Granting access to specific user on a 700 file


 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Granting access to specific user on a 700 file
# 1  
Old 01-17-2020
Granting access to specific user on a 700 file

Hello,


I have a a directory dir1 with permissions 700 (yes wantedly) and is owned by user1:group1
Code:
rwx------ user1 group1 dir1

I need to give permissions to user2 (belongs to group2) on dir1 and its files, so I granted the permissions using setfacl ; instead of adding the user to groups and them doing the chmod 770 permissions.
Because, I dont want members of this group also should access this content.

Code:
setfacl -Rdm u:user2:rwx  dir1

But the user2 is still not able to access the dir1. Is it because, the directory is having 700 ?
Is there a way to accomplish the need?


OS: RHEL 7

Last edited by karumudi7; 01-17-2020 at 03:10 PM..
# 2  
Old 01-17-2020
Quote:
Is it because, the directory is having 700 ?
Yes...
Quote:
Is there a way to accomplish the need?
Not sure I understood all requirement, but I will give an example I do for a dept here:
Statisticians in groupA should be able to execute and modify files of statisticians in GroupB but they are should not see what is in DirB of groupB except the files they know of
I use a common directory DirC, put the executables and files in that directory with 664perms for the data files group owner GroupB, 755 for the executables and and 711 perms for DirC with a statistician of GroupB as owner and responsible for content of this directory...
The use of 711 on directory makes its content unreadable except for the owner, but if you know what is there e.g. a. executable like a script and you have the right to execute or modify, you can do so, but you have no ways to see what else is in that directory...
(just in case I was not clear, The GID of the files in this directory are set to GroupB)

Last edited by vbe; 01-17-2020 at 05:45 PM..
# 3  
Old 01-18-2020
Check out this example, and apply it to your enviroment.

Code:
[root@box ~]# id goprog
uid=1000(goprog) gid=1000(goprog) groups=1000(goprog)
[root@box ~]# id jboss
uid=666(jboss) gid=666(jboss) groups=666(jboss)
[root@box ~]# ls -dl /opt/jboss
drwx------. 4 jboss jboss 282 Jan 18 07:41 /opt/jboss
[root@box ~]# su - goprog
Last login: Sat Jan 18 07:41:45 CET 2020 on pts/0
[goprog@box ~]$ cd /opt/jboss
-bash: cd: /opt/jboss: Permission denied
[goprog@box ~]$ exit
logout
[root@box ~]# setfacl -R -m user:goprog:rwx /opt/jboss
[root@box ~]# su - goprog
Last login: Sat Jan 18 07:43:52 CET 2020 on pts/0
[goprog@box ~]$ cd /opt/jboss
[goprog@box jboss]$ cp domain.xml domain.xml_new
[goprog@box jboss]$ ls -lrt
total 176824
drwxrwxr-x+ 12 jboss  jboss        255 Jan  5  2019 wildfly-15.0.1.Final_rbacfail
drwxrwxr-x+ 12 jboss  jboss        255 Jan  5  2019 wildfly-15.0.1.Final
-rw-rwxr--+  1 jboss  jboss  180827189 Jan  7  2019 wildfly-15.0.1.Final.zip
lrwxrwxrwx.  1 jboss  jboss         20 May 18  2019 current -> wildfly-15.0.1.Final
-rw-rwxr--+  1 jboss  jboss     113390 May 18  2019 domain.xml
-rw-rwxr--.  1 goprog goprog    113390 Jan 18 07:45 domain.xml_new
[goprog@box jboss]$

Hope that helps
Regards
Peasant.
These 2 Users Gave Thanks to Peasant For This Post:
# 4  
Old 01-21-2020
Quote:
Originally Posted by Peasant
Check out this example, and apply it to your enviroment.

Code:
[root@box ~]# id goprog
uid=1000(goprog) gid=1000(goprog) groups=1000(goprog)
[root@box ~]# id jboss
uid=666(jboss) gid=666(jboss) groups=666(jboss)
[root@box ~]# ls -dl /opt/jboss
drwx------. 4 jboss jboss 282 Jan 18 07:41 /opt/jboss
[root@box ~]# su - goprog
Last login: Sat Jan 18 07:41:45 CET 2020 on pts/0
[goprog@box ~]$ cd /opt/jboss
-bash: cd: /opt/jboss: Permission denied
[goprog@box ~]$ exit
logout
[root@box ~]# setfacl -R -m user:goprog:rwx /opt/jboss
[root@box ~]# su - goprog
Last login: Sat Jan 18 07:43:52 CET 2020 on pts/0
[goprog@box ~]$ cd /opt/jboss
[goprog@box jboss]$ cp domain.xml domain.xml_new
[goprog@box jboss]$ ls -lrt
total 176824
drwxrwxr-x+ 12 jboss  jboss        255 Jan  5  2019 wildfly-15.0.1.Final_rbacfail
drwxrwxr-x+ 12 jboss  jboss        255 Jan  5  2019 wildfly-15.0.1.Final
-rw-rwxr--+  1 jboss  jboss  180827189 Jan  7  2019 wildfly-15.0.1.Final.zip
lrwxrwxrwx.  1 jboss  jboss         20 May 18  2019 current -> wildfly-15.0.1.Final
-rw-rwxr--+  1 jboss  jboss     113390 May 18  2019 domain.xml
-rw-rwxr--.  1 goprog goprog    113390 Jan 18 07:45 domain.xml_new
[goprog@box jboss]$

Hope that helps
Regards
Peasant.

Thank you this worked.

The difference this time is: I used absolute path and not used d option.


Code:
setfacl -R -m user:user2:rwx /local/dir1

Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Solaris

Limit bash/sh user's access to a specific directory

Hello Team, I have Solaris 10 u6 I have a user test1 using bash that belong to the group staff. I would like to restrict this user to navigate only in his home directory and his subfolders but not not move out to other directories. How can I do it ? Thanks in advance (1 Reply)
Discussion started by: csierra
1 Replies

2. Solaris

Limit FTP user's access to a specific directory

Hi, I have searched "Limit FTP user's access to a specific directory" subject for 3 days. I found proftp and vsftp but i couldn't compile and install. Is there any idea. Please suggest. (6 Replies)
Discussion started by: hamurd
6 Replies

3. UNIX for Advanced & Expert Users

allow user to use sudo cp on a specific directory and only a specific file

Is there a way to allow a user to use sudo cp on a specific directory and only a specific file? (6 Replies)
Discussion started by: cokedude
6 Replies

4. UNIX for Dummies Questions & Answers

Granting user permission for public_html

I have problem giving user access to his public_html directory. While when I am logged as root I can access my files by going to www.myserver.com/file.htmlwhere file.html is actually on this path... var/www/file.htmlBut when user tries to access his file.html on this path.... ~user/file.html it... (10 Replies)
Discussion started by: joker40
10 Replies

5. Shell Programming and Scripting

User access to only specific subdirectory

is is possible to grant user access to only one subdirectory? example a. create ftp user with read/write/delete access (ftp user doesnt belong to uguys group) $ cd /etc/mydir $ls file1 file2 $ls -al -rw-rw-r-x 2 unixguy uguys 96 Dec 8 12:53 file1 -rw-rw-r-x 2 unixguy uguys 96... (0 Replies)
Discussion started by: lhareigh890
0 Replies

6. Solaris

create user with RWX access to a specific directory in Solaris 10

I need to create a user account for a developer that will allow him rwx access to all resources in a directory. How can I do that? Thanks (5 Replies)
Discussion started by: gsander
5 Replies

7. UNIX for Dummies Questions & Answers

granting permission to file/directory to a specific user

hello, I would like to grant full access to a directory which is owned by root and the web application that created it. I have though of adding the permission to the whole world, but for security reason I would like to grant it to one more user. I have tried this 'chmod -U newUser+wrx... (2 Replies)
Discussion started by: run123
2 Replies

8. AIX

Granting folder access

Hello, I need to allow a user the ability to create files in a directory that is owned by another user/group. How can I do this? Thank you. AIX version: 5.3.0.0 ~David (4 Replies)
Discussion started by: dkranes
4 Replies

9. UNIX for Dummies Questions & Answers

Granting User Access

I have two users, user1 and defaultuser. Whenever i logon to my unix session from a remote machine i log into defaultuser. Inside this "defaultuser" i have some setup files that i need to run from the other user that i have created myself i.e. "user1". The problem is even granting the ownership of... (3 Replies)
Discussion started by: awaismalik82
3 Replies
Login or Register to Ask a Question