[SOLVED] folder Permission

9199 · 08-08-2012, 08:28 PM

I have shared folder name nfs_share.

permission is

drwxrwxrwx it mean everyone have read,write,execute permission on this folder.

Now, how can i set the permission on this folder for user joye that he can execute/get access in this folder, but he can't create any file/folder and also can't read the child/sub folder/file.

chrism01 · 08-09-2012, 12:12 AM

If you mean what I think

Code:

drwxr-x---   owner groupx

where joye is not owner but is in groupx

You'll need chown http://linux.die.net/man/1/chown & chmod http://linux.die.net/man/1/chmod
See also http://rute.2038bug.com/index.html.gz

9199 · 08-09-2012, 01:17 AM

With the chwon and chmod whatever the permission we set to a directory it will inherited to child directory.

chwon sets the ownership
chmod change the directory

but my question was to give the user joye access on /nfs_share but he can't read/write there he can only execute that folder.

i don have to implement the acl ruls here too.

I face this question in an interview?

kauuttt · 08-09-2012, 04:40 AM

Not sure whether I understood your Q correctly!

'joey' belongs to same group as you? And you are the user?
In that case dont give 'write' permission to the group..750 should be fine..you (user) will have all the permission, joey (group) will only have read and execute permission, and the rest dont have any access permission.

Hope it helps.

devUnix · 08-09-2012, 04:48 AM

Code:

getfacl dir_or_file

and

Code:

setfacl dir_or_file

are what you are looking for, where the first one gives you the current ACLs and the second one modifies the ACLs.

devUnix · 08-09-2012, 05:02 AM

Go through these commands I have mentioned above and this should help you:

Create a directory and assign full permissions to everyone:

Code:

[root@localhost ~]# mkdir /work ; chmod 777 /work
[root@localhost ~]# ls -ld /work/
drwxrwxrwx. 2 root root 4096 Aug  9 15:25 /work/

Log-in as an ordinary user and create a file in the directory created above:

Code:

[root@localhost ~]# su - demo
[demo@localhost ~]$ touch /work/hello-demo
[demo@localhost ~]$ ls -l /work/hello-demo 
-rw-rw-r--. 1 demo demo 0 Aug  9 15:26 /work/hello-demo
[demo@localhost ~]$ logout

Now disallow the above user only from creating anything in the /work directory:

Code:

[root@localhost ~]# getfacl /work/
getfacl: Removing leading '/' from absolute path names
# file: work/
# owner: root
# group: root
user::rwx
group::rwx
other::rwx

[root@localhost ~]# setfacl -m user:demo:-w /work/
[root@localhost ~]# getfacl /work/
getfacl: Removing leading '/' from absolute path names
# file: work/
# owner: root
# group: root
user::rwx
user:demo:-w-
group::rwx
mask::rwx
other::rwx

Now let's see demo can create anything in /work:

Code:

[root@localhost ~]# su - demo
[demo@localhost ~]$ touch /work/hello-demo
touch: cannot touch `/work/hello-demo': Permission denied
[demo@localhost ~]$ ls -l /home
total 19
drwx------. 30 demo      demo       3072 Aug  9 14:19 demo
drwx------.  4 Devarishi Devarishi  1024 Jun  4 13:30 Devarishi
drwx------.  2 root      root      12288 May 31 10:20 lost+found
[demo@localhost ~]$ logout

How about the others?

Code:

[root@localhost ~]# su - Devarishi
[Devarishi@localhost ~]$ touch /work/hello-Dev

Sounds good to you?

9199 · 08-09-2012, 10:09 AM

Thanks all