-1

I have a server with SSH access. Hope anyone can help me very quickly with permissions. I have a folder, in that folder there are 10 more folders (f1, f2, f3, f4, f5, f6, f7, f8, f9, f10).

I created a user, user1, and I need that user to have acces to folders f1 to f7. So that means folders f8 to f10 shouldn't be accessible or visible for that user.

How can I solve that? Please help me ASAP.

Gr, Ash

Andrew B
  • 32,588
  • 12
  • 93
  • 131
ashiekg
  • 3
  • 1

1 Answers1

0

Following is an example of permissions you could set

total 12
drwx------ 2 test1 test1 4096 Jun  6 09:15 test1
drwx------ 2 test2 test2 4096 Jun  6 09:15 test2
drwx------ 2 test3 test3 4096 Jun  6 09:15 test3

If test1 try to enter test2 by cd test2 it will result in

-bash: cd: test2/: Permission denied

So for your case make sure user1 or group which user1 is part of have at least rx at most rwx for directory f1 to f7 and make sure he has no right at all for f8 to f10

Based on OP comments

Issue here is that permissions needs to be set at a fine grain using ACLs, not knowing the exact context but the general pattern would be :

setfacl -m user:userX:PermissionX  folder1
setfact -m group:groupX:PermissionX folder1

Whatever fit the actual needs.

Spredzy
  • 965
  • 8
  • 11
  • well.. im not sure if you really understood my situation. Here is a more expanded explanation. – ashiekg Jun 06 '13 at 07:25
  • Visibility doesn't matter. no problem. thats out of the picture now. but the all those folders are already owned by an adminuser in a group. It is like this, folders f1-f10 are owned by biztalk1:sapusers. And every folder, for ex: f1 has it's own username called f1 who has access only to folder f1. This is been done through ACL. the user biztalk1 is the user who has full access to all the f1-f10 folders. And now I have created user1 and that user needs read-only access to only folders f1-f7. And the folders f8-f10 shouldn't be accessible for him. That's how it is been taken care off now.. – ashiekg Jun 06 '13 at 07:25
  • `setfacl -m user:user1:rx f1` does not work ? – Spredzy Jun 06 '13 at 07:32
  • yeah that's the problem.. i dont want to change the owner... – ashiekg Jun 06 '13 at 07:46
  • oh sorry wait, that doesn't change the owner.. but what does the "user" stands for in user:user1? the group? so actuallly it should be sapusers (thats the group user1 is in) sapusers:user1 – ashiekg Jun 06 '13 at 07:47
  • @ashiekg : That simply gives user1 read and execute access (you need execute in order to get in the directory) to the f1 directory – Spredzy Jun 06 '13 at 07:48
  • @ashiekg : no for group the pattern would be `group:sapusers:XXX` – Spredzy Jun 06 '13 at 07:50
  • That works! Thank you dude. Please add it as an answer so I can accept it as an answer and give you reps. – ashiekg Jun 06 '13 at 08:05
  • By the way, what if I want that one of the folder shouldn't be accessible for him ? What should be changed in your code? – ashiekg Jun 06 '13 at 08:08