I had no clue that in Linux you can grant specific access rights to an individual user on a file/folder, using setfacl:
Since I have umask 0022, when I create a directory it's as per defaults read only for all other users. For instance, user "soa" can't create a file in /opt/pippo:
But this can be changed!
notice here the new element "user:soa:rwx".
At this point, user "soa" can create a file in /opt/pippo ! But no other user can...
See also http://www.computerhope.com/unix/usetfacl.htm for more advanced examples.
[root@osb-vagrant opt]# umask
0022
[root@osb-vagrant opt]# cd /opt
[root@osb-vagrant opt]# mkdir pippo
[root@osb-vagrant opt]# ls -ltra
...
drwxr-xr-x 2 root root 4096 Jul 30 11:36 pippo
...
[root@osb-vagrant opt]# getfacl /opt/pippo
# file: pippo
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
Since I have umask 0022, when I create a directory it's as per defaults read only for all other users. For instance, user "soa" can't create a file in /opt/pippo:
[soa@osb-vagrant pippo]$ cd /opt/pippo
[soa@osb-vagrant pippo]$ touch ciao.txt
touch: cannot touch `ciao.txt': Permission denied
But this can be changed!
[root@osb-vagrant opt]# setfacl -m u:soa:rwx /opt/pippo
[root@osb-vagrant opt]# getfacl /opt/pippo
getfacl: Removing leading '/' from absolute path names
# file: opt/pippo
# owner: root
# group: root
user::rwx
user:soa:rwx
group::r-x
mask::rwx
other::r-x
notice here the new element "user:soa:rwx".
At this point, user "soa" can create a file in /opt/pippo ! But no other user can...
See also http://www.computerhope.com/unix/usetfacl.htm for more advanced examples.