0

The question is how to allow one user (but not all!) to access files of another user.

I have a directory /home/alice/dir owned by alice:

$ cd /home/alice
$ ls -l
drwxr-x---  2 alice alice       4096 Feb 10 21:24 dir

i.e., owner alice and group alice have read/execute access.

I want to allow user bob access to this directory, but any other user eve should not have access.

What I did so far was:

$ sudo adduser bob alice

and now

$ getent group alice
alice:x:1001:bob

so now bob is in the group alice.

However, still bob cannot access the directory:

$ whoami
bob
$ cd /home/alice
$ pwd
/home/alice
$ ls -l
drwxr-x---  2 alice alice       4096 Feb 10 21:24 dir
$ getent group alice
alice:x:1001:bob
$ cd dir
bash: cd: test: Permission denied

What's wrong?

Users were created with 

sudo adduser alice
sudo adduser bob
sudo adduser eve
Improve this question
8
  • You need to have every directory on the path to dir with at least execute rights for the group alice.
    – didierc
    Commented Feb 11, 2015 at 4:00
  • Yes, bob can navigate to the directory where dir is, and the ls -l output in my question is as seen by bob from that directory. But then cd dir fails for bob, but su sudo and cd dir works.
    – Alexander Gelbukh
    Commented Feb 11, 2015 at 4:03
  • so you want to know why bob can not access a file owned by alice ? bob needs to be a member of the alice group or you need to change the group ownership of the file from alice to bob. I suggest you look at ACL
    – Panther
    Commented Feb 11, 2015 at 4:07
  • I believe that bob is a member of alice group. Please see the output of getent in my question. I've added him to the group with sudo adduser bob alice.
    – Alexander Gelbukh
    Commented Feb 11, 2015 at 4:09
  • Did you set the whole system up yourself? (or at least the user accounts?)
    – didierc
    Commented Feb 11, 2015 at 4:09

1 Answer 1

Reset to default
1

The way of doing it as described in the question is correct.

However, when you update the groups, the permissions of the current process, including your shell, are not updated. So in my case groups (current shell started by bob before the groups were changed) and groups bob (current permissions of user bob) showed different results:

$whoami
bob
$ groups bob # current membership of bob
bob alice
$ groups     # shell run by bob BEFORE the groups changed
bob
$ cd /home/alice/dir
bash: cd: test: Permission denied

So I had to close the shell, and even close the tunnel (I was connected to the Ubuntu box via a SSH tunnel) and open a new shell (after I connected to SSH again) and then I saw

$whoami
bob
$ groups bob
bob alice
$ groups     # current shell run by bob AFTER the groups changed
bob alice
$ cd /home/alice/dir
$ pwd
/home/alice/dir

If bob is a service, that service is to be restarted!

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .