$ cat /etc/fstab
# This file is edited by fstab-sync - see 'man fstab-sync' for details
LABEL=/1                /                       ext2    defaults        1 1
none                    /dev/pts                devpts  gid=5,mode=620  0 0
none                    /dev/shm                tmpfs   defaults        0 0
none                    /proc                   proc    defaults        0 0
none                    /sys                    sysfs   defaults        0 0
LABEL=SWAP-hda2         swap                    swap    defaults        0 0

Please help me!

saifkhan123 · 02-26-2010, 12:42 AM

try this

Code:

# mount -o remount,acl /home

Now try your ACL command on a directory in /home, If that does the job add ",acl" to the mount options in /etc/fstab for Mount entries.

jschiwal · 02-26-2010, 12:45 AM

Change the mount options of your root partition to "defaults,acl".

ashok.g · 02-26-2010, 01:32 AM

I'm getting the same output even now. Do I need to restart any services for this to happen???

btmiller · 02-26-2010, 02:40 AM

No ... ACL support should take effect automatically if you did the remount correctly. You're using ext2 ... according to my man page ext2 should support ACLs, but maybe you've got an older kernel. What distro and version are you using? I don't see why in this case, though, you would just create a group to do this as was mentioned above.

ashok.g · 02-26-2010, 03:01 AM

Quote:

Originally Posted by btmiller

No ... ACL support should take effect automatically if you did the remount correctly. You're using ext2 ... according to my man page ext2 should support ACLs, but maybe you've got an older kernel. What distro and version are you using? I don't see why in this case, though, you would just create a group to do this as was mentioned above.

Actually this is not me who started this thread. But, I am just interested to know the different option (using setfacl) than the option I too mentioned(using groups).
I already mentioned my distro. For that please refer to above replies by me.
I run the command as:

Code:

[root@station130 ~]# mount -o remount,acl /home
mount: can't find /home in /etc/fstab or /etc/mtab

so I edited the /etc/fstab file by making some entry as:

Code:

none                   /home                   ext2    defaults,acl    1 1

now my total /etc/fstab looks like:

Code:

[root@station130 ~]# cat /etc/fstab
# This file is edited by fstab-sync - see 'man fstab-sync' for details
LABEL=/1                /                       ext2    defaults        1 1
none                    /home                   ext2    defaults,acl    1 1
none                    /dev/pts                devpts  gid=5,mode=620  0 0
none                    /dev/shm                tmpfs   defaults        0 0
none                    /proc                   proc    defaults        0 0
none                    /sys                    sysfs   defaults        0 0
LABEL=SWAP-hda2         swap                    swap    defaults        0 0

I run the command again as:

Code:

[root@station130 ~]# mount -o remount,acl /home
mount: /home not mounted already, or bad option

Help me out please