Here are two common ways to share a folder with another person:
* The chgrp method (a.k.a. Unix permissions)
First, one way to share a folder with one or more other people is to have a group which you all belong to and to make that folder belong to that group. By default, files and folders will belong to “yourdefaultgroup“, which happens to be named the same as “yourusername“. As long as your account “yourusername” belongs to a group called “yoursharedgroup“, if you want to share a folder with other members of that group, you could do this:
> mkdir shareme
> ls -ld shareme
drwx------ 2 yourusername yourdefaultgroup 4096 Oct 28 16:04 shareme
> chgrp yoursharedgroup shareme
> chmod g+rx shareme
> ls -ld shareme
drwxr-x--- 2 yourusername yoursharedgroup 4096 Oct 28 16:04 shareme
A potential downside with this method is that you cannot create your own groups; simply contact us to take care of it for you.
* The setfacl method (a.k.a. ACLs)
Another potential downside of the above method is that you can only assign one group to a folder or file. If you want to share with two different groups with different members, you will need something else. Linux also supports something called filesystem access control lists (ACLs) which can give permissions to many groups or users at the same time, but is more complicated to learn, understand, maintain properly, and debug issues with.
Since ACLs allow you to give permissions to specific users, there is no need for a group which you all belong to. That means you can do it entirely by yourself. However, there is also the option of using ACLs to give permissions to specific Unix groups as well.
Unfortunately, filesystem ACLs only work on some local filesystems. To see if you are able to use ACLs on a specific folder, check the result of the following command. Currently supported filesystems are “ext2/ext3”, “ext4”, “xfs”. Filesystems that do NOT support ACLs in SEAS are: “nfs”, “zfs”.
stat -f -c %T /path/to/folder/in/question
Assuming your folder is on one of the supported filesystems, here is a sample for giving shared access to someone else using their individual username:
> mkdir shareme
> getfacl shareme
# file: yourusername
# owner: yourusername
# group: yourdefaultgroup
user::rwx
group::r-x
other::---
> setfacl -m u:theirusername:rwx shareme
defaultgroup
> getfacl shareme
# file: yourusername
# owner: yourusername
# group: youruser::rwx
user:theirusername:rwx
group::r-x
mask::rwx
other::---
In this series of commands we listed the ACL with the “getfacl” command, modified it with the “setfacl -m” command adding user theirusername with rwx permissions (u:theirusername:rwx), then listed the permissions again. You can see in the second list that user theirusername now has rwx permissions on that folder. We also could have given just “rx” permissions if they do not need to write to the folder.
If you want to make sure that any file or folder created under that folder in the future also receives the same permissions automatically, then add “-d” to the command like so:
> setfacl -d -m u:theirusername:rwx shareme
At this point any new files and folders inside the shareme directory will also get the desired ACLs.
> mkdir shareme/test
ing> getfacl shareme/testing
# file: yourusername/testing
# owner: yourusername
# group: yourdefaultgroup
user::rwx
user:theirusername:rwx
group::r-x
mask::rwx
other::---
default:user::rwx
default:user:theirusername:rwx
default:group::r-x
default:mask::rwx
default:other::---
Now you can see both lines “user:theirusername:rwx” as well as “default:user:theirusername:rwx” for the newly created subfolder. Any file or folder created under a folder with “default:user:theirusername:rwx” set in its file ACLs will give rwx permissions to theirusername, *and* all default ACL settings will be inheriteds as well, so this behaviour is recursive.
If you want to delete an ACL, use the same command you used to add it but with “-x” instead of “-m”. Also, setfacl supports -R for recursively changing an entire directory.
Those are the basics of file ACLs. For an example basic tutorial, see https://www.redhat.com/sysadmin/linux-access-control-lists