[lug] Permissions: Guard Directories but allow File changes
blug-mail at duboulder.com
Tue Feb 3 12:15:28 MST 2009
Gordon Golding wrote:
> I have a big directory tree - too big to play with by hand.
> I have someone (an OTHER person) who I want to be able to change files in every sub-/directory, but I want to protect the directories themselves.
> So I want the directories to be safe:????????? rwxrwxr-x
> But I want the files to be changeable:??????? rwxrwxrw-
Not exactly clear on what you are asking.
If you want commands to set these permissions:
find /root/path -type d -print0 | xargs -0 chmod 775
find /root/path -type f -print0 | xargs -0 chmod 666
find /root/path -type f -name '*.sh' -print0 | xargs -0 chmod +x
The first command sets the permissions of all the directories to rwxrwxr-x. The -print0
and -0 options are to handle names with spaces. The second command sets the perms
on real files (not symlinks) to rw-rw-rw (not setting x on the files - not needed
unless they are executables). The third command adds executable permissions to
The result of this is that anyone can modify the files in the directory tree,
but they can't rename or change permissions on files, or create/delete files
or directories in the tree.
If what you are asking is what permissions to set to accomplish your goal:
Create a user group that your account and other other person's account are members of
do these commands as root:
usermod -G<existing groups>,shareddirgrp <youraccount>
usermod -G<existing groups>,shareddirgrp <otheraccount>
chgrp -R sharedgrpdir /root/path
(to see what groups an account is already part of, as root:
Then change the permissions in the commands above to 750, 660, ug+x
This sets things so that world can't see in the directories or the files, but the
members of shareddirgrp can read but not modify the dirs, and can modify files in
the directory tree.
The other account will need to relogin (should do an id command to verify groups)
More information about the LUG