Assign Read/Write Access to a User on Specific Directory in Linux

There are two possible methods of doing this: the first is using ACLs (Access Control Lists) and the second is creating user groups to manage file permissions, as explained below.

 

For the purpose of this tutorial, we will use the following setup.

Operating system: CentOS 7
Test directory: /shares/project1/reports 
Test user: rootadminz
Filesystem type: Ext4

 

Make sure all commands are executed as the root user or use the sudo command with equivalent privileges.

 

Let’s start by creating the directory called reports using the mkdir command:

# mkdir -p /shares/project1/reports   

 

Using ACL to Give Read/Write Access to User on Directory

Important: To use this method, ensure that your Linux filesystem type (such as Ext3 and Ext4, NTFS, BTRFS) support ACLs.

 

1. First, check the current file system type on your system, and also whether the kernel supports ACL as follows:

# df -T | awk '{print $1,$2,$NF}' | grep "^/dev"
# grep -i acl /boot/config*

From the screenshot below, the filesystem type is Ext4 and the kernel supports POSIX ACLs as indicated by the CONFIG_EXT4_FS_POSIX_ACL=y option.

 

2. Next, check if the file system (partition) is mounted with ACL option or not:

# tune2fs -l /dev/sda1 | grep acl

 

From the above output, we can see that the default mount option already has support for ACL. If in case it’s not enabled, you can enable it for the particular partition (/dev/sda3 for this case):

# mount -o remount,acl /
# tune2fs -o acl /dev/sda3

 

3. Now, its time to assign a read/write access to a user rootadminz to a specific directory called reports by running the following commands.

# getfacl /shares/project1/reports       		  # Check the default ACL settings for the directory 
# setfacl -m user:rootadminz:rw /shares/project1/reports     # Give rw access to user rootadminz 
# getfacl /shares/project1/reports    			  # Check new ACL settings for the directory

 

In the screenshot above, the user rootadminz now has read/write (rw) permissions on directory /shares/project1/reports as seen from the output of the second getfacl command.

 

Was this answer helpful? 0 Users Found This Useful (0 Votes)