Shared Directory Access in Linux

Blog Posts

February 12, 2023·

Debian

It’s a common request to configure a directory so multiple users can access it at the same time. Unfortunately setting up the configuration so subsequent sub-directories also continue to allow multi-user access can be pain.

In this blog post, we’ll walk through using the getfacl and setfacl commands to manipulate access control lists (ACLs), allowing multiple users access to the same directory. Using this method we’ll also ensure that all subsequent sub-directories retain these permissions so access by multiple users continues to work as intended.

Be warned this articles assumes we’re creating a brand-new directory and setting up permissions for a new set of users. If you have an existing directory with existing files, you’ll need to ensure these commands are applied recursively (-R flag).

Installation

By default, a minimal installation of Debian does not include the acl package. Install it using apt.

apt install acl

Users & Groups

Next, we’ll create all users who will need access to this shared directory. Additionally, We’ll also create the group used to control access. In this example, the group will be called mygroup.

Create Group

Create the group which will control access to the shared directory.

groupadd mygroup

Create User Accouts

Create accounts for all users who will be accessing the shared directory. Obviously feel free to skip this step if the accounts are already created.

adduser user

Interesting tidbit: adduser is a perl script that helps you setup a new user. It’s commonly confused with useradd which is a low-level command that doesn’t automatically help setup common user account features such as the default shell, home directory etc.

Add Users to Group

With all users created, add them into your new group.

usermod -aG mygroup user

The -a is important as it tells usermod to add this user as a member of the group, rather have this user be apart of only this group (removing the user from all other groups).

Configure Directory

With the prep work done, lets configure the directory to allow shared access.

Run the setfacl command with the -d flag. The -d stands for default and indicates that this is a default ACL that should be applied to all newly created sub-files/folders. Note, this doesn’t take effect on any existing files however, so we’ll deal with that in the next step.

setfacl -d -m g:mygroup:rwx /opt/directory

Now, remove the -d flag and re-run the command. This will change the directories permissions so members of mygroup will have access to the directory.

setfacl -m g:mygroup:rwx /opt/directory

Verify Configuration

ℹ️

Note, these changes won’t take effect until next sign-in.

To verify the permissions, run getfacl /opt/directory and you should see the following.

user@host:/$ getfacl /opt/directory

# file: directory/
# owner: root
# group: root
user::rwx
group::r-x
group:mygroup:rwx
mask::rwx
other::r-x
default:user::rwx
default:group::r-x
default:group:mygroup:rwx
default:mask::rwx
default:other::r-x

Congradulations, you’ve configured shared access to a directory within Linux.

Using ROBOCOPY to Transfer Large Amounts of Data Update Directory and File Permissions Separately