granting write permissions to a group to a folder
How can I grant write permission to one group? I have two users ( alex and ben ). alex is member of group alex and of group consult . ben is member of group ben and of group consult . I want to grant read-write access to both alex and ben on the folder consult_documents . If I make alex the owner of the directory consult_documents and I grant 775 access to the directory consult_documents , ben and alex will be able to access the folder, I think. But will this allow ben access to alex ‘s other folders as well? If a user is in two groups, does that mean that all the members from both groups get the same permissions on all folders?
Do you want alex and ben to be able to create files in consult_documents and allow them both read/write access on those documents ?
4 Answers 4
Granting 775 permissions on a directory doesn’t automatically mean that all users in a certain group will gain rwx access to it. They need to either be the owner of the directory or to belong to the directory’s group:
$ ls -ld some_dir drwxrwxr-x 2 alex consult 4096 Feb 20 10:10 some_dir/ ^ ^ | |_____ directory's group |___________ directory's owner
So, in order to allow both alex and ben to have write access to some_dir , the some_dir directory itself must belong to the consult group. If that’s not the case, the directory’s owner (alex in your example), should issue the following command:
or to change group ownership of everything inside the directory:
This will only work if alex is a member of the consult group, which seems to be the case in your example.
This will not allow ben to access all of alex’s directories for two reasons:
- Not all of alex’s directories will belong to the consult group
- Some of alex’s directories may belong to the consult group but alex may not have chosen to allow rwx group access to them.
In short, the answer depends both on group ownership and on the group permission bits set for the directory.
All of this is provided you don’t use any additional mandatory access control measures on your system.
Thank you, I was looking how to give access to a directory to one group. I did not realize that the chgrp command could do this. I thought that chgrp was only to add/delete users to a group.
This will make alex and ben to colabrate each other in this Directory, And they can’t collab in other Dir..
Modify the User group using
Then change the Permission for Folder
# chown alex:ben consult_documents
Check here i have worked it around
$ sudo usermod -a -G alex,ben alex $ sudo chown alex:ben consult_documents/ cd consult_documents/ $ touch babin drwxrwxr-x 2 alex ben 4096 Feb 20 15:19 . drwxr-xr-x 3 alex alex 4096 Feb 20 15:17 .. -rw-rw-r-- 1 alex alex 0 Feb 20 15:19 babin $ su - ben cd /home/alex/consult_documents/ ben@system99:/home/alex/consult_documents$ touch babin1 ben@system99:/home/alex/consult_documents$ ls -la total 8 drwxrwxr-x 2 alex ben 4096 Feb 20 15:19 . drwxr-xr-x 3 alex alex 4096 Feb 20 15:17 .. -rw-rw-r-- 1 alex alex 0 Feb 20 15:19 babin -rw-rw-r-- 1 ben ben 0 Feb 20 15:19 babin1 ben@system99:/home/alex/consult_documents$
Allowing a group Read-Write Access to a directory
I have two users, user1 and user2, that are both members of groupA. user2 has a folder in their home directory called folderA. If they wish to allow read-write-execute permissions for all members of groupA, how would they do this? What if folderA contains many files and additional folders that also need to have read-write-execute permission? Information regarding groups is a little ‘spotty’ across the web, so I am putting my question here in the hope someone posts a clear answer that might help others out too. Thanks!
2 Answers 2
FolderA will first need to be part of groupA — the folder’s owner or root can perform this operation
Then groupA will need rwx permissions of the folder
There are options in the chgrp and chmod commands to recurse into the directory if required.
I originally tried chown :groupname ./folder and that didnt work — as in it changed the group, but didn’t give any effective permissions
didn’t worked for me also. Folder somehow can not give write permissions to a group. Whatever I have tried.
@pbhj That has not been my experience, although I will admit to not having great depth of experience. I do need to logout/in if I have altered the user or group — the login does not pickup altered permissions until the next login. But altered file and directory permissions work immediately for me.
My own experience in this area here. Tested on Ubuntu 18.04.
Allow to write in the system folder
Give write permission to /etc/nginx/ folder.
# Check 'webmasters' group doen't exist cat /etc/group | grep webmasters # Create 'webmasters' group sudo addgroup webmasters # Add users to 'webmasters' group sudo usermod -a -G webmasters username sudo usermod -a -G webmasters vozman sudo usermod -a -G webmasters romanroskach # Group assignment changes won't take effect # until the users log out and back in. # Create directory sudo mkdir /etc/nginx/ # Check directory permissions ls -al /etc | grep nginx drwxr-xr-x 2 root root 4096 Dec 5 18:30 nginx # Change group owner of the directory sudo chgrp -R webmasters /etc/nginx/ # Check that the group owner is changed ls -al /etc | grep nginx drwxr-xr-x 2 root webmasters 4096 Dec 5 18:30 nginx # Give write permission to the group sudo chmod -R g+w /etc/nginx/ # Check ls -al /etc | grep nginx drwxrwxr-x 2 root webmasters 4096 Dec 5 18:30 nginx # Try to create file sudo -u username touch /etc/nginx/test.txt # should work sudo -u username touch /etc/test.txt # Permission denied
Give write permission to /etc/systemd/system/ folder.
# List ACLs getfacl /etc/systemd/system getfacl: Removing leading '/' from absolute path names # file: etc/systemd/system # owner: root # group: root user::rwx group::r-x other::r-x # Add 'webmasters' group to an ACL sudo setfacl -m g:webmasters:rwx /etc/systemd/system # Check getfacl /etc/systemd/system getfacl: Removing leading '/' from absolute path names # file: etc/systemd/system # owner: root # group: root user::rwx group::r-x group:webmasters:rwx mask::rwx other::r-x sudo -u username touch /etc/systemd/system/test.txt # should work sudo -u username touch /etc/systemd/test.txt # Permission denied