• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 12034
  • Last Modified:

How to give access permission for a folder for different users with different access rights in linux?

I want to give a access permission for 4 users for the same folder (Foler Name: source_code) with different access rights in linux.

I want to give access rights for a folder in GUI mode and in command line mode.

for user1 = read and execute
for user2 = read, write and execute.
for user3 = read only.
for user4 = read only.

Any Help?
0
rajasekarramasamy
Asked:
rajasekarramasamy
2 Solutions
 
BlazCommented:
File permisions in linux are for three groups of users: rights for the owner, rights for the group andrights for all users.

Your case can be easily implemented by this scheme if you say that ALL users have read access (and all users include user3 and user4).

So:
Chmod 754 *
Chown user2:user1group *

Provided that you have a group named user1group in which there is only the user user1.
0
 
TintinCommented:
Are you aware that user3 and user4 won't be able to list any files in the folder?
0
 
prince_banCommented:
Well this requires acl
(access control list ) concept as we are using different access controls on a particular directory or folder:

1. mount the filesystem with acl parameter so that acls can be executed
   
    mount -t ext3 -o acl devicename mountpoint/partition
   
2. make entry in fstab for persistance during boot times

eg. LABEL=/work      /work       ext3    acl        1 2

3. get the acl parameters to check from folder

   getfacl foldername

4. set acl on it acc. to contitions above

   setfacl -m u:user1:r-x foldername
   setfacl -m u:user2:rwx foldername
   setfacl -m u:user3:r-- foldername
   setfacl -m u:user4:-- foldername

5. verify all by seeing all control contexts by

 getfacl fodlername

follow above & lemm know if thrs still any issue with the above.


     
     
0
 
TintinCommented:
prince_ban, ACL's are not necessarily needed.  It just depends if user1 is in a unique group.
0
 
MysidiaCommented:
ACLs may still be needed (if you do not wish to tweak permissions of the parent directory), because it is implicit that there are user6, user7, and user8 may exist who should have no access at all.   Granting world read access is probably unacceptable from a security standpoint.

The information must be confidential, and there may be other users of the system, otherwise  "user3" and "user4"  would not be listed as the only users that have read-only access.

There are two issues here:
* What permissions and ownerships to set on the folder
* What permissions and ownerships to set on files in the folder

It's actually not very useful to give a user "read" permission to a directory but not "execute".

The reason is without "execute" permission to a directory, you can't do anything with it.
In fact, you cannot CD into the directory or read any file from it without execute permission.

If you want to restrict the ability to execute a file, you have to use file permissions (not folder permissions)

With ACLs you _can_  set the default permissions for new files in the folder.

You can specify (for instance)

(First apply ACLs to the files)
setfacl -R -m group:firstgroup:rwx  (foldername)
setfacl -R -m group:secondgroup:r-x  (foldername)
setfacl -R -m group:thirdgroup:r--  (foldername)

(Then apply ACLs to the folder)
setfacl -m default:group:firstgroup:rwx   (foldername)

mask:---
group:firstgroup:rwx
group:secondgroup:r-x
group:thirdgroup:r-x
defaut:group:firstgroup:rwx
default:group:secondgroup:r-x
default:group:thirdgroup:r--


'default'  pertains to the initial permissions that new files get when you create them
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now