1

Can we consider the owner as a group that has exactly 1 member? Does the owner have any special abilities apart from the given permissions?

I want to have two equal users with the same permissions in directories. These two users (user1, user2) will have rwx. I need another user (user3) who has rx or wx depending on the dir.

Can I chown the dirs to user3 and assign user1, user2 to the same group?

  • owner = user3 (rx || rw depending on the dir)
  • group = user1, user2 (rwx on all dirs)

user1 and user2 are hard linked to user3 /home dir. (I don't know if this is the best practice for a shared dir)

I want to avoid ACL if possible.

edit: user1 and user2 are needed so their individual actions in the system can be traced.

thanosam
  • 11

2 Answers2

3

Can we consider the owner as a group that only has exactly 1 member? Does the owner have any special abilities apart from the given permissions?

Not really. The owner owns the file and can change its metadata. For example, the commands chown, chgrp, chmod only work for the owner of a file/directory (or for root).

For non-ACL permissions, the owner, group, and other are exclusive groups - an account cannot be in more than one of them.

With this information you should be able to see that restricting the access permissions of a directory owner makes little sense, because as the owner they can assign any permission they choose. Therefore in your example you cannot have user3 as the owner.

Me, I'd probably own the directory as root. I'd have user1 and user2 in a group as you suggest. And user3 I'd leave out entirely so they they were considered as "other".

If you had yet other accounts on the system that should not be able to access these directories like user3, I'd create another group containing all the permitted users and use a directory with that group permission to host the target directory:

holding_dir: owner:root=rwx, group:big_group(users 1,2,3):rx, other:-
  |
  +-- target1: owner:root=rwx, group:small_group(users 2,3):rwx, other:rx
  +-- target2: owner:root=rwx, group:small_group(users 2,3):rwx, other:wx
FelixJN
  • 13,566
Chris Davies
  • 116,213
  • 16
  • 160
  • 287

  • For example, the commands chown, chgrp, chmod only work for the owner of a file/directory (or for root)

    Thanks. I didn't take that into account.

     – thanosam Mar 24 '21 at 22:06
0

Well one case would be if the sticky bit ( restricted deletion flag t) is set on a directory, like in the case of /tmp.

Here only the owner of a file may delete it (or the owner of the directory) - no matter the group permissions.

Now for your case:

The owner may as well run chmod u+w as much as he likes, so the approach will fail.

Simple and possible solution: Why not make user1 and user2 have the same UID and hand the ownership to said UID? Would that clash with other restrictions on your system?

FelixJN
  • 13,566