2 minutes read 23rd June, 2015
linux

I want to make a folder that several users can read and write to, as if they owned the folder themselves. This is a fairly common pattern I encounter on my linux machines. For example this is useful when you want to access a folder and allow a daemon running under its own user to also access a folder.

Let’s do an example with two users dan and john who both want to access some folder /share/docs.

Adding all the users to a common group

First there needs to be a common group that all the users belong to. It doesn’t need to be their primary group. Let’s make a group called people and add both users to it you can run the following commands:

groupadd people
gpasswd -a dan people
gpasswd -a john people

Change the group of the folder

Next we change the group owning the folder. We pass -R to recursively set the group for sub-folders and files.

chown -R :people /share/docs

Setting setguid special mode on folders

We also need to change the setguid special mode on the docs folder. This causes any files or folders created under it to inherit its group instead of the users primary group.

chmod g+s /share/docs

If the /share/docs folder isn’t empty and contains folders, then we also need to run chmod g+s on each of those subfolder as well. This can be done with the find command:

find /share/docs -type d -exec chmod g+s '{}' \;

Set ACL for shared folder

The final thing to do is to add an ACL rule to set the default group permissions on the folder to rw using setfacl. This is so that newly created files and folders by users in the shared folder can be read and written by all users of the group.

setfacl -Rdm g:people:rw /share/docs

The flags used are: -R to apply the ACL rule recursively to the folder, -d adds the rule to the default ACL and -m signifies that the ACL is being modified. g:people specifies that we are operating on the group people and the :rw that we are providing read and write access.

You should now be able to read and write to the shared folder with multiple users.