问题
I have root permissions on my server and I want to give permissions to particular groups and users of it. There is a one case, there is directory tree:
dir1
├── subdir1
├── subdir2
├── subdir3
I have three users (user1, user2, user3) - i want each of them to have permissions only to one directory (user1 - subdir1, user2 - subdir2, user3 - subdir3). User1 should not be able to see whats int subdir2 or subdir3, but he cant see that they exist, same with other users and their dirs.
I give persmissions using getfacl and setfacl commands.
What permissions should these users have to dir1 and subdirs?
回答1:
To allow all users see list of files in dir1 set permissions 0755 to this folder
$ chmod dir1 0755
To separate access to subfolders assign owner to each folder:
$ cd dir1
$ chown user1:user1 -R subdir1
$ chown user2:user2 -R subdir2
$ chown user3:user3 -R subdir3
Now make subfolders readable only for theirs owners:
$ chmod user* 0700
Now all users see that folders user* exist, but they can enter only in own folder
Update Sorry, can't format text in comments.
When I have more users than these three, and I want only these three to be able to enter dir1 - what then?
Then you have to assign them one special group and allow this group to read content of dir1.
Create group specialusers
$ groupadd specialusers
Add users in this group
$ usermod -aG specialusers user1
$ usermod -aG specialusers user2
$ usermod -aG specialusers user3
Allow specialusers to read folder
$ chown root:specialusers dir1
$ chmod dir1 0750
Now only users from in group specialusers can see a list of folders under dir1
来源:https://stackoverflow.com/questions/19110891/how-to-give-to-some-user-permissions-only-to-subfolder