How can I use setfacl to allow a user to have read/write permission on the home directory of any user that belongs to a certain group?
Asked
Active
Viewed 1,499 times
1 Answers
2
I'm assuming that you want user1 to have access to the home directory of all users in the group1 group.
I don't think that you can do that with one magic command. The best you can do is add an ACL to each home directory that you want user1 to have access to.
for dir in /home/user1 /home/user2 /home/user3 ; do setfacl -R -m u:user1:rwx $dir ; done
You could put a script in place to run that every day. It could look for all members group1 and then execute the setfacl command on their home directory.
I think with more explanation of what you're looking for, I could provide a better answer. I am thinking proper group permissions and umask settings would take care of this much more easily than setfacl.
baumgart
- 2,483
- 18
- 17
-
Thanks for the reply. Pretty much that's what I'm trying to do. I thought of setfacl since it looked like the right tool for the job but if you know how to do this with groups and umask, please do explain. – madprops Jun 14 '13 at 02:22
-
If all the users can have the same primary group, then make user1 a member of that group as well, and set all the umasks to 0002. This relies on your users not changing their default umask. The more I think about it, the more setfacl is probably the more reliable way. – baumgart Jun 14 '13 at 03:26
-
Ok thanks, you missed a -m in the setfacl command btw – madprops Jun 14 '13 at 04:13
-
I don't use ACLs very much...I'm not terribly familiar with setfacl's syntax. – baumgart Jun 18 '13 at 18:18
-
You can also use `d:u:user1:rwX` to set an inheritable default ACL on directories that will make new files automatically get `u:user1:rw` and new directories get `u:user1:rwx,d:u:user1:rwX` – Andrew Domaszek Nov 19 '14 at 21:02