I have a "downloads" folder inside "tempuser" home folder ("/home/tempuser/downloads") which I want to allow "rwx" permission for a different user say "testuser". The testuser should not have any permission to anyother files or folders inside /home/tempuser other than the "downloads" folder.
How can I do it ?
to traverse a folder, one needs the execute permission. Execute will give access to "execute" (ie. traverse) the folder without having any access to read the files in it.
So, imagine you have the following tree of directories in your home folder:
jvehent@laptop:~$ tree -d Downloads
├── linux-2.6.38
│ ├── arch
│ │ ├── alpha
│ │ │ ├── boot
│ │ │ │ └── tools
│ │ │ ├── include
│ │ │ │ └── asm
You can give anybody access to the "asm" folder without giving them access to anything else by setting the execute permission to everybody on the complete hierarchy, and then the write permission on the asm folder:
chmod o+x /home/jvehent
chmod o+x /home/jvehent/Downloads
chmod o+x /home/jvehent/linux-2.6.38/
chmod o+x /home/jvehent/linux-2.6.38/arch
chmod o+x /home/jvehent/linux-2.6.38/arch/alpha
chmod o+x /home/jvehent/linux-2.6.38/arch/alpha/include
chmod -R o+wx /home/jvehent/linux-2.6.38/arch/alpha/include/asm
Following the same logic, you can put "testuser" and "tempuser" in a separate group "testgroup" and give access to "tempgroup" only
chgrp -R tempgroup /home/jvehent/linux-2.6.38/arch/alpha/include/asm
chmod -R g+wx /home/jvehent/linux-2.6.38/arch/alpha/include/asm
Add tempuser and testuser into a group and make /home/tempuser/downloads can be writable by this group:
# groupadd temptest
# usermod -a -G temptest tempuser
# usermod -a -G temptest testuser
# chgrp -R temptest /home/tempuser/downloads
# chmod -R g+w /home/tempuser/downloads
