Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Linux directory permissions for different groups

I'm having two directories: "public" and "private". I have three users: "chris", "john", "dan". I have two groups: "pub", "priv" and "god".

  • The group "god" should have full access to "public" and "private".
  • The group "pub" should be the only group to have permissions over "public"
  • The group "priv" should be the only group to have permissions over "private".

As root:

useradd chris

useradd john

useradd dan

usermod -g god chris

usermod -g pub john

usermod -g priv dan

chgrp god public private

chgrp pub public

chgrp priv private

su chris

As "chris":

cd public/

touch test = permission denied


The same for the other users ... under "dan" I have no permissions over the "private" directory, althou "dan" is a member of the "priv" group.

Do you have any idea?

like image 365
Schutzstaffel Avatar asked Nov 12 '12 21:11

Schutzstaffel


People also ask

Can a Linux file belong to multiple groups?

Each file can have a list of users and groups that can access it. A person is one user and many groups (groups can only be set by admin/root user). A file is normally one owner user and one group, with ACLs it can be one owner user, plus many other users, plus many groups.

What are the three groups of permissions?

Permission Types Files and directories can have three types of permissions: read, write, and execute: Someone with read permission may read the contents of a file, or list the contents of a directory.


2 Answers

Well, I know this is relatively old, but twalberg is correct: there's actually a relatively easy way to accomplish this with POSIX ACL's. They've existed since the late 90's/early 2000's so I don't know why more people don't use them.

How to do it: Do as you've already done, then simply execute this command:

# setfacl -m g:god:rwx public private

and in one command you get what you're wanting. You'll spend forever trying to figure out how to do it using ONLY traditional unix permissions.

Mikic's advice may still be good (depending on what you're trying to accomplish), and it might be more straight forward to reference as few groups as possible in your permissions (or maybe you want it to be apparent that "chris" isn't a regular user, but an administrative one, again it depends on what you want to construct).

I offered something closer to what you're trying to accomplish, because there may be situations where you're trying to give a secondary user/group access to a directory but you don't want to choose between "chris" not getting access to these two directories and "chris" getting access to all those other files and directories "pub" and "priv" might have access to. With ACL's you don't have to make those choices, which is why they were added and are now a core part of most Unix (and BSD and Linux) platforms.

like image 102
Bratchley Avatar answered Oct 04 '22 21:10

Bratchley


You said that the group "pub" should be the only group to have permissions over "public". But right before that you said that "god" should also have access. So "pub" can't be the only one that has access. Ditto for "priv".

You also say:

I have two groups: "pub", "priv" and "god".

Well, that's three groups. (Reminds me of that famous quote: "There's three kinds of people in this world; those who can count and those who can't." :-P)

Your base concept seems wrong. The way this works is rather simple. Create two groups, "pub" and "priv". Place all users who need access to the directories accordingly. Users who need access to both directories should belong to both groups.

In this case, "chris" should be put in both the "pub" as well as the "priv" group. "john" should be put in the "pub" group. "dan" should be put in the "priv" group.

What you were trying to do is having the directories be owned by two groups. That's not possible. It's users who can be part of multiple groups, not files or directories. You simply got it backwards :-)

like image 35
Nikos C. Avatar answered Oct 04 '22 22:10

Nikos C.