0

I need to give access to 2 users one with read access and other with write access to a particular folder(/folder). Both the users are supposed to be in the same group(sftp)

user with read access: readsftp user with write access: writesftp

I have done 

useradd -G sftp readsftp
useradd -G sftp writesftp

Now the user writesftp should be able to write files to /folder and user readsftp should be able to only read files in the folder /folder

The vipw files read

36 sftp:x:47173:47173::/data:/bin/sh
37 ft:x:1002:1002::/home/ft:/bin/bash
38 readsftp:x:47176:47173::/data:/bin/sh
39 writeuser:x:47177:47173::/data:/bin/sh

Have I changed it rightly? (Please observe the ID's)

Could you please help me do this by using sticky bit, and umask and chmod? In the /folder folder I have previously changed files and folder permissions using chmod and I am unable to get through the right understanding on how to do it wrt users.

Thanks in advance.

user3407570
  • 125
  • 2
  • 11
  • The only way to accomplish this with standard Unix permissions would be to set the ownership to `writesftp:sftp` and permissions `g+r,u+rw`. Otherwise you need to use ACLs and, by extension, an FS that supports ACLs. – Sammitch May 28 '14 at 22:52

1 Answers1

0

First, you need to transfer the ownership of the folder (recursively) to writeftp and the group ownership to sftp:

sudo chown -R writeftp:sftp /path/to/folder

Then you enable executable permissions for the group to all folders and full permissions to the owner:

find /path/to/folder -type d -exec chmod 750 {} \;

and set read permissions for all files to the group and read/write permissions for the owner for all files:

find /path/to/folder -type f -exec chmod 640 {} \;

Following the above steps you'll solve your problem, but however, there are better solutions for your problem. You could use ACLs (access control lists) on that file system or use SELinux while the latter is much more complicated to configure and maintain.

hek2mgl
  • 152,036
  • 28
  • 249
  • 266
  • Thank you for your time and help, I wanted to clarify on this. It would be of great help in me getting a clear understanding so by executing these 3 commands, we get is the write user is now the owner of sftp and has rwx access where as the read user which is a part of the group sftp has only r-x access? Then you enable executable permissions for the group to all folders and full permissions to the owner: find /path/to/folder -type d -exec chmod 750 {} \; Does this give access to all the folders inside /path/to/folder? or all the folders you mean on the system? – user3407570 May 29 '14 at 15:39
  • To all folders inside `/path/to/folder` – hek2mgl May 29 '14 at 16:05