Give write permissions to multiple users on a folder in Ubuntu

Question

There is a folder that is owned by user tomcat6:

drwxr-xr-x 2 tomcat6 tomcat6 69632 2011-05-06 03:43 document

I want to allow another user (ruser) write permissions on document folder. The two users (tomcat6 and ruser) does not belong to same group. I have tried using setfacl:

sudo setfacl -m  u:ruser:rwx document

but this gives me setfacl: document: Operation not supported error. Kindly help me.

Answer 1

There are two ways to do this: set the directory to "world" writable or create a new group for the two users and make the directory writeable to that group.

Obviously making it world writeable is a Bad Thing, so the second option is preferable.

Users in Linux can belong to more than one group. In this case you want to create a brand new group, let's call it tomandruser:

sudo groupadd tomandruser

Now that the group exists, add the two users to it:

sudo usermod -a -G tomandruser tomcat6
sudo usermod -a -G tomandruser ruser

Now all that's left is to set the permissions on the directory:

sudo chgrp -R tomandruser /path/to/the/directory
sudo chmod -R 770 /path/to/the/directory

Now only members of the tomandruser group can read, write, or execute anything within the directory. Note the -R argument to the chmod and chgrp commands: this tells them to recurse into every sub directory of the target directory and modify every file and directory it finds.

You may also want to change 770 to something like 774 if you want others to be able to read the files, 775 if you want others to read and execute the files, etc. Group assignment changes won't take effect until the users log out and back in.

If you also want (you probably do) that new files created inside the directory by one of the users are automaticaly writable by others in the group, then see here.

Answer 2

Following script shows an example to give r (read) / w (write) / x (execute) permission to the given folder path /path/to/the/directory for USER1 and USER2. If you want to give only write access please replace rwx with w.

---

#!/bin/bash

# Block others and people in the same group to do `r/w/x` on the give folder:    
sudo chmod 700 /path/to/the/directory 

# Give read/write/execute access to USER1 on give folder:
sudo setfacl -R -m user:USER1:rwx  /path/to/the/directory 

# Give read/write/execute access to USER2 on give folder:
sudo setfacl -R -m user:USER2:rwx  /path/to/the/directory

Answer 3

Opinionated anwer:

• I like to put my shared folder in a central place. Not in someone else's homefolder, but /srv/common or even (for ruthlessly short paths...) /repo or similar.
• define a new group (typically for all local users, that you want to join in. However not some technical users like wwwuser, unless there's a valid reason)
• root is good to have as a member, also to have a neutral owner of that shared folder
• setGid is very important, such that new files do become common group membership, thus frank:common, not frank:frank

    sudo groupadd -f common
    usermod -aG common root
    usermod -aG common frank
    usermod -aG common mike

    # sort of hack for instant group refresh w/o logout
    # superuser.com/a/345051
    su - frank

    # sanity test1:
    cat etc/group | grep common
        common:x:1008:root,frank,mike
    # sanity test2:
    groups
        frank adm cdrom ... common
    sudo chown root:common /repo

    # (if you have shareable stuff setting somewhere else,
    #  copy it to here now)

    # no right to the world, the right rights to user and group
    chmod -R ug+rwXs,o-rwx $dest
    # why uppercase X ? → unix.stackexchange.com/a/416885

    # why s ? → superuser.com/a/277785
    # as there is no such thing as an uppercase S (directories only)
    # settings the s attribute on preexisting content would have to happen
    # like so:
    # find /repo -type d -exec chmod g+s {} \\\;