Linux File Permissions – Write Permission Without Changing Ownership

As I understand it, to give a write permission to a user I can either change the owner of the file to that user and give it "user write permission" (which I don't want to do), or keep the same owner but add this user to the file's group and give the group a write permission. But the latter will give this user permission to all other files associated with this group (whatever those permissions may be).

So say if the file is owned by user1 and group user1, most user1 files also have user1 group. If I add user2 to group user1, user2 will have gained extra permissions. The only way I can think of is create a group for this specific file, change the group with chown and then add user2 to this group. Is this correct? It seems to me that this creates a lot of complexity if I have to do this for every file. I come from a windows background and over there you simply right-click the file and add the user to the file's permission. So no need to create 20 groups for 20 different files, then add the users to all 20 groups, etc.

Can anyone enlighten me?

Thanks.

Best Answer

That's the main way to grant permissions in unix, yes.

The idea is that you usually wouldn't have 20 groups for the 20 different files and add the users to all 20 groups. Instead, if you have a few users who need access to a number of files, you'd add one group containing those users, and have all 20 files owned by that one group.

The advantage to using groups instead of adding single users is in an organization, where people will gain or lose privileges as they change jobs. Then, instead of adding or removing them from a large number of files, you'd just add or remove them from a group.

However, for the cases where normal user/group/other privileges aren't flexible enough for your needs, there's an alternative, called Access Control List or ACLs. ACLs will grant or revoke permissions for users or groups in addition to the old-style user/group permissions.

To add a user to the ACL for a file, use setfacl. Example:

setfacl -m u:lisa:r /path/to/file

will grant the user "lisa" read access to the file.

There's more info in the man pages for setfacl and getfacl.

Best Answer

Related Solutions

Copy File Owner Permissions to Group – How to Do It

Icacls in windows 7 does not give full permission to write files in root drive

Related Topic