How to manage permissions on Linux folders?
-
06-02-2021 - |
Pregunta
I'm a little bit confused with Linux permissions. I'm configuring a Git Central Repository that the users access by SSH. I'm using Filesystem ACLs(link) and regular linux permissions. What I intend to do is:
- Find a way in that only the users that I want will be able to list/read/write/execute the dir "/var/github" (in a way that I assign a group to the user that I want to give this kind of permissions)
- The user "git" is the only user that can create new folders in "/var/github"
This is possible to do? Somes clues on how to do it?
Best Regards,
Solución
You can use access control lists to grant access to multiple groups. Here's an example session (using Ubuntu, but it should be the same for CentOS) that gives the grp1
group read access and the grp2
group read, write and execute access:
$ touch foo
$ setfacl -m "g:grp1:r--,g:grp2:rwx" foo
$ getfacl foo
# file: foo
# owner: me
# group: me
user::rw-
group::r--
group:grp2:rwx
group:grp1:r--
mask::rwx
other::r--
Otros consejos
chown git:git /var/github; chmod 750 !$
Now only the group git
can read the folder and only the user git
can modify it.
Make sure that along with the user "git" that there is a "git" group. Add all the users to the group that you will give access to. Change the ownership properties of your directory to user and group git, and then the permission of 750. The ownership and mode commands are as follows:
chown git:git /var/github
chmod 750 /var/github
The permission of 750 lets the user do pretty much anything in the folder and only the members of the group "git" read and possibly execute in that folder. What programs and commands you use for your user management is up to you.