Allowing a group Read-Write Access to a directory

Question

I have two users, user1 and user2, that are both members of groupA. user2 has a folder in their home directory called folderA. If they wish to allow read-write-execute permissions for all members of groupA, how would they do this?

What if folderA contains many files and additional folders that also need to have read-write-execute permission?

Information regarding groups is a little 'spotty' across the web, so I am putting my question here in the hope someone posts a clear answer that might help others out too.

Thanks!

score 124 · Accepted Answer · edited Jan 10 '21 at 21:29

124

FolderA will first need to be part of groupA - the folder's owner or root can perform this operation

chgrp groupA ./folderA

Then groupA will need rwx permissions of the folder

chmod g+rwx  ./folderA

There are options in the chgrp and chmod commands to recurse into the directory if required.

edited Jan 10 '21 at 21:29

Pablo Bianchi

15,657

answered Jun 26 '14 at 15:02

Charles Green

21,339

1

note: you should make sure that you can access intermediate directories too (+x might be enough). – jfs Aug 02 '16 at 09:55
1

I originally tried chown :groupname ./folder and that didnt work - as in it changed the group, but didn't give any effective permissions – user230910 Nov 17 '19 at 21:03
didn't worked for me also. Folder somehow can not give write permissions to a group. Whatever I have tried. – Gediminas May 21 '20 at 07:04
2

This did not work for me. – Scorb Nov 22 '20 at 23:12
@ScottF Can you list the properties of the directory with ls -l ./folderA to ensure that the group permissions were applied? – Charles Green Nov 24 '20 at 01:44
I followed these commands verbatim on Ubuntu 18.04.6 and on any member of the group, within the directory, on touch test.txt, I get the error: touch: cannot touch 'test.txt': Permission denied . I'm trying to give access to the group appowners. This is the output of ls -al : drwxrwxr-x 2 root appowners 4096 Apr 18 22:38 src . EDIT: The reason was, if a user is added to a new group, they must re-login to receive the new group permissions. – Caleb Jay Apr 18 '22 at 21:50
1

User and group permission changes do not take effect until you logout and login again (see answer below), you might even need to reboot if a folder is held open by a user having access on logout. At least IME, with much frustration, changes do not take place when you do chown/chgrp/chmod but only (loosely speaking) on reboot. Sometimes it might be enough to start a new shell, or new TTY, but a reboot definitely works. – pbhj Sep 11 '22 at 22:10
1

@pbhj That has not been my experience, although I will admit to not having great depth of experience. I do need to logout/in if I have altered the user or group - the login does not pickup altered permissions until the next login. But altered file and directory permissions work immediately for me. – Charles Green Sep 12 '22 at 14:45

score 15 · Answer 2 · edited Jan 10 '21 at 21:33

My own experience in this area here. Tested on Ubuntu 18.04.

Allow to write in the system folder

Give write permission to /etc/nginx/ folder.

# Check 'webmasters' group doen't exist
cat /etc/group | grep webmasters
# Create 'webmasters' group
sudo addgroup webmasters
# Add users to 'webmasters' group
sudo usermod -a -G webmasters username
sudo usermod -a -G webmasters vozman
sudo usermod -a -G webmasters romanroskach
Group assignment changes won't take effect
until the users log out and back in.
Create directory
sudo mkdir /etc/nginx/
Check directory permissions
ls -al /etc | grep nginx
drwxr-xr-x   2 root root     4096 Dec  5 18:30 nginx
Change group owner of the directory
sudo chgrp -R webmasters /etc/nginx/
Check that the group owner is changed
ls -al /etc | grep nginx
drwxr-xr-x   2 root webmasters   4096 Dec  5 18:30 nginx
Give write permission to the group
sudo chmod -R g+w /etc/nginx/
Check
ls -al /etc | grep nginx
drwxrwxr-x   2 root webmasters   4096 Dec  5 18:30 nginx
Try to create file
sudo -u username touch /etc/nginx/test.txt  # should work
sudo -u username touch /etc/test.txt  # Permission denied

Give write permission to /etc/systemd/system/ folder.

# List ACLs
getfacl /etc/systemd/system
getfacl: Removing leading '/' from absolute path names
file: etc/systemd/system
owner: root
group: root
user::rwx
group::r-x
other::r-x
Add 'webmasters' group to an ACL
sudo setfacl -m g:webmasters:rwx /etc/systemd/system
Check
getfacl /etc/systemd/system
getfacl: Removing leading '/' from absolute path names
file: etc/systemd/system
owner: root
group: root
user::rwx
group::r-x
group:webmasters:rwx
mask::rwx
other::r-x
sudo -u username touch /etc/systemd/system/test.txt  # should work
sudo -u username touch /etc/systemd/test.txt  # Permission denied

Original how-to.

Do you use php-fpm with that workflow? With which user? www-data or webmasters — Bouffe, Jul 19 '20 at 06:07

Allowing a group Read-Write Access to a directory

2 Answers2

Allow to write in the system folder

Group assignment changes won't take effect

until the users log out and back in.

Create directory

Check directory permissions

Change group owner of the directory

Check that the group owner is changed

Give write permission to the group

Check

Try to create file

file: etc/systemd/system

owner: root

group: root

Add 'webmasters' group to an ACL

Check

file: etc/systemd/system

owner: root

group: root

Linked

Related