I have a Group 'g1' having 2 users Alice and Bob.
I want to share a file 'file1' with both of them with different permissions.(for Alice read only and for Bob Read+write)
Assuming Bob can own the file the following should work for you.
$ chown Bob:g1 file1
First set the ownership of the file to Bob to allow for read+write access and set the group ownership to the g1 group.
$ chmod 640 file1
Set the owner to a read and write and set the group to read only. This is a common permission structure on webservers. Note that the "world" has no permissions in this structure, but $ man chmod can provide further information on file permissions and get you where you are needing to go. Additionally if you need more control over your permissions across the whole system you may want to look into Posix ACLs or SE Linux as you did indicate you are on RedHat
You may try like this in Linux:-
chown user_name file
chown user_name folder
chown -R user_name folder #recursive
Related
I have few directories with files on debian 9 system. I want to disable privilege to read these directories for everyone than owner, but I want to let some users list files in this directories only by my own script in bash.
I change privileges to directories and to my script but i get "permission denied" when i try using it. I understand why, but cant fix it.
OKAY after we had a small chat I understand the following:
that you (your user is called user0) have a directory with some files in it, and you have a special category of users (user1,user2...usern) on your machine that you want to give access to this folder. First you must create a group called for example "cowboys" witch the users who will be privileged to read, and execute the folder will add.
# create the group cowboys
groupadd cowboys
# add user1, user2, etc to the group
usermod -a -G cowboys user1 user2 .... usern
Lets admit your folder that you want to give access to is called "/somehow/there/dictionary"
So after you created the folder and joined it, you chown it to you and the group cowboys
chown user0:cowboys /somehow/there/dictionary
in the next step you must chmod the folder it in a way that you can read(400) write(200) and execute(100), cowboys can read(40) and execute(10) and rest of the word can nothing(0).
chmod 750 /somehow/there/dictionary
the last step is that you now must chmod the files in the derectory
1) The executable files you must chmod very similar to the way you chmod the folders, because folders need to have "executable" rights for one to "cd" in the folder
chmod 750 /somehow/there/dictionary/*
2) the non executable files you will chmod like this :
chmod 640 /somehow/there/dictionary/*
and this should do the trick.
I want a program can be run by a specific user (let's say tony) and the owner (root). I thought I could use setuid on the program:
chmod u+s program1.sh
But it returns out all other users can run program1.sh with owner's privilege. Instead of using setuid, change the group program1.sh so that the group contains tony could be good to allow only tony and the owner can run the program, but tony cannot run with owner's privilege.
So I don't know how to archive this requirement. Hope guys can give me some advice.
you chmod u+s program1.sh just like you did, then chmod o-x program1.sh to prevent 'other' users from running that file. Now create a new group, and use chown to give that group ownership of the file. Finally add any users you would like to be able to execute the file, to the newly created group. Don't forget to chmod g+x to allow users of the new group to execute the file.
my scenario is:
2 users : firstUser and secondUser in developers group.
This user connect to server with sftp;
if firstUser create a file, this file was 775 , ownered by firstUser, group developers;
with secondUser i can edit and write this file but if i try:
chmod 777 testfile.txt
I can't do that!
Could you provide the results of 'ls -l testfile.txt'. There are two ways you can try to resolve this. I am unsure if they would be the best approach but here they are. Add a sudo prior to the chmod, e.g., 'sudo chmod 777 testfile.txt' and supply the root password. Or you could change the owner, e.g., 'chown secondUser:developersgroup testfile.txt' then chmod.
only root or the owner can do that.
I was wondering if anyone could explain a bit on Linux permissions for me. I have two groups
Group A - Normal Users
Group B - File Changing group
I want group B to be pretty much exactly the same as group A other than group B are able to change 'message of the day' how could I set it so they have write access to MOTD and group A only have read access?
With ordinary UNIX u-g-o permissions, you can only assign a single UNIX group to any given file. In your case, since "normal users" presumably means "all users", you could just chmod the MOTD file to 664 (group read-write, all read-only), and chown it to root:file_changers (file owned by root, and assigned to the file_changers group).
With Linux ACLs, you can assign multiple groups to a file. Not all filesystems support ACLs. You can use setfacl to alter the permissions:
setfacl -m g:regular:r motd
setfacl -m g:file_changers:rw motd
Note that, in my opinion, ACLs can often be overkill. They can make permission management a hassle if you aren't prepared for them. Consider carefully if you need them; otherwise, stick to the simpler UNIX permission system.
Solution without ACL:s:
You can move the motd file in a directory that is readable by group A and make the file writable by group B. Then place a symlink in place from the original location to the new location.
Example (assuming motd is in /etc/motd):
# mkdir /etc/motd-dir
# mv /etc/motd /etc/motd-dir/
# chown groupA /etc/motd-dir
# chown groupB /etc/motd-dir/motd
# chmod 750 /etc/motd-dir
# chmod 664 /etc/motd-dir/motd
# ln -s /etc/motd-dir/motd /etc/motd
This solution requires that all members of group B must also belong to group A so they can access the directory.
I'm a little bit confused with Linux permissions. I'm configuring a Git Central Repository that the users access by SSH. I'm using Filesystem ACLs(link) and regular linux permissions. What I intend to do is:
Find a way in that only the users that I want will be able to list/read/write/execute the dir "/var/github" (in a way that I assign a group to the user that I want to give this kind of permissions)
The user "git" is the only user that can create new folders in "/var/github"
This is possible to do? Somes clues on how to do it?
Best Regards,
chown git:git /var/github; chmod 750 !$
Now only the group git can read the folder and only the user git can modify it.
You can use access control lists to grant access to multiple groups. Here's an example session (using Ubuntu, but it should be the same for CentOS) that gives the grp1 group read access and the grp2 group read, write and execute access:
$ touch foo
$ setfacl -m "g:grp1:r--,g:grp2:rwx" foo
$ getfacl foo
# file: foo
# owner: me
# group: me
user::rw-
group::r--
group:grp2:rwx
group:grp1:r--
mask::rwx
other::r--
Make sure that along with the user "git" that there is a "git" group. Add all the users to the group that you will give access to. Change the ownership properties of your directory to user and group git, and then the permission of 750. The ownership and mode commands are as follows:
chown git:git /var/github
chmod 750 /var/github
The permission of 750 lets the user do pretty much anything in the folder and only the members of the group "git" read and possibly execute in that folder. What programs and commands you use for your user management is up to you.