How to Give to Some User Permissions Only to Subfolder

How to give to some user permissions only to subfolder

To allow all users see list of files in dir1 set permissions 0755 to this folder

$ chmod dir1 0755

To separate access to subfolders assign owner to each folder:

$ cd dir1

$ chown user1:user1 -R subdir1
$ chown user2:user2 -R subdir2
$ chown user3:user3 -R subdir3

Now make subfolders readable only for theirs owners:

$ chmod user* 0700

Now all users see that folders user* exist, but they can enter only in own folder

Update
Sorry, can't format text in comments.

When I have more users than these three, and I want only these three
to be able to enter dir1 - what then?

Then you have to assign them one special group and allow this group to read content of dir1.

Create group specialusers

$ groupadd specialusers

Add users in this group

$ usermod -aG specialusers user1
$ usermod -aG specialusers user2
$ usermod -aG specialusers user3

Allow specialusers to read folder

$ chown root:specialusers dir1
$ chmod dir1 0750

Now only users from in group specialusers can see a list of folders under dir1

How do I change permissions for a folder and its subfolders/files?

The other answers are correct, in that chmod -R 755 will set these permissions to all files and subfolders in the tree. But why on earth would you want to? It might make sense for the directories, but why set the execute bit on all the files?

I suspect what you really want to do is set the directories to 755 and either leave the files alone or set them to 644. For this, you can use the find command. For example:

To change all the directories to 755 (drwxr-xr-x):

find /opt/lampp/htdocs -type d -exec chmod 755 {} \;

To change all the files to 644 (-rw-r--r--):

find /opt/lampp/htdocs -type f -exec chmod 644 {} \;

Some splainin': (thanks @tobbez)

  • chmod 755 {} specifies the command that will be executed by find for each directory
  • chmod 644 {} specifies the command that will be executed by find for each file
  • {} is replaced by the path
  • ; the semicolon tells find that this is the end of the command it's supposed to execute
  • \; the semicolon is escaped, otherwise it would be interpreted by the shell instead of find

Set permissions for directorys/subdirectorys/files

You have to add another AccessRule with InheritanceFlags set to ContainerInherit AND ObjectInherit.

To get the permissions to propgate to child folders, the PropagationFlag is set to Inherit only.

Here's an example below

    public void PropogateSecurity(string userid,string directory)
    {

        var myDirectoryInfo = new DirectoryInfo(directory);
        var myDirectorySecurity = myDirectoryInfo.GetAccessControl();
        myDirectorySecurity.AddAccessRule(new FileSystemAccessRule(userid, FileSystemRights.Modify, InheritanceFlags.ContainerInherit, PropagationFlags.InheritOnly, AccessControlType.Allow));
        myDirectorySecurity.AddAccessRule(new FileSystemAccessRule(userid, FileSystemRights.Modify, InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow));
        myDirectoryInfo.SetAccessControl(myDirectorySecurity);

    }

You can also do this with recursion, but the above would be my preferred method as cleaning up permissions would be annoying.

How to grant permission to users for a directory using command line in Windows?

As of Vista, cacls is deprecated. Here's the first couple of help lines:

C:\>cacls
NOTE: Cacls is now deprecated, please use Icacls.

Displays or modifies access control lists (ACLs) of files

You should use icacls instead. This is how you grant John full control over D:\test folder and all its subfolders:

C:\>icacls "D:\test" /grant John:(OI)(CI)F /T

According do MS documentation:

  • F = Full Control
  • CI = Container Inherit - This flag indicates that subordinate containers will inherit this ACE.
  • OI = Object Inherit - This flag indicates that subordinate files will inherit the ACE.
  • /T = Apply recursively to existing files and sub-folders. (OI and CI only apply to new files and sub-folders). Credit: comment by @AlexSpence.

For complete documentation, you may run "icacls" with no arguments or see the Microsoft documentation here and here


Related Topics

Haskell Cabal: Mysterious Missing or Recursive Dependencies

How to Use Performance Counters Inside of The Kernel

Making Strlcpy Available in Linux

Deleting Content of Folder with Shell Script

How to Configure Gitlab as a Subdomain in Nginix.Conf

Setting Environment Variable with Leading Digit in Bash

How to Move Old File to Another Folder

User-Space Memory Editing Programs

Why The Process Is Getting Killed at 4Gb

Using Mutexes/Semaphores with Processes

.Htaccess Redirect Index.PHP to /

Programmatically Disable Hardware Prefetching on Amd Systems

How to Read/Write From/To a Linux /Proc File from Kernel Space

Does Each Unix File Description Have Its Own Read/Write Buffers

Docker with '-User' Can Not Write to Volume with Different Ownership

Two Processes Write to One File, Prevent Mixing The Output

How to Authenticate Username/Password Using Pam W/O Root Privileges

How to Grep in a Loop


Leave a reply



Submit