I am a very newbie at linux. The Linux Engineer went back to school .. and I have been left with holding the bag. So ... here I am.

I am running Ubuntu flavour of Linux.

I would like to restrict access to certain directories for certain users. How do I set this up ?

I have 10 directories, D1 - D10
There are 15 developers (Software Engineers) SE1 - SE15
SE1 - SE10 have access to Directories D1 - D7
SE7 - SE15 have access to directories D5 - D10

(Basically SE7,8,9,10 have access to all the directories)

All the developers access the Linux server via SSH. Or via command line from the "DOS prompt" on their windows work stations.

Thanks.

One easy way would be to make two groups. one for d1-d7 and another for d5-10. Then assign permissions for the each group. and for access to all dir for se7,8,9,10 just make them a member of Both groups.

Creating groups .. groupadd
How do I assign permissions to each group ?

okay first you need to give make the correct groups own the directory so .
this will change the group owner of the directory and make the change Descend down the directory.

now we need to give them correct permissions.

7 - full
4 - read
2 - write

so to give say owner full of a directory, group read + write and every-one else no rights it would be this

chmod 760 [file or directory_Name] then when you do a ls -al you would see

-rwxrw---- [for a file]
drwxrw---- [for a directory]

In the /etc/group file I have a group defined as follows
G5:x:1023:SE1,SE2,SE3,SE4,SE5,SE6,SE7,SE8,SE9
G6:x:1024:SE1,SE2,SE3,SE4,SE5,SE6,SE7,SE8,SE9,SE10
G7:x:1024:SE5,SE6,SE7,SE8,SE9,SE10

I have changed the group owner for D5 to G5 and D6 to G6
chgrp -R G5 D5
chgrp -R G6 D6

Then I changed the permission for directories
chmod 760 D5
chmod 760 D6
... which gives persmission to the group owner.

I would like to give permission to the individuals in the group. I tried chmod 777, 775, 765. I am trying to figure out how the chmod works. What should I use so that only G5 has access to D5 ?

Thanks.

chmod 770 - this means that owner of the directory has full access, the group owner has full acess and everyone else has no access.

That doesn't seem right. "x" permission (execute) on a file makes the file, well, executable (ie like a program or script). "x" permission on a directory allows to descend into the directory and any of it's subdirectories.

So, it should be something like:
rwxrwx--- [for an executable file]
rw-rw---- [for a regular file]
rwxrwx--- [for a directory]
drwxrw---- [for a directory]

Next, assume r=4, w=2 and x=1 and that the first three are access to the user that owns the file, the second three are for the group owning the file and the last three are for everyone else.
So, a little simple math shows you that:
rwxrwx--- => rwx for user: r+w+x=7, same for group, --- = 0 for everyone else. Hence, chmod 770 some_directory.
-R makes chmod work recursively on all files and subdirectories of the mentioned directory.

Another way to use chmod is via symbols (read "man chmod" for details). An example would be:
chmod g+rwx some_directory
This gives the group (g) rwx (read-write-execute) permission.

Be careful that no files are owned by root.

Thanks for that. I just noticed I used a 7 instead of a 1 and used the word full instead of execute.

The explanation was great. The changes work. Thanks !

You're welcome! Glad it works now...