14

Consider two user accounts user1 and user2 on one Linux machine. I want user2 to be able to have read and write access to a folder in user1 home directory.

So far created a group for both users and added both users 

groupadd twousers
usermod -a -G twousers user1
usermod -a -G twousers user2

then changed the group and the path and changed the permission 

chgrp twousers /home/user1/folder
chmod g+rwx /home/user1/folder

Unfortunately user2 is still unable to access the folder /home/user1/folder. It seems to be quite simple but somehow I am lost. What am I missing?

Improve this question
2
  • Something often missed is the permissions on the parent directory. It's possible that /home/user1 has no execute permission for user2. The simplest way to fix this would be chmod o+x /home/user1 since I guess you don't want to change the group on the home directory you need to give everyone execute permission on it. Commented Mar 20, 2019 at 23:08
  • I swear that this exact same question was asked earlier this year but I wasn't able to locate it. Anyway, the other user can't access the directory because the home directory of each user is only traversable by the respective user. Rather than having the folder inside of another user's home, just put it in mnt and change the permissions in that directory or create an NFS export that only the two users can access. Commented Mar 20, 2019 at 23:11

3 Answers 3

Reset to default
13

The problem you are experiencing was to expect. Indeed, you are trying to share a folder inside another user home folder, which, for obvious security reasons, is (and should) only be accessible to the owner (and root, but that's another story).

In order to solve your problem, you should create another folder, where the potential parent(s) folder(s) will have the same permissions for both users e.g. /data/shared_folder.

Here is a brief step-by-step example:

  • Create a parent folder (not necessary but it's for the sake of the example):

     # cd /
 # mkdir data

  • Create a shared subfolder:

     # cd data
 # mkdir shared_folder

  • optional : at this stage you could copy the content of the future shared folder into shared_folder.

     # cp -p  /path/to/folder/* /data/shared_folder/

  • Create a group shared and two users bob and alice to it:

     # groupadd shared
 # usermod -aG shared bob
 # usermod -aG shared alice

  • Recursively change group folder ownership:

     # chgrp -R shared /data

  • Adding reading, writing and executing (only for files already executables) permissions for the group shared:

     # chmod -R g+rwX /data

  • Bob and Alice will now be able to do whatever they want inside the folder shared but as well in data.

Depending on your use case, you could just have one level but this example shows how the parent folder permissions can affect a folder deeper into the filesystem and allows for more scalability and granularity.

Improve this answer
1
  • 1
    typo in your answer, no space in groupadd Commented Mar 31, 2022 at 22:33
1

Paradox's answer is indeed the best answer. However I feel like it was not fully explained as to why a root folder should be created.

If you have a shared folder in /home/user1/sharedfolder then you need access to the folder /home/user1 as well (which was explained). But you should notice that /home/user1 is user/group owned by user1. user2 would need to be a part of the group user1 (or permissions of /home/user1 need to be 751 or more specifically gives "other users" executable permissions which is not a good idea) to access /home/user1. Executable access to /home/user1 is required in order to access the shared folder. Like sometimes I forget that even the command "cd" is a program, and if you cant cd into /home/user1 as user2 then how can you access /home/user1/sharedFolder ?

So unless you want user2 to be able to access everything user1 has access to in their home folder then you would definitely require the use of a more "public meeting" spot rather than in the home. I mean, think about it this way you can't share something in your home without giving access to your home in the first place.

Lets say you have a secondary hard drive / mounted folder. If you want multiple users to access that, I recommend to throw it into `/mnt/mountedFolder', then have a shared group own that mountedFolder using the directions from the best answer above.

When using containers its acceptable to map /mnt/mountedFolder to a root folder inside the container like /data or /config and basically the user of your container would need to be apart of that shared group. Your container may create new users with different user IDs...if that user in the container creates a folder/file with its own permissions the users who had access to the /mnt/mountedFolder will be unable to access those folders/files unless those users are apart of the group of the containerised user group and that containerised user is creating files/folders where the group permission is g+rwx.

Hope this adds a better explanation for those who didn't understand after the best answer. Dealing with permissions can frustrating because it seems like it should be so simple, but there's actually a lot to consider. When you feel frustrated about permissions try not to do something silly and try to make everything have more elevated permissions than necessary... you are probably missing something.

Improve this answer
-3

you must add user2 to user1 group then give read and write permission to group section of that specific folder

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.