Allow users to chmod a file not owned by them

permissions

I would like to allow users to chmod a file that is owned by root or some user that is not themselves. I have chmod'ed the file to 777 and I get "operation not permitted". I have added the user to the group of the file and get the same. Why can't a user chmod a file they have write access to?

Best Answer

Why can't a user chmod a file they have write access to?

For the normal access rights this is a design decision. You need richacls: WRITE_ACL and maybe WRITE_OWNER.

Related Solutions

Centos – Allow all users can write files/folders of user “apache”

Filesystem ACLs are going to be your best solution here.

You can set a default ACL on directories, and when a file is created in that directory, it inherits the default ACL. You can then set this default ACL to allow access to the files.

For example, if you wanted to grant all users of the group mygroup read/write access to /var/www, you can do:

setfacl -R -m group:mygroup:rw /var/www
setfacl -R -d -m group:mygroup:rw /var/www

The first line sets the ACL on all the existing files. The second line sets the default for any new files.

And while I think it's a bad idea, if you really want to allow all users full access to the files:

setfacl -R -m other::rw /var/www
setfacl -R -d -m other::rw /var/www

Note that this will require your filesystem to be mounted with ACL support. If this is not currently the case, you can do so via mount -o remount,acl /var/www (or whatever the mountpoint is). Then edit your /etc/fstab and add the acl option to the appropriate line.

Allow group to r/w in folder owned by a specific user

This is quite special and you could not manage this by using the legacy permissions architecture of an unixoid system. The closest approach to your intention is using ACLs. Issue the following command (optionally as superuser):

setfacl -d -R -m g:manager:rwx /dir/of/user1
setfacl -R -m g:manager:rwx /dir/of/user1

The first command sets the default permissions to the directory so that they apply to newly created files (by user1). The second command sets the actual rights of the folders and files recursively.

Note, that the ACL infrastructure does not apply to the Apache Webserver. Apache only cares about the legacy permissions (user/group/others permission). So inside the webfolder every file/folder must be in the www-data group and every file must have at least read permissions for www-data. Folders should have the execute permissions for www-data for the Index searching.

Update:

To force the newly created files inside a directory to inherit the group of this directory set the gid bit of the directory:

chmod g+s /web/directory

Newly created files inside /web/directory will then inherit the group of /web/directory

Best Answer

Related Solutions

Centos – Allow all users can write files/folders of user “apache”

Allow group to r/w in folder owned by a specific user

Related Question