Grant only selected users access to a given folder

Question

I have a linux system. And multiple users are logging into it via ssh.

So I have created multiple user accounts.

The problem I have is that some of those users need to cooperate on a given task, and in that case I would like to give a specific list of users, unlimited access to just that folder. That way they can work together in that given folder, but maintain their own setup in their home folders.

I have tried the following:
1. creating a group with the groupadd option.
2. Adding that group to all those users.
3. Changing the group of the folder they are to cooperate in to the given group.
4. Changing the rights of that folder from 755 to 775, so the given group gets write permissions.

But it doesn't work, only the owner of the folder ever gets the write permission.

How do I do achieve this?

(a very natural next question is: Make all new files in a directory accessible to a group)

That should work... can you post the output of ls -l <folder> and ls -ld <folder>? — I_GNU_it_all_along, Oct 10 '16 at 12:47
for ls -l its: -rw-rw-r-- 1 tester tester 3 Oct 10 11:02 temp -rw-rw-r-- 1 tester2 tester2 11 Oct 10 11:06 temp.html — john-jones, Oct 10 '16 at 12:51
for ls -ld its: drwxrwxr-x 2 tester daemon 4096 Oct 10 11:06 1/ — john-jones, Oct 10 '16 at 12:51
i didnt quite get why the group changed into daemon when i tried to change it into the groups name, which wasnt daemon. — john-jones, Oct 10 '16 at 12:52
no the group name is 1. the file automatically had those permission settings when user tester made it. — john-jones, Oct 10 '16 at 12:53
and user tester doesnt have permission anyways to change the permission of those files he creates anyways. — john-jones, Oct 10 '16 at 13:03

score 2 · Accepted Answer · answered Oct 10 '16 at 13:03

Okay, so you have changed the group permissions correctly. However, the group ownership is wrong.

The output of ls -l currently shows the file owner and group owner of the directory to be tester, the account you created the directory with. This means that only tester can read and write to the directory.

In addition to what you have done, you will have to change the group ownership of the directory, and all files within, to that of your group, 1. See below for the solution for this particular scenario:

sudo chown -R tester:1 <folder>

The -R switch tells the command to recursively apply this ownership change to files and subdirectories within the folder (as well as the folder itself). This will retain tester as the file owner and change the group owner to 1. Alternatively you can just use 1:1 if you don't want tester involved at all.

In future, if you want to have more than the simple owner:group:everyone permissions you should look into Access Control Lists (ACLs).

aha, needed to change to the ownership to the group. thats it. thanks. — john-jones, Oct 10 '16 at 18:22

score 0 · Answer 2 · edited Apr 13 '17 at 12:36

0

After changing group memberships for a user (or users) you need to log out and log back in again for them to take effect. In your description above, it does not seem as if you have done that. More about this here.

edited Apr 13 '17 at 12:36

Community

1

answered Oct 10 '16 at 10:59

tried that, still doesn't work. – john-jones Oct 10 '16 at 11:13

Grant only selected users access to a given folder

2 Answers2