We help IT Professionals succeed at work.

Permissions on Linux Folders

amitnepal asked
  I have a following scenario:

I have folders that are in a particular user's ownership.

Now i need to give access to some of those folders to a group of users. Any ideas how I could implement that ? I want the users not to be able to access all the files/folders  but just selected ones.

I can't add them to the group because then they will be able to access all the files owned by that group.

Watch Question

Most Valuable Expert 2013
Top Expert 2013

Try using extended ACLS.

"man setfacl" for more.

Top Expert 2007

can you create a new group and put the users and the owner to that group? you may then change the group of those particular files and then give perms to the new group

You may otherwise use access lists

Keith BrownAWS System Administrator

Ok, all files and directories have ownership by a specific user, and a specific group. Permissions then are set for the owning ID, the Group, and then for everyone else. Often, there usually is a made group with the same name as the user ID when the user is initially created. I'd use chown to change the group ownership of those directories, and use chmod for appropriate group permissions.

As root, or the owner of the file, use of chown would be like
chown user:group /path/to/directory/or/file

Open in new window

I'm assuming that you already have the users assigned to the group. If you've not, then use the following command:
usermod -a -G group user

Open in new window

If you've not already created the group, do that with
groupadd groupname

Open in new window

And finally if you want to create a user and add them to the group at the same time, then you can do this:
adduser -G group user

Open in new window

Please note that a group must exist before adding a user to it.
setfacl -m u:USERID:rwx /path/foldername
Top Expert 2011
setfacl -m g:groupname:rwx /path/to/dir

Open in new window

Create a new group and add the users to it you want to give access to, and substitute your new group name for 'groupname' in the above syntax.  The rwx field is your normal permissions, read write execute, so set that as you see fit.  Add a "-R" to setfacl to apply the changes recursively.

To set a default ACL on the parent directory so that all new files created underneath will have the same ACL's, then the syntax would be
setfacl -m d:g:groupname:rwx /path/to/dir

Open in new window

Explore More ContentExplore courses, solutions, and other research materials related to this topic.