Results 1 to 10 of 11
|
Enjoy an ad free experience by logging in. Not a member yet? Register.
|
|
-
01-21-2013 #1
- Join Date
- Dec 2012
- Posts
- 24
Give write access to a file or folder to a user whos not the owner
There's another user ("B"), who needs to edit (write and save changes) to these files.
There are 5 files in this folder.
I am a newbie, as you can tell by now
What's the best way to give this user B write access to each file or to this whole directory without changing the files owner ? do I give rights to the folder and it enforces the change on all the folder's contents? do i assing the user a group and give the group rights? and "how" do i do this?
thank you!
-
01-21-2013 #2
As you already said, you add users to a group.
Then change the group and group permissions of the files and potetially the parent directory.
Commands to do so are:
usermod, chgrp and chmodYou must always face the curtain with a bow.
-
01-21-2013 #3
- Join Date
- Dec 2012
- Posts
- 24
for the group name, i can come up with any name i like, right?
-
01-21-2013 #4
Yes, if the group exists already or if you create it via groupadd.
Keep the name simple.You must always face the curtain with a bow.
-
01-21-2013 #5
- Join Date
- Dec 2012
- Posts
- 24
do you think the folder and/or files already belong to some group?
-
01-21-2013 #6
For sure.
Check with ls -la for files and ls -lad for directories.You must always face the curtain with a bow.
-
01-21-2013 #7
- Join Date
- Dec 2012
- Posts
- 24
-
01-21-2013 #8
- Join Date
- Dec 2012
- Posts
- 24
i wont want to give the www group write access to this file. So, can i add the file to another group? is it already in another group (of people who can write to it) ?
-
01-21-2013 #9
- Join Date
- Oct 2007
- Location
- Tucson AZ
- Posts
- 3,190
Is www the group this file belongs to?
-
01-21-2013 #10
Well, the problem here is that there is a need for two groups.
- One with read only, which is a smart idea for webserver access.
- One for users with write access.
Btw, it is no option to define the webserver user as owner and with readonly access,
because the owner is able to change permissions.
A common way to solve this scenario (to realize e.g. ftp access for a website) is the use of virtual users.
There are ftp users in an extra file or database, the ftp server authenticates them, but maps the actual file access to a native unix user.
Which then is the owner of the files.
But if you insist, there is another way to approach this via ACLs.
ACLs allow a directory or file to have more than the traditional user/group/other permissions assigned.
Try the following.
You need root to execute the commands.
In the end, user_b will have read/write access to the testfile.
You can test that by becoming user_b via "su - user_b" and editing the testfile.
Code:groupadd webserver groupadd editors useradd -g webserver webserver useradd -g editors user_b useradd owner mkdir -m 750 /tmp/d touch /tmp/d/testfile chown -R owner:webserver /tmp/d chmod 640 /tmp/d/testfile setfacl -m g:editors:rwx /tmp/d setfacl -m g:editors:rw,m:rw /tmp/d/testfile ls -lad /tmp/d drwxrwx---+ 2 owner webserver 4096 Jan 21 23:24 /tmp/d ls -la /tmp/d/ -rw-r-----+ 1 owner webserver 9 Jan 21 23:24 testfile getfacl /tmp/d # file: tmp/d # owner: owner # group: webserver user::rwx group::r-x group:editors:rwx mask::rwx other::--- getfacl /tmp/d/testfile # file: tmp/d/testfile # owner: owner # group: webserver user::rw- group::r-- group:editors:rw- mask::rw- other::---
- Note the + at the end of the permissions section of the ls command. It indicates the use of ACLs
- CleanUp of that testdirectory as well as the created users and groups is left as an exercise to the readerLast edited by Irithori; 01-24-2013 at 11:04 AM. Reason: typo
You must always face the curtain with a bow.