?
Solved

How to  give access permission  for a folder for  different users with different access rights in linux?

Posted on 2008-06-13
5
Medium Priority
?
12,023 Views
Last Modified: 2013-12-16
I want to give a access permission for 4 users for the same folder (Foler Name: source_code) with different access rights in linux.

I want to give access rights for a folder in GUI mode and in command line mode.

for user1 = read and execute
for user2 = read, write and execute.
for user3 = read only.
for user4 = read only.

Any Help?
0
Comment
Question by:rajasekarramasamy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 16

Expert Comment

by:Blaz
ID: 21777631
File permisions in linux are for three groups of users: rights for the owner, rights for the group andrights for all users.

Your case can be easily implemented by this scheme if you say that ALL users have read access (and all users include user3 and user4).

So:
Chmod 754 *
Chown user2:user1group *

Provided that you have a group named user1group in which there is only the user user1.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 21777710
Are you aware that user3 and user4 won't be able to list any files in the folder?
0
 
LVL 2

Accepted Solution

by:
prince_ban earned 375 total points
ID: 21778018
Well this requires acl
(access control list ) concept as we are using different access controls on a particular directory or folder:

1. mount the filesystem with acl parameter so that acls can be executed
   
    mount -t ext3 -o acl devicename mountpoint/partition
   
2. make entry in fstab for persistance during boot times

eg. LABEL=/work      /work       ext3    acl        1 2

3. get the acl parameters to check from folder

   getfacl foldername

4. set acl on it acc. to contitions above

   setfacl -m u:user1:r-x foldername
   setfacl -m u:user2:rwx foldername
   setfacl -m u:user3:r-- foldername
   setfacl -m u:user4:-- foldername

5. verify all by seeing all control contexts by

 getfacl fodlername

follow above & lemm know if thrs still any issue with the above.


     
     
0
 
LVL 48

Expert Comment

by:Tintin
ID: 21782517
prince_ban, ACL's are not necessarily needed.  It just depends if user1 is in a unique group.
0
 
LVL 23

Assisted Solution

by:Mysidia
Mysidia earned 375 total points
ID: 21787268
ACLs may still be needed (if you do not wish to tweak permissions of the parent directory), because it is implicit that there are user6, user7, and user8 may exist who should have no access at all.   Granting world read access is probably unacceptable from a security standpoint.

The information must be confidential, and there may be other users of the system, otherwise  "user3" and "user4"  would not be listed as the only users that have read-only access.

There are two issues here:
* What permissions and ownerships to set on the folder
* What permissions and ownerships to set on files in the folder

It's actually not very useful to give a user "read" permission to a directory but not "execute".

The reason is without "execute" permission to a directory, you can't do anything with it.
In fact, you cannot CD into the directory or read any file from it without execute permission.

If you want to restrict the ability to execute a file, you have to use file permissions (not folder permissions)

With ACLs you _can_  set the default permissions for new files in the folder.

You can specify (for instance)

(First apply ACLs to the files)
setfacl -R -m group:firstgroup:rwx  (foldername)
setfacl -R -m group:secondgroup:r-x  (foldername)
setfacl -R -m group:thirdgroup:r--  (foldername)

(Then apply ACLs to the folder)
setfacl -m default:group:firstgroup:rwx   (foldername)

mask:---
group:firstgroup:rwx
group:secondgroup:r-x
group:thirdgroup:r-x
defaut:group:firstgroup:rwx
default:group:secondgroup:r-x
default:group:thirdgroup:r--


'default'  pertains to the initial permissions that new files get when you create them
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will explain how to establish a SSH connection to Ubuntu through the firewall and using a different port other then 22. I have set up a Ubuntu virtual machine in Virtualbox and I am running a Windows 7 workstation. From the Ubuntu vi…
The purpose of this article is to fix the unknown display problem in Linux Mint operating system. After installing the OS if you see Display monitor is not recognized then we can install "MESA" utilities to fix this problem or we can install additio…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses
Course of the Month14 days, left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question