I have created 3 users 'u1','u2','u3'. Now I want to provide access to u1's /home/u1/share directory users u2,u3.
I don't want to create a new common group named 'shared' and add 3 users there. Is it possible use 'u1' group itself ?
So far I tried
#add u2,u3 to group of u1
usermod -a -G u1 u2
usermod -a -G u1 u3
#ensure u1 has group read access
chmod 750 /home/u1
#create new shared dirs
umask 027 && mkdir /home/u1/share
Though
ls -ld /home/u1/share
drwxr-x---. 2 u1 u1 4096 Apr 23 10:11 /home/u1/share
shows read access to group - User u2 can't access this directory.
[u2@ ~]$ ls -l /home/u1/share
ls: cannot access /home/u1/share: Permission denied
Any thoughts on this ? where I'm doing it wrong?
You need ACLs to solve the permission problem. You have to give all respective directories group write access and have to set default ACLs for them (in case the users shall be able to create subdirectories):
or instead
if you ensure via SGID bit that a newly created subdirectory belongs to the same group.
I do not consider your decision not to create a new group a good idea.
What you've done should be fine, but has user
u2logged out and in again since you ran the usermod? Group memberships are only picked up at login time.Doing an
id -aforu2can also help confirm whether or not that particularu2shell is in groupu1, or not.For what it's worth, although I disagree with Hauke about ACLs (they certainly aren't needed in this case, because as you've shown it can be done with groups; I find ACLs are hardly ever really needed, and such an incredible pain even on the odd occasion they are, that I normally advise people to change their requirements instead), I agree that this is a perfect case for a new, custom group.