1

I have 3000+ local users on my Linux system. I want to set permissions dynamically for folder or files. I came across ACLs (Access Control Lists) when I researched this topic. All users home location must be hidden from other user. But what if I want to give permissions for certain files or folders in subfolders of the user home page then what should I do?

Actually, what I want to tell is this:

enter image description here

When I blocking /user2 directory for /user1 then I can't access user2's subdirectory from user1. How can I solve this?

I looked here although it is not completely similar to my problem. I don't want users to see each other's directories.

Where is my life saver?

Andrew Schulman
  • 8,811
  • 21
  • 32
  • 47
qwerty
  • 13
  • 2

1 Answers1

0

Yes, file ACLs can do this. What you want is to give the traverse (x) permission, but not the read (r) permission. For directories:

  • Traverse allows a user to traverse the directory node along the directory tree. In command terms it lets them run cd directory.
  • Read allows the user to read the directory's contents. In command terms it lets them run ls directory.

So for user1 in your diagram:

# Allow user1 to cd /home/user2/folder/subfolder/subfolder:
setfacl -R -m u:user1:x /home/user2/folder/subfolder/subfolder
# Allow user1 to ls /home/user2/folder/subfolder/subfolder:
setfacl    -m u:user1:r /home/user2/folder/subfolder/subfolder

Note that:

  • In the first command you want the -R (recursive) flag, because you need to set the x permission on all of the parent directories. Without that, user1 won't be able to get to the leaf directory to read it, even if you give them read permission there.
  • In the second command you don't want -R, because you only want to grant read permission to the leaf directory - not to any of its parents.

See Understanding Linux directory permissions reasoning.

Andrew Schulman
  • 8,811
  • 21
  • 32
  • 47