0

I want to allow access to 2 users on one directory. I am trying since days but unable to do so! Let me make it simple for you guys to understand by giving a simple example. But first, Let me tell you that the user named admin should be able to access both the directories.

Consider two Directories:

  1. /var/www/directory1
  2. /var/www/directory2

and two users:

  1. user1
  2. user2

I want user1 to access only the directory directory1, user2 to access the directory directory2 and admin to access both the directories!

I tried giving ownership to respective directories to the users and the group named admin-group to let admin access both the directories. That didn't work well. I also tried giving write access to the group but failed.

Is it possible to do what I want? If possible, How can I?

Adarsh Sojitra
  • 121
  • 1
    If admin can use sudo to run as root, you don't need to grant it any special access rights, as they could just take them themselves when needed. However, your approach you described sounds about right if you don't want to rely on sudo powers. What exactly failed? Did you forget to make admin user a member of admin-group? What file system are those directories on? Note that the standard Linux permissions only work on file systems like ext4, but not on FAT or NTFS. – Byte Commander Apr 14 '17 at 23:18
  • No! actually admin user has power to work on automation like updating software. sudo is not used and don't want to use as it's unstable for automation. – Adarsh Sojitra Apr 14 '17 at 23:21
  • Well /var/www is sort of a potentially unique case. See https://askubuntu.com/questions/46331/how-to-avoid-using-sudo-when-working-in-var-www – Panther Apr 14 '17 at 23:22
  • For shared directories personally I like ACL see https://www.cyberciti.biz/faq/linux-setup-shared-directory/ and https://help.ubuntu.com/community/FilePermissionsACLs – Panther Apr 14 '17 at 23:23
  • What I am thinking to do is to make group for both the directory and add user to specific group. For example, dir1group with dir1user1 and dir2 with dir2user1 and make admin:dir1 owner of the group! But I don't think it's the standard way. But by doing this I will be able to allow more users to access the directory too! – Adarsh Sojitra Apr 14 '17 at 23:27

1 Answers1

2

You could try the following:

chown user1:admin-group /var/www/directory1
chown user2:admin-group /var/www/directory2
chmod 770 /var/www/directory1
chmod 770 /var/www/directory2
usermod -aG admin-group admin

Then you have to make sure that new files created in the directories use the same permissions:

sudo chmod g+s /var/www/directory1
sudo chmod g+s /var/www/directory2
pa4080
  • 29,831
Matthew Palermo
  • 29
  • I can't understand why permissions should be changed to 770. It's not at all good. Others may want execute rights! – Adarsh Sojitra Apr 14 '17 at 23:31
  • @AdarshSojitra - See the link I gave you for security concerns.https://askubuntu.com/questions/46331/how-to-avoid-using-sudo-when-working-in-var-www . Also x permissions on directories are not the same as on files see https://help.ubuntu.com/community/FilePermissions . – Panther Apr 14 '17 at 23:39
  • @AdarshSojitra Sorry, I was assuming you didn't want user1 to have any access to user2's directory and visa-versa. – Matthew Palermo Apr 15 '17 at 00:04
  • I am trying! hope it will work! – Adarsh Sojitra Apr 15 '17 at 00:06
  • @AdarshSojitra the answer has been updated. – pa4080 Apr 15 '17 at 11:26