LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-21-2017, 07:10 AM   #1
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Rep: Reputation: 10
Post A directory with different permission.


Hello.
I have a directory and want to set different permission on it. For example, "user1" just can Read it and "user2" can Read\Write. Should I use "setfacl"?


Thank you.
 
Old 10-21-2017, 07:18 AM   #2
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,617
Blog Entries: 3

Rep: Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871
Yes, if you have two groups with different permissions and the Other to have no access at all. However, if you can set Other to rx then you will not need setfacl. ACLs complicate maintenance quite a bit.
 
1 members found this post helpful.
Old 10-21-2017, 09:11 AM   #3
Rickkkk
Senior Member
 
Registered: Dec 2014
Location: Montreal, Quebec and Dartmouth, Nova Scotia CANADA
Distribution: Arch
Posts: 1,253

Rep: Reputation: 467Reputation: 467Reputation: 467Reputation: 467Reputation: 467
Absolutely agree with Turbocapitalist ... I have to use ACLs in several cases and while it does solve the problem, it does indeed complicate things. In certain cases, there is no way around it and you must use ACLs. If at all possible to just go with standard ownership and permission management (user-group-others), stick with that if you can.
 
Old 10-21-2017, 09:40 AM   #4
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Original Poster
Rep: Reputation: 10
Quote:
Originally Posted by Rickkkk View Post
Absolutely agree with Turbocapitalist ... I have to use ACLs in several cases and while it does solve the problem, it does indeed complicate things. In certain cases, there is no way around it and you must use ACLs. If at all possible to just go with standard ownership and permission management (user-group-others), stick with that if you can.
Can you show me an example?
 
Old 10-21-2017, 09:44 AM   #5
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,617
Blog Entries: 3

Rep: Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871
Like this:

Code:
chown root:agroup /some/dir/
chmod u=rwx,g=rwxs,o=rx /some/dir/
The Other category includes any account on the system. If that is no good for you then you'll have to use ACLs to have two groups with different settings.
 
1 members found this post helpful.
Old 10-21-2017, 09:47 AM   #6
Rickkkk
Senior Member
 
Registered: Dec 2014
Location: Montreal, Quebec and Dartmouth, Nova Scotia CANADA
Distribution: Arch
Posts: 1,253

Rep: Reputation: 467Reputation: 467Reputation: 467Reputation: 467Reputation: 467
Quote:
Originally Posted by hack3rcon View Post
Can you show me an example?
Sure ... if you mean giving specific permissions to a directory using ACLs ... the command would look something like this (as root) :

Code:
setfacl -R -m "u:hack3rcon:rwx" directoryname
... this would give user "hack3rcon" read-write-execute access (full) to directory "directoryname" and all of its contents (the -R option means recursive ..).

However, the one of the complicated parts comes when you change the contents of the directory after have applied the ACLs ... The new files/subdirectories do not automatically inherit these specific permissions (at least I haven't found a way to do this with ACLs), meaning you have to apply them again ...

Last edited by Rickkkk; 10-21-2017 at 09:49 AM.
 
Old 10-21-2017, 01:58 PM   #7
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 4,547

Rep: Reputation: 2083Reputation: 2083Reputation: 2083Reputation: 2083Reputation: 2083Reputation: 2083Reputation: 2083Reputation: 2083Reputation: 2083Reputation: 2083Reputation: 2083
Quote:
Originally Posted by Rickkkk View Post
However, the one of the complicated parts comes when you change the contents of the directory after have applied the ACLs ... The new files/subdirectories do not automatically inherit these specific permissions (at least I haven't found a way to do this with ACLs), meaning you have to apply them again ...
You can set a default ACL on a directory, and that list does get inherited.
 
1 members found this post helpful.
Old 10-21-2017, 02:22 PM   #8
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,617
Blog Entries: 3

Rep: Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871
Interestingly, the default ACL can cover more than one group.
 
Old 10-21-2017, 05:54 PM   #9
Rickkkk
Senior Member
 
Registered: Dec 2014
Location: Montreal, Quebec and Dartmouth, Nova Scotia CANADA
Distribution: Arch
Posts: 1,253

Rep: Reputation: 467Reputation: 467Reputation: 467Reputation: 467Reputation: 467
Quote:
Originally Posted by rknichols View Post
You can set a default ACL on a directory, and that list does get inherited.
This IS good to learn ... Thanks rknichols.
 
Old 10-23-2017, 10:30 AM   #10
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Original Poster
Rep: Reputation: 10
Quote:
Originally Posted by Rickkkk View Post
Sure ... if you mean giving specific permissions to a directory using ACLs ... the command would look something like this (as root) :

Code:
setfacl -R -m "u:hack3rcon:rwx" directoryname
... this would give user "hack3rcon" read-write-execute access (full) to directory "directoryname" and all of its contents (the -R option means recursive ..).

However, the one of the complicated parts comes when you change the contents of the directory after have applied the ACLs ... The new files/subdirectories do not automatically inherit these specific permissions (at least I haven't found a way to do this with ACLs), meaning you have to apply them again ...
Thank you.
For other users I can write:
Code:
# setfacl -R -m "u:hack3rcon2:r" directoryname
?
 
Old 10-23-2017, 10:36 AM   #11
hack3rcon
Senior Member
 
Registered: Jan 2015
Posts: 1,432

Original Poster
Rep: Reputation: 10
Quote:
Originally Posted by Turbocapitalist View Post
Like this:

Code:
chown root:agroup /some/dir/
chmod u=rwx,g=rwxs,o=rx /some/dir/
The Other category includes any account on the system. If that is no good for you then you'll have to use ACLs to have two groups with different settings.
In this example, the "root" user is a member of "agroup" and has "rwx" permission but other members of "agroup" have "rwxs" and other users "rx" ?
 
Old 10-23-2017, 10:39 AM   #12
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,617
Blog Entries: 3

Rep: Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871
If you want the directories to inherit the ACLs then you'll need to set them as defaults.

Code:
setfacl -b -m group:aaagroup:rwx,default:group:bbbgroup:rw-,default:group:aaagroup:rw- /some/dir/
Or something like that.
 
Old 10-23-2017, 10:41 AM   #13
Turbocapitalist
LQ Guru
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 5,617
Blog Entries: 3

Rep: Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871Reputation: 2871
Quote:
Originally Posted by hack3rcon View Post
In this example, the "root" user is a member of "agroup" and has "rwx" permission but other members of "agroup" have "rwxs" and other users "rx" ?
"root" is independent of "agroup". It just helps to have a directory owned by root to make it clear that the permissions are elsewhere in my opinion.
 
Old 10-23-2017, 10:43 AM   #14
Edellschwarz
LQ Newbie
 
Registered: Oct 2017
Posts: 1

Rep: Reputation: Disabled
Did this " # setfacl -R -m "u:hack3rcon2:r" directoryname " work for anyone ?
 
Old 10-23-2017, 10:51 AM   #15
Rickkkk
Senior Member
 
Registered: Dec 2014
Location: Montreal, Quebec and Dartmouth, Nova Scotia CANADA
Distribution: Arch
Posts: 1,253

Rep: Reputation: 467Reputation: 467Reputation: 467Reputation: 467Reputation: 467
Quote:
Originally Posted by Edellschwarz View Post
Did this " # setfacl -R -m "u:hack3rcon2:r" directoryname " work for anyone ?
... please keep in mind that in this example from my post, both "hack3rcon" and "directoryname" should be replaced by whichever username and directory one is operating on ... (hence the italics in my post ...).

... just to be clear :-)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Permission issue for directory access in user's home directory BhushanPathak Linux - Newbie 9 07-11-2017 06:04 AM
Directory Permission riganta Linux - Newbie 6 05-24-2007 05:20 AM
directory permission leprkhn Linux - Newbie 6 05-02-2007 07:30 PM
directory permission Drunkalot Linux - General 1 07-05-2005 01:05 AM
Permission for directory absolut Linux - Newbie 2 01-19-2004 04:38 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 09:25 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration