How to allow one user — but not all — to access files of another user in Ubuntu?
I have a directory /home/alice/dir
owned by alice
:
$ cd /home/alice
$ ls -l
drwxr-x--- 2 alice alice 4096 Feb 10 21:24 dir
i.e., owner alice
and group alice
have read/execute access. Of course, /home
and /home/alice
are readable/executable for all (drwxr-xr-x
), which is the default configuration for Ubuntu.
I want to allow user bob
access to this directory, but any other user eve
should not have access.
What I did so far was:
$ sudo adduser bob alice
and now
$ getent group alice
alice:x:1001:bob
so now bob
is in the group alice
.
However, still bob
cannot access the directory:
$ whoami
bob
$ cd /home/alice
$ pwd
/home/alice
$ ls -l
drwxr-x--- 2 alice alice 4096 Feb 10 21:24 dir
$ groups bob
bob : bob alice
$ cd dir
bash: cd: test: Permission denied
What's wrong?
Users were created with
sudo adduser alice
sudo adduser bob
sudo adduser eve
Ubuntu 14.04. I think ACL are not used, and I don't want to use them — I think what I want should be perfectly achievable without ACL.
Best Answer
The way of doing it as described in the question is correct:
However, you will not see the changes immediately: all currently running processes and services must be restarted for them to see the changes.
This is because when you update the groups, the permissions of the currently running processes and services, including your shell, are not updated. So in my case
groups
(current shell started bybob
before the groups were changed) andgroups bob
(current permissions of userbob
) showed different results:So I had to close the shell, and even close the tunnel (I was connected to the Ubuntu box via an SSH tunnel) and open a new shell (after I connected to SSH again) and then I saw
If
bob
is a service, such asapache2
(running under userwww-data
), that service is to be restarted!