Linux Permissions – Group Within Group File Permissions Explained

filesgrouplinuxpermissionsusers

I tried finding this on here, but couldn't so sorry if it's a duplicate.

Say I have 2 groups and a user: group1, group2, user1
with the following structure: group1 is a member of group 2, user1 is a member of group1

Now say I have the following files with relevant permissions

file1 root:group1 660
file2 root:group2 660

Now when I log into user1, I'm able to edit file1, but not edit file2. Short of adding user1 to group2, is there any way of doing this? or is there no way?

I'm using Ubuntu btw.

Best Answer

There is no such thing as a group being a member of a group. A group, by definition, has a set of user members. I've never heard of a feature that would let you specify “subgroups” where members of subgroups are automatically granted membership into the supergroup on login. If /etc/group lists group1 as a member of group2, it designates the user called group1 (if such a user exists, which is possible: user names and group names live in different name spaces).

If you want user1 to have access to file2, you have several solutions:

  • Make file2 world-accessible (you probably don't want this)
  • Make user1 the owner of file2: chown user1 file2
  • Add user1 to group2: adduser user1 group2

  • Add an ACL to file2 that grants access to either user1 or group`:

    setfacl -m user:user1:rw file2
setfacl -m group:group1:rw file2

    See Make all new files in a directory accessible to a group on enabling ACLs.

Related Question