How can I give another user read/write access to a specific sub folder and the ability to ls the tree but only for the folder they have access to?

I have a user user1 that has a bunch of folders in their home directory, including /home/user1/data/special/files.

I have another user user2.

I want:

  • user2 to be able to read/write files/folders in /home/user1/data/special/files
  • user2 to be able to ls:
    • / and see /home
    • /home and see /home/user1
    • /home/user1 and see /home/user1/data but not other files/folders in /home/user1
    • /home/user1/data and see /home/user1/data/special but not other files/folders in /home/user1/data
    • /home/user1/data/special and see /home/user1/data/special/files but not other files/folders in /home/user1/data/special

I used setfacl to set permissions to /home/user1/data/special/files but it does not let them browse the path.

sudo setfacl -Rm d:u:user1:rwx,u:user1:rwx /home/user1/data/special/files

I do not want to hange the user/group owner of any of these folders because they ultimately should belong to user1.

If it helps, here are more specific details.

I’m using a web app/service running on this box. The web app/service is running as user2. In the web app/service, I have to browse/navigate to a folder with the files I want to see. So I have to go to:

  1. / then
  2. /home then
  3. /home/user1 then
  4. /home/user1/data then
  5. /home/user1/data/special then
  6. /home/user1/data/special/files

I cannot just enter /home/user1/data/special/files.

Is this possible?

Asked By: IMTheNachoMan


It’s possible.

chown -R user1:user1 /home/user1

This step will make you the owner of /home/user1 and all underlying directories.

chmod 755 /home/user1
chmod 700 /home/user1/data
chmod 700 /home/user1/data/special
chmod 700 /home/user1/data/special/files

And this sets the necessary permission, 755 means the user has rwx(7) and the others have only rw(5) access. This is necessary, so that they can traverse your home directory.

setfacl -Rm u:user2:rwx /home/user1/data/special/files
setfacl -Rdm u:user2:rwx /home/user1/data/special/files

With these settings, user2 will be able to read and write files in /home/user1/data/special/files. Additionally, user2 will be able to traverse the directory tree from / to /home/user1/data/special/files and see the relevant directories along the way.

Answered By: Grigorios
Categories: Answers Tags: , , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.