Home » Questions » Computers [ Ask a new question ]

Unix: How can I allow only one person to see my folder in the same fs?

Unix: How can I allow only one person to see my folder in the same fs?

I want to give an access to a dir for a friend. He has the access to the file system, where the dir is located. I don't want to set the permissions to all users. How can I allow only a person to see the dir? None of us is a superuser.

Asked by: Guest | Views: 117
Total answers/comments: 5
Guest [Entry]

"With just normal UNIX permissions (user, group, everyone), you can't do this easily. If you don't need access to the directory anymore, you can possibly change the owner of the directory to your friend, which is valid on some Unices, but most of them it is not.

However - if you have ACLs enabled on Linux, you can do this if you are the owner of the file. Just run the command setfacl -m user:friend:rwx filename where friend is the account name of your friend and filename is the file. You can check that it went into effect by running getfacl filename, you should see the triad user:friend:rwx in the list. I haven't seen too many Linux systems which have the ACLs enabled though."
Guest [Entry]

"Ryan was actually 100% correct, just backward. Since your friend (likely) has a unique group associated with his/her user name change the group ownership of the directory in question to that group, most likely the friend's user name. In order to be able to share the contents between the two of you you should retain ownership as the user:

chown -R youruser:friendgroup ~/foo/bar

Then assign appropriate permissions to the directory, dependent upon what access you wish the other user to have:

chmod -R 770 ~/foo/bar

would grant both of you full rwx access to the directory and its entire contents.

Please note that this assumes that no other user has been added to your friend's group. The system would not have likely have made this assignment, however, as was mentioned before, the root user may do what they choose. You may use the groups command to see each group to which your friend, or arbitrary user, belong. Additionally, unless the permissions have been changed for some reason, you should be able to view the /etc/group file which contains the group assignments for each group on the system."
Guest [Entry]

RBACS like grsec/selinux is required..
Guest [Entry]

By default, each user on an Ubuntu system also has an associated group of the same name. So if you can add your friend to your group and then mark the folder in question as g+rwx, you'll be set. I vaguely remember this use case being cited as the reason to create a group for each user.
Guest [Entry]

haven't tried this, but how about a public readable directory with an encrypted user-space FS inside (for example encfs). Then you can share that password with your friend and no one else can make use of that data (well, I guess they could get the data and run a password cracker offline?).