I have a directory inside my home folder that I'd like another user to be able to access. I created a group for him and we both joined it, and I did
sudo chgrp -R group folder/
He still cannot get into the directory, getting permission denied. I also did
sudo chmod -R 777 folder/
To no avail. Why isn't this wokring? Thanks.
Best Answer
Did you check that he has execute permission to the parent directories ? Otherwise it won't work.
More precisely, along the path a user takes to reference a filesystem object, all directories in-between must have execute permission set for him. In practice, it will often be better to give the read permission as well, since giving only the execute permission would work only if the accessing user progresses to the desired directory without being able to look into those intermediate directories, which is not how things go when using a file manager or shell completion (tab), for example.
If you don't mind everybody else having read+exec access to the parent directories, you may be happy with a
chmod o+rxon those directories, or you will have tochgrpthose directories as well andchmod g+rx.Or... OR... you can use... POSIX ACLs !
You can use the
setfaclandgetfaclcommands, or use Eiciel (apt install eiciel), the gnome file ACL editor, to set those ACLs. Among other things, POSIX ACLs enable granting/revoking rights to specific users and groups, not having to stick to the traditional UNIX "ugo" permission model. More in the NTFS way, if you don't find the comparison too obscene.man aclmay help you, butman setfaclseems more interesting, as it covers Linux-specific parts such as so-called default ACLs, that are inherited by filesystem objects created in a directory.So for example, if you want to give user bob the "rwx" permissions on directory "work", with default (inherited) "r" permissions, type :
setfacl -m u:bob:rwx,d:u:bob:r workYou still have to give bob the read+execute permission on whatever directories he may have to cross to reach "work" though (if he doesn't have those rights already) :
setfacl -m u:bob:rx intermediate_directoryAs a side note, POSIX ACLs are not new. I remember using them on a Digital Unix system more than twenty years ago. However, the system forgot resetting those ACLs on TTY allocation/deallocation, only the traditional rights, which enabled a few exploits in those old times when device files were statically created...
EDIT : Instead of having to give +rx rights on intermediate directories, you can remount the target directory somewhere else on the filesystem. Let's suppose you have a directory "work", whose absolute path is /x/y/z/work, and you don't want to modify the rights on x, y or z. You can create a /shared/work directory, and remount /x/y/z/work there, using :
That wouldn't survive across reboots though, so in case you want it to persist, append the following line to /etc/fstab :
/x/y/z/work /shared/work none bindDoing that will make the work directory contents reachable through /x/y/z/work and /shared/work as well.
But of course, if you don't mind moving /x/y/z/work to some other place :
is the simplest and best way.