Solved

How to  give access permission  for a folder for  different users with different access rights in linux?

Posted on 2008-06-13
5
12,010 Views
Last Modified: 2013-12-16
I want to give a access permission for 4 users for the same folder (Foler Name: source_code) with different access rights in linux.

I want to give access rights for a folder in GUI mode and in command line mode.

for user1 = read and execute
for user2 = read, write and execute.
for user3 = read only.
for user4 = read only.

Any Help?
0
Comment
Question by:rajasekarramasamy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 16

Expert Comment

by:Blaz
ID: 21777631
File permisions in linux are for three groups of users: rights for the owner, rights for the group andrights for all users.

Your case can be easily implemented by this scheme if you say that ALL users have read access (and all users include user3 and user4).

So:
Chmod 754 *
Chown user2:user1group *

Provided that you have a group named user1group in which there is only the user user1.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 21777710
Are you aware that user3 and user4 won't be able to list any files in the folder?
0
 
LVL 2

Accepted Solution

by:
prince_ban earned 125 total points
ID: 21778018
Well this requires acl
(access control list ) concept as we are using different access controls on a particular directory or folder:

1. mount the filesystem with acl parameter so that acls can be executed
   
    mount -t ext3 -o acl devicename mountpoint/partition
   
2. make entry in fstab for persistance during boot times

eg. LABEL=/work      /work       ext3    acl        1 2

3. get the acl parameters to check from folder

   getfacl foldername

4. set acl on it acc. to contitions above

   setfacl -m u:user1:r-x foldername
   setfacl -m u:user2:rwx foldername
   setfacl -m u:user3:r-- foldername
   setfacl -m u:user4:-- foldername

5. verify all by seeing all control contexts by

 getfacl fodlername

follow above & lemm know if thrs still any issue with the above.


     
     
0
 
LVL 48

Expert Comment

by:Tintin
ID: 21782517
prince_ban, ACL's are not necessarily needed.  It just depends if user1 is in a unique group.
0
 
LVL 23

Assisted Solution

by:Mysidia
Mysidia earned 125 total points
ID: 21787268
ACLs may still be needed (if you do not wish to tweak permissions of the parent directory), because it is implicit that there are user6, user7, and user8 may exist who should have no access at all.   Granting world read access is probably unacceptable from a security standpoint.

The information must be confidential, and there may be other users of the system, otherwise  "user3" and "user4"  would not be listed as the only users that have read-only access.

There are two issues here:
* What permissions and ownerships to set on the folder
* What permissions and ownerships to set on files in the folder

It's actually not very useful to give a user "read" permission to a directory but not "execute".

The reason is without "execute" permission to a directory, you can't do anything with it.
In fact, you cannot CD into the directory or read any file from it without execute permission.

If you want to restrict the ability to execute a file, you have to use file permissions (not folder permissions)

With ACLs you _can_  set the default permissions for new files in the folder.

You can specify (for instance)

(First apply ACLs to the files)
setfacl -R -m group:firstgroup:rwx  (foldername)
setfacl -R -m group:secondgroup:r-x  (foldername)
setfacl -R -m group:thirdgroup:r--  (foldername)

(Then apply ACLs to the folder)
setfacl -m default:group:firstgroup:rwx   (foldername)

mask:---
group:firstgroup:rwx
group:secondgroup:r-x
group:thirdgroup:r-x
defaut:group:firstgroup:rwx
default:group:secondgroup:r-x
default:group:thirdgroup:r--


'default'  pertains to the initial permissions that new files get when you create them
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
The purpose of this article is to fix the unknown display problem in Linux Mint operating system. After installing the OS if you see Display monitor is not recognized then we can install "MESA" utilities to fix this problem or we can install additio…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question