There are really only two ways of doing this, allow a group full permissions on the directory and add the required users to the group,
It might not be that simple. At least not if either user will be creating new files in the directory and both need access to them. As we both know, files have owner, group(s), and permissions too.
@OP:
Sorry but this is going to be a bit of an essay. It has to be as it appears I'll need to explain the basic of owner, group, and permissions.
Every file or directory has an owner. Every file or directory also has a group. Every file or directory has three sets of permissions: one set for the owner, one for the group, and one for everyone else.
If you're the owner, those permissions apply. If you're a member of the group but not the owner, group permissions apply. If you're neither, the everyone else permissions apply
Permissions are displayed and/or changed in to ways: as three octal digits where each digit encode permission for one of owner, group, and others, or as a nine character string comprised of three characters for each category. Valid characters are r,w,x, and -.
Read being the left most, write the next, execute the right. Whether expressed in text or octal. Categories are order owner, group, others. The octal representation is calculated by treating the three bits as a three digit binary number then converting it to base eight.
With the text representation - means that particular permission is denied. A letter indicates that particular permission is granted.
Lets say you have two users a and b. You need them both to have access to the directory /foo/bar.
At the moment, both /foo and /foo/bar are owned by root with a group of root and 700 permissions (A.K.A. rwx------).
You have choices:
- Change permission on both directories to to allow any one on the system access. Easy but insecure.
- Create a new group, change the group of the directories to it, add both users to this group.
- Use ACLs but that's no something I can help with.
So, to continue the example...
You've created the group shared, change the group of both directories to i]shared[/i], and permissions on both directories to 750 (A.K.A. rwxr-x---). User a and b can now enter /foo/bar and view its contents.
They won't be able to write to it. They may be able to open files and sub directories within it but that depends on their permissions.
If you want them to be able to write to /foo/bar change the permissions on it to 700 (A.K.A rwxrwx---). Don't change permissions on /foo unless you also want your users to be able to write to that too.
Now we move on to files...
Files have owner, group and permissions too. They work in the same way as on directories except the execute bit does what it says on the tin - indicated whether executing the file is permitted just by entering its name (the difference between python somefile.py and somefile.py)
Where things will get tricky is that you need to apply the group and permissions changes to each file in the directory as it is created (or copied into it). If you don't, you'll get the defaults: owner and group of the creating user with 644 permissions. That means any user on the system can read it (but only if they can access the directories) but only the owner can write to it.
Depending on your use case that might be enough.
TL;DR: every directory in the full path to the target including the target itself must have the execute permission set for the user attempting access. If you don't care about granting access to all users on the system* set it in the other permissions block. If you do care see above.
*: There are more users than you think. Quire a lot of background services have their own user.
Statistics: Posted by thagrol — Mon Dec 23, 2024 12:49 am