Linux + how to give only specific user to read the file

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
3
down vote

favorite












lets say we want that only user tutu can read the file



/home/grafh/file.txt 


what is the configuration that need to do in order to enable that?



  • file owner must be stay as root ( and only user tutu can read the file )






share|improve this question


























    up vote
    3
    down vote

    favorite












    lets say we want that only user tutu can read the file



    /home/grafh/file.txt 


    what is the configuration that need to do in order to enable that?



    • file owner must be stay as root ( and only user tutu can read the file )






    share|improve this question
























      up vote
      3
      down vote

      favorite









      up vote
      3
      down vote

      favorite











      lets say we want that only user tutu can read the file



      /home/grafh/file.txt 


      what is the configuration that need to do in order to enable that?



      • file owner must be stay as root ( and only user tutu can read the file )






      share|improve this question














      lets say we want that only user tutu can read the file



      /home/grafh/file.txt 


      what is the configuration that need to do in order to enable that?



      • file owner must be stay as root ( and only user tutu can read the file )








      share|improve this question













      share|improve this question




      share|improve this question








      edited Oct 29 '17 at 12:41

























      asked Oct 29 '17 at 12:11









      yael

      2,0251145




      2,0251145




















          2 Answers
          2






          active

          oldest

          votes

















          up vote
          2
          down vote



          accepted










          You have two possibilities, using the the classical DAC (Discretionary Access Control, the usual rwx rights) of using files ACL (Access Control Lists).



          Using DAC permissions



          If tutu has not its own group (check groups tutu output), you must create a new group and make tutu the only member of this group.



          root@host:~# addgroup tutu
          root@host:~# usermod -G tutu tutu


          Then change the file permissions to allow read access to the members of the tutu group:



          root@host:~# chgrp tutu /home/grafh/file.txt
          root@host:~# chmod 640 /home/grafh/file.txt


          This file will remain owned by root, but be readable (but not writeable) by tutu and not by the other other users.



          Using ACL permissions



          ACLs are additional rights which come in addition to the DAC permissions seen above. There are meant to solve situation which cannot be easily solved using the historical Unix DAC permission system.



          To allow tutu to read the file:



          root@host:~# setfacl -m u:tutu:r /home/grafh/file.txt 





          share|improve this answer



























            up vote
            1
            down vote













            In order for this to work tutu must have execution access to /home/grafh.



            root must execute these commands:



            chown root:tutu /home/grafh/file.txt 
            chmod 640 /home/grafh/file.txt


            This works only if there is a group tutu and the user tutu is its only member.






            share|improve this answer






















            • I forget to tell you that owner must be stay as root , so we need other solution
              – yael
              Oct 29 '17 at 12:26











            Your Answer







            StackExchange.ready(function()
            var channelOptions =
            tags: "".split(" "),
            id: "106"
            ;
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function()
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled)
            StackExchange.using("snippets", function()
            createEditor();
            );

            else
            createEditor();

            );

            function createEditor()
            StackExchange.prepareEditor(
            heartbeatType: 'answer',
            convertImagesToLinks: false,
            noModals: false,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            );



            );













             

            draft saved


            draft discarded


















            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f401207%2flinux-how-to-give-only-specific-user-to-read-the-file%23new-answer', 'question_page');

            );

            Post as a guest






























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            2
            down vote



            accepted










            You have two possibilities, using the the classical DAC (Discretionary Access Control, the usual rwx rights) of using files ACL (Access Control Lists).



            Using DAC permissions



            If tutu has not its own group (check groups tutu output), you must create a new group and make tutu the only member of this group.



            root@host:~# addgroup tutu
            root@host:~# usermod -G tutu tutu


            Then change the file permissions to allow read access to the members of the tutu group:



            root@host:~# chgrp tutu /home/grafh/file.txt
            root@host:~# chmod 640 /home/grafh/file.txt


            This file will remain owned by root, but be readable (but not writeable) by tutu and not by the other other users.



            Using ACL permissions



            ACLs are additional rights which come in addition to the DAC permissions seen above. There are meant to solve situation which cannot be easily solved using the historical Unix DAC permission system.



            To allow tutu to read the file:



            root@host:~# setfacl -m u:tutu:r /home/grafh/file.txt 





            share|improve this answer
























              up vote
              2
              down vote



              accepted










              You have two possibilities, using the the classical DAC (Discretionary Access Control, the usual rwx rights) of using files ACL (Access Control Lists).



              Using DAC permissions



              If tutu has not its own group (check groups tutu output), you must create a new group and make tutu the only member of this group.



              root@host:~# addgroup tutu
              root@host:~# usermod -G tutu tutu


              Then change the file permissions to allow read access to the members of the tutu group:



              root@host:~# chgrp tutu /home/grafh/file.txt
              root@host:~# chmod 640 /home/grafh/file.txt


              This file will remain owned by root, but be readable (but not writeable) by tutu and not by the other other users.



              Using ACL permissions



              ACLs are additional rights which come in addition to the DAC permissions seen above. There are meant to solve situation which cannot be easily solved using the historical Unix DAC permission system.



              To allow tutu to read the file:



              root@host:~# setfacl -m u:tutu:r /home/grafh/file.txt 





              share|improve this answer






















                up vote
                2
                down vote



                accepted







                up vote
                2
                down vote



                accepted






                You have two possibilities, using the the classical DAC (Discretionary Access Control, the usual rwx rights) of using files ACL (Access Control Lists).



                Using DAC permissions



                If tutu has not its own group (check groups tutu output), you must create a new group and make tutu the only member of this group.



                root@host:~# addgroup tutu
                root@host:~# usermod -G tutu tutu


                Then change the file permissions to allow read access to the members of the tutu group:



                root@host:~# chgrp tutu /home/grafh/file.txt
                root@host:~# chmod 640 /home/grafh/file.txt


                This file will remain owned by root, but be readable (but not writeable) by tutu and not by the other other users.



                Using ACL permissions



                ACLs are additional rights which come in addition to the DAC permissions seen above. There are meant to solve situation which cannot be easily solved using the historical Unix DAC permission system.



                To allow tutu to read the file:



                root@host:~# setfacl -m u:tutu:r /home/grafh/file.txt 





                share|improve this answer












                You have two possibilities, using the the classical DAC (Discretionary Access Control, the usual rwx rights) of using files ACL (Access Control Lists).



                Using DAC permissions



                If tutu has not its own group (check groups tutu output), you must create a new group and make tutu the only member of this group.



                root@host:~# addgroup tutu
                root@host:~# usermod -G tutu tutu


                Then change the file permissions to allow read access to the members of the tutu group:



                root@host:~# chgrp tutu /home/grafh/file.txt
                root@host:~# chmod 640 /home/grafh/file.txt


                This file will remain owned by root, but be readable (but not writeable) by tutu and not by the other other users.



                Using ACL permissions



                ACLs are additional rights which come in addition to the DAC permissions seen above. There are meant to solve situation which cannot be easily solved using the historical Unix DAC permission system.



                To allow tutu to read the file:



                root@host:~# setfacl -m u:tutu:r /home/grafh/file.txt 






                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Oct 29 '17 at 12:52









                WhiteWinterWolf

                1,586830




                1,586830






















                    up vote
                    1
                    down vote













                    In order for this to work tutu must have execution access to /home/grafh.



                    root must execute these commands:



                    chown root:tutu /home/grafh/file.txt 
                    chmod 640 /home/grafh/file.txt


                    This works only if there is a group tutu and the user tutu is its only member.






                    share|improve this answer






















                    • I forget to tell you that owner must be stay as root , so we need other solution
                      – yael
                      Oct 29 '17 at 12:26















                    up vote
                    1
                    down vote













                    In order for this to work tutu must have execution access to /home/grafh.



                    root must execute these commands:



                    chown root:tutu /home/grafh/file.txt 
                    chmod 640 /home/grafh/file.txt


                    This works only if there is a group tutu and the user tutu is its only member.






                    share|improve this answer






















                    • I forget to tell you that owner must be stay as root , so we need other solution
                      – yael
                      Oct 29 '17 at 12:26













                    up vote
                    1
                    down vote










                    up vote
                    1
                    down vote









                    In order for this to work tutu must have execution access to /home/grafh.



                    root must execute these commands:



                    chown root:tutu /home/grafh/file.txt 
                    chmod 640 /home/grafh/file.txt


                    This works only if there is a group tutu and the user tutu is its only member.






                    share|improve this answer














                    In order for this to work tutu must have execution access to /home/grafh.



                    root must execute these commands:



                    chown root:tutu /home/grafh/file.txt 
                    chmod 640 /home/grafh/file.txt


                    This works only if there is a group tutu and the user tutu is its only member.







                    share|improve this answer














                    share|improve this answer



                    share|improve this answer








                    edited Oct 29 '17 at 12:40

























                    answered Oct 29 '17 at 12:16









                    Hauke Laging

                    53.6k1282130




                    53.6k1282130











                    • I forget to tell you that owner must be stay as root , so we need other solution
                      – yael
                      Oct 29 '17 at 12:26

















                    • I forget to tell you that owner must be stay as root , so we need other solution
                      – yael
                      Oct 29 '17 at 12:26
















                    I forget to tell you that owner must be stay as root , so we need other solution
                    – yael
                    Oct 29 '17 at 12:26





                    I forget to tell you that owner must be stay as root , so we need other solution
                    – yael
                    Oct 29 '17 at 12:26


















                     

                    draft saved


                    draft discarded















































                     


                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function ()
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f401207%2flinux-how-to-give-only-specific-user-to-read-the-file%23new-answer', 'question_page');

                    );

                    Post as a guest













































































                    Popular posts from this blog

                    How to check contact read email or not when send email to Individual?

                    Displaying single band from multi-band raster using QGIS

                    How many registers does an x86_64 CPU actually have?