Solved

How to  give access permission  for a folder for  different users with different access rights in linux?

Posted on 2008-06-13
5
11,983 Views
Last Modified: 2013-12-16
I want to give a access permission for 4 users for the same folder (Foler Name: source_code) with different access rights in linux.

I want to give access rights for a folder in GUI mode and in command line mode.

for user1 = read and execute
for user2 = read, write and execute.
for user3 = read only.
for user4 = read only.

Any Help?
0
Comment
Question by:rajasekarramasamy
5 Comments
 
LVL 16

Expert Comment

by:Blaz
Comment Utility
File permisions in linux are for three groups of users: rights for the owner, rights for the group andrights for all users.

Your case can be easily implemented by this scheme if you say that ALL users have read access (and all users include user3 and user4).

So:
Chmod 754 *
Chown user2:user1group *

Provided that you have a group named user1group in which there is only the user user1.
0
 
LVL 48

Expert Comment

by:Tintin
Comment Utility
Are you aware that user3 and user4 won't be able to list any files in the folder?
0
 
LVL 2

Accepted Solution

by:
prince_ban earned 125 total points
Comment Utility
Well this requires acl
(access control list ) concept as we are using different access controls on a particular directory or folder:

1. mount the filesystem with acl parameter so that acls can be executed
   
    mount -t ext3 -o acl devicename mountpoint/partition
   
2. make entry in fstab for persistance during boot times

eg. LABEL=/work      /work       ext3    acl        1 2

3. get the acl parameters to check from folder

   getfacl foldername

4. set acl on it acc. to contitions above

   setfacl -m u:user1:r-x foldername
   setfacl -m u:user2:rwx foldername
   setfacl -m u:user3:r-- foldername
   setfacl -m u:user4:-- foldername

5. verify all by seeing all control contexts by

 getfacl fodlername

follow above & lemm know if thrs still any issue with the above.


     
     
0
 
LVL 48

Expert Comment

by:Tintin
Comment Utility
prince_ban, ACL's are not necessarily needed.  It just depends if user1 is in a unique group.
0
 
LVL 23

Assisted Solution

by:Mysidia
Mysidia earned 125 total points
Comment Utility
ACLs may still be needed (if you do not wish to tweak permissions of the parent directory), because it is implicit that there are user6, user7, and user8 may exist who should have no access at all.   Granting world read access is probably unacceptable from a security standpoint.

The information must be confidential, and there may be other users of the system, otherwise  "user3" and "user4"  would not be listed as the only users that have read-only access.

There are two issues here:
* What permissions and ownerships to set on the folder
* What permissions and ownerships to set on files in the folder

It's actually not very useful to give a user "read" permission to a directory but not "execute".

The reason is without "execute" permission to a directory, you can't do anything with it.
In fact, you cannot CD into the directory or read any file from it without execute permission.

If you want to restrict the ability to execute a file, you have to use file permissions (not folder permissions)

With ACLs you _can_  set the default permissions for new files in the folder.

You can specify (for instance)

(First apply ACLs to the files)
setfacl -R -m group:firstgroup:rwx  (foldername)
setfacl -R -m group:secondgroup:r-x  (foldername)
setfacl -R -m group:thirdgroup:r--  (foldername)

(Then apply ACLs to the folder)
setfacl -m default:group:firstgroup:rwx   (foldername)

mask:---
group:firstgroup:rwx
group:secondgroup:r-x
group:thirdgroup:r-x
defaut:group:firstgroup:rwx
default:group:secondgroup:r-x
default:group:thirdgroup:r--


'default'  pertains to the initial permissions that new files get when you create them
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now