How to grant different permissions for each user

filesgrouppermissionsusers

So, I've been using Linux for a few years now, and I really should know this answer, but I'm having trouble finding it. Specifically I've been using Debian based distro's….mostly Ubuntu.

If I have a server, that has more than three users, how do I set a different set of permissions to a file for each user.

For example:

If I have a file with these permissions and ownership:

rwx rw_ r__ user1:group1 file1.txt

and I have 3 users with these desired permissions….

  • user1 rwx
  • user2 rw_
  • user3 r__

All I have to do is have user1 own the file, user2 be in group1, and user3 can be neither — correct?

But, what if I have a user4 and user5.

  • user4 _wx
  • user5 __x

How would I set that up?

I haven't had to do this before, but I was asked that question by a Windows admin, and I honestly couldn't answer.

Best Answer

Traditional unix permissions only allow user, group, other permissions as you've found. These can result in some awkward combination of groups needing to be created...

So a new form of ACL (Access Control Lists) were tacked on. This allows you to specify multiple users and multiple groups with different permissions. These are set with the setfacl command and read with getfacl

$ setfacl -m u:root:r-- file.txt
$ setfacl -m u:bin:-wx file.txt 
$ setfacl -m u:lp:--x file.txt 
$ getfacl file.txt
# file: file.txt
# owner: sweh
# group: sweh
user::rw-
user:root:r--
user:bin:-wx
user:lp:--x
group::r--
mask::rwx
other::r--

You can easily tell if a file has an ACL by looking at the ls output:

$ ls -l file.txt
-rw-rwxr--+ 1 sweh sweh 0 Jul 26 10:33 file.txt

The + at the end of the permissions indicates an ACL.

Related Question