chmod / setuid
 

Hello,

General enquirey please -

i have a folder /root/testdir/ with permissions set as :

if i want only the user 'testuser' to have read/write/execute permissions on this directory what command would i use?

Thankyou in advance.

Well, first, to access that folder, testuser would need to be a root user to access /root. Since everybody who can access /root is a member of root, you can't block someone out of /root/testdir. I don't know what your up to, learning or actually block everyone but testuser out of one folder. Notice that root and other members of the root-group always will have access to everything, so as long as this folder is in /root/ you will not be able to test it out properly. And to clear things up. You can't stop root from accessing things.

So, if learning is what you want, I suggest to move the directory to /tmp or /home or some other place.

Anyhow you can achieve to block everyone but testuser out of a directory like this:
chown testuser testdir
group to something, ie testgroup (Actually optional, but it's nice to do it)
chgrp testgroup /root/testdir
This could be done in one command
chown testuser.testgroup /root/testdir
Make sure testgroup exist.

Then change the modes:
chmod u=rwx,og= /root/testdir
That will set rwx for user (testuser) and nothing to the group and others.

Hello,

Thanks for the reply, very much appreciated. However, i feel i should revise my original question. (p.s. i am trying to learn and not cause any malicious damage to a system, so my appologies for using /root/testdir as an example).

What i would like to know is this :

If i have any folder at all, e.g. /test/testdir and the permissions are set to :

How would i allow read/write/execute access to this folder to only one other user? For example, with the folder above, the users root and cmc have access just now, however i wish for another user called 'testuser' to have read/wrte/execute permission on this folder also, so that only the users root, cmc and testuser have read/write/execute access to this folder, and no other users can write to it. If possible, i would like to avoid changing the owner or the group of the folder /test/testdir/

Thankyou in advance.

Well, thats the deal with *nix filesystem. They have a really straightforward policy. Either your owner, in the group or your someone else. So in this case, you have some solutions, but none like you are seeking.

1. You could have to create a group, and put cmc and testuser in to this group and change the group of the folder. (What you didn't want but it works).
Pros: Can be extended with more people to access file.
Cons: You have to change the group.

2. If you have one group for each user (It looks like you have), you can change the group to testuser.
Pros: You achieve what you want
Cons: You have to change the group.

3. Start using ACL. This is somewhat the same as the one you find in Windows. You can add more users with read/write permissions, without changing the owner, add groups with read/write, and do a lot of funky stuff. This should cover your needs.
Pros: You achieve exactly what you want. Its flexible, and ideal for fileservers, nfs, multiusercomputers sambashares etc.
Cons: You have to install software and enable ACL in the kernel (If it's not already activated). It's a bit more confusing then the traditional rwx, but its toppers when you first get it. Another con that I'm not sure of is the security of this system. I can't see any real danger or flaws, but who knows?

Dinithion thanks very much for all the help and advice, i really appreciate it.