Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 11
Like Tree1Likes
There are a bunch of files in a folder, the owner is a specific user (let's call him user "A") who wants to retain ownership and ability to edit the ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Dec 2012
    Posts
    24

    Question Give write access to a file or folder to a user whos not the owner


    There are a bunch of files in a folder, the owner is a specific user (let's call him user "A") who wants to retain ownership and ability to edit the files.

    There's another user ("B"), who needs to edit (write and save changes) to these files.

    There are 5 files in this folder.

    I am a newbie, as you can tell by now

    What's the best way to give this user B write access to each file or to this whole directory without changing the files owner ? do I give rights to the folder and it enforces the change on all the folder's contents? do i assing the user a group and give the group rights? and "how" do i do this?

    thank you!

  2. #2
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,410
    As you already said, you add users to a group.
    Then change the group and group permissions of the files and potetially the parent directory.

    Commands to do so are:
    usermod, chgrp and chmod
    You must always face the curtain with a bow.

  3. #3
    Just Joined!
    Join Date
    Dec 2012
    Posts
    24
    for the group name, i can come up with any name i like, right?

  4. $spacer_open
    $spacer_close
  5. #4
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,410
    Yes, if the group exists already or if you create it via groupadd.
    Keep the name simple.
    You must always face the curtain with a bow.

  6. #5
    Just Joined!
    Join Date
    Dec 2012
    Posts
    24
    do you think the folder and/or files already belong to some group?

  7. #6
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,410
    For sure.
    Check with ls -la for files and ls -lad for directories.
    You must always face the curtain with a bow.

  8. #7
    Just Joined!
    Join Date
    Dec 2012
    Posts
    24
    Quote Originally Posted by Irithori View Post
    For sure.
    Check with ls -la for files and ls -lad for directories.
    with ls -la I see the result set
    here's one of the files

    -rwxr--r-- 1 krusk www 18011 2012-12-20 08:27 forms.html

    krusk is the owner. Is www the group this file belongs to?

    How many groups can a file belong to?
    How do i see this (file <-> group) association ?

  9. #8
    Just Joined!
    Join Date
    Dec 2012
    Posts
    24
    i wont want to give the www group write access to this file. So, can i add the file to another group? is it already in another group (of people who can write to it) ?

  10. #9
    Linux Guru
    Join Date
    Oct 2007
    Location
    Tucson AZ
    Posts
    3,190
    Is www the group this file belongs to?
    Yes. I believe www is the default group for apache on Suse/Opensuse. Is that where the file is, /srv/www/...? I don't see how a file could have more than one group but I may be wrong? Users can belong to numerous groups. Finding associations to users/groups can be found using YaST, under Users and Groups. The output you show for the file 'forms.html' shows the user 'krusk' as the only one with write permissions, plus root of course. I'm not sure what your intentions are here and I don't know of any way you can do what I think you want to do. Maybe someone else will come along who knows a way??

  11. #10
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,410
    Well, the problem here is that there is a need for two groups.
    - One with read only, which is a smart idea for webserver access.
    - One for users with write access.

    Btw, it is no option to define the webserver user as owner and with readonly access,
    because the owner is able to change permissions.

    A common way to solve this scenario (to realize e.g. ftp access for a website) is the use of virtual users.
    There are ftp users in an extra file or database, the ftp server authenticates them, but maps the actual file access to a native unix user.
    Which then is the owner of the files.


    But if you insist, there is another way to approach this via ACLs.
    ACLs allow a directory or file to have more than the traditional user/group/other permissions assigned.

    Try the following.
    You need root to execute the commands.
    In the end, user_b will have read/write access to the testfile.
    You can test that by becoming user_b via "su - user_b" and editing the testfile.

    Code:
    groupadd webserver
    groupadd editors
    useradd -g webserver webserver
    useradd -g editors user_b
    useradd owner
    
    mkdir -m 750 /tmp/d
    touch /tmp/d/testfile
    chown -R owner:webserver /tmp/d
    chmod 640 /tmp/d/testfile
    
    setfacl -m g:editors:rwx /tmp/d
    setfacl -m g:editors:rw,m:rw /tmp/d/testfile
    
    ls -lad /tmp/d
    drwxrwx---+ 2 owner webserver 4096 Jan 21 23:24 /tmp/d
    
    ls -la /tmp/d/
    -rw-r-----+  1 owner webserver    9 Jan 21 23:24 testfile
    
    getfacl /tmp/d
    # file: tmp/d
    # owner: owner
    # group: webserver
    user::rwx
    group::r-x
    group:editors:rwx
    mask::rwx
    other::---
    
    getfacl /tmp/d/testfile
    # file: tmp/d/testfile
    # owner: owner
    # group: webserver
    user::rw-
    group::r--
    group:editors:rw-
    mask::rw-
    other::---
    P.S.:
    - Note the + at the end of the permissions section of the ls command. It indicates the use of ACLs
    - CleanUp of that testdirectory as well as the created users and groups is left as an exercise to the reader
    Last edited by Irithori; 01-24-2013 at 11:04 AM. Reason: typo
    elija likes this.
    You must always face the curtain with a bow.

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •