How to allow one user — but not all — to access files of another user in Ubuntu?
I have a directory /home/alice/dir owned by alice:
$ cd /home/alice
$ ls -l
drwxr-x--- 2 alice alice 4096 Feb 10 21:24 dir
i.e., owner alice and group alice have read/execute access. Of course, /home and /home/alice are readable/executable for all (drwxr-xr-x), which is the default configuration for Ubuntu.
I want to allow user bob access to this directory, but any other user eve should not have access.
What I did so far was:
$ sudo adduser bob alice
and now
$ getent group alice
alice:x:1001:bob
so now bob is in the group alice.
However, still bob cannot access the directory:
$ whoami
bob
$ cd /home/alice
$ pwd
/home/alice
$ ls -l
drwxr-x--- 2 alice alice 4096 Feb 10 21:24 dir
$ groups bob
bob : bob alice
$ cd dir
bash: cd: test: Permission denied
What's wrong?
Users were created with
sudo adduser alice
sudo adduser bob
sudo adduser eve
Ubuntu 14.04. I think ACL are not used, and I don't want to use them — I think what I want should be perfectly achievable without ACL.
Best Answer
The way of doing it as described in the question is correct:
However, you will not see the changes immediately: all currently running processes and services must be restarted for them to see the changes.
This is because when you update the groups, the permissions of the currently running processes and services, including your shell, are not updated. So in my case
groups(current shell started bybobbefore the groups were changed) andgroups bob(current permissions of userbob) showed different results:So I had to close the shell, and even close the tunnel (I was connected to the Ubuntu box via an SSH tunnel) and open a new shell (after I connected to SSH again) and then I saw
If
bobis a service, such asapache2(running under userwww-data), that service is to be restarted!