I have a system where multiple users are running an application that chmod
the same file. I've tried using setacl
to add both users as user owners of the file to do this, but it doesn't work. The application errors out because the chmod
system call fails.
See example:
[jacob@macbook-debian ~/Projects/test] getfacl bin/testfile
# file: bin/testfile
# owner: root
# group: root
user::rwx
user:jacob:rwx
user:jason:rwx
group::r-x
group:www-data:rwx
mask::rwx
other::r-x
[jacob@macbook-debian ~/Projects/test] chmod 0755 bin/testfile
chmod: changing permissions of 'bin/testfile': Operation not permitted
Best Answer
With Linux ACLs when adding users, you do not add them as owners of the file. It's just the privilege to open/modify and write to that file.
When invoking
chown
orchmod
the effective user ID will be e.g.jacob
and that one will be matched against the value inowner
. If that does not match, your command will fail.From
man 2 chmod
.An alternative would be to set the capability as described to the calling process/binary
chmod
. But this would open up a big security issue, as everybody could use this command to change permissions.Here is a thread about more fine-grained to capabilities access for users, but it seems not very straight forward.
Depending on the constraints of your use case, you might want to add
sudo
rules for the users to make use ofchmod
or you evaluate why the users have to runchmod
on files they don't own. Maybe usingumask
during file creation is sufficient.If your users belong to a group that has write permissions on the directory, you also could copy the file in question, remove the original and move the copy to the original name. This would result in that the user will own the copied file and can do
chmod
.