Everything is possible in Linux. I have realized many times this, even today also we are going to discuss about such kind of topics.
Say for example, If you want to allow a developer to run chown or chmod command in particular directory , how to achieve it?
You may know, how to allow normal users to run commands as a root with sudo. This is global access, which allows user to perform this action in entire system.
It is a security issue, which allow normal users to perform most of the root actions using sudo. Hence, make sure you granted access to right user, otherwise he/she can damage your system badly.
So, how to overcome this? Yes, this can be done using the below methods.
Suggested Read :
(#) How To Allow A Normal User Or Group To Run Commands As Root In Linux
(#) How To Allow/Permit User To Access A Specific File or Folder In Linux Using ACL
Method-1 : How to allow an user to set particular permission to specific directory and its sub-directory
In this example we will teach you, how to allow an user to perform the particular permission to files or folders in a specific directory and its sub-directory in Linux.
Use the below example to allow Prakash
user to set only 755 permission to opt
directory and it’s sub directory.
It doesn’t allow a user to perform any action outside of this directory. Add the following entry in end of the visudo
file.
# visudo prakash ALL=(ALL) /bin/chmod 755 /opt/*
Before performing this, I just want to know the file permission to make sure this command will work as expected. test.txt
file currently having 600 permission.
$ ls -lh /opt/test.txt
-rw------- 1 daygeek magesh 32 Dec 6 16:52 test.txt
This will fail and we need to give full path /opt/test.txt
instead of file name test.txt
.
$ sudo /bin/chmod 755 test.txt [sudo] password for prakash: Sorry, user prakash is not allowed to execute '/bin/chmod 755 test.txt' as root on centos.2daygeek.com.
Yes, now it ran successfully without any issue.
$ sudo /bin/chmod 755 /opt/test.txt [sudo] password for prakash:
I’m going to check the file permission to confirm whether it got changed or not. Yes, it’s got changed to 755.
$ ls -lh /opt/test.txt
-rwxr-xr-x 1 daygeek magesh 32 Dec 6 16:52 test.txt
To double confirm on this, I’m going to run different permission on the same directory. Yes, I’m getting the following error. It means, this command is not allowing user to perform any action except allowed one.
$ sudo /bin/chmod 777 /opt/test.txt [sudo] password for daygeek: Sorry, user prakash is not allowed to execute '/bin/chmod 777 /opt/test.txt' as root on centos.2daygeek.com.
Method-2 : How to allow an user to set particular permission to specific directory
This will allow user to perform the particular permission to files or folders in a specific directory and It doesn’t allow user to perform any action in sub-directories.
Use the below example to allow Prakash
user to set only 777 permission to only wikipedia2text
directory.
Add the following entry in end of the visudo
file.
# visudo prakash ALL=(ALL) /bin/chmod 777 /opt/wikipedia2text
Checking the wikipedia2text folder permission before performing this action. wikipedia2textt
folder currently having 700 permission.
# ls -lh /opt/
drwx------ 3 root root 4.0K Oct 13 10:55 wikipedia2text
Yes, it’s ran successfully
$ sudo /bin/chmod 777 /opt/wikipedia2text/ [sudo] password for prakash:
Yes, wikipedia2text folder permission has been changed. It’s got changed to 777.
# ls -lh /opt/
drwxrwxrwx 3 root root 4.0K Oct 13 10:55 wikipedia2text
To double confirm on this, I’m going to run the same permission on the different directory. Yes, I’m getting the following error. It means, this command is not allowing user to perform any action outside of this directory.
$ sudo /bin/chmod 777 /opt/wikipedia2text/License Sorry, user prakash is not allowed to execute '/bin/chmod 777 /opt/wikipedia2text/License' as root on centos.2daygeek.com.
Method-3 : How to allow an user to set any permission to specific directory and Its Sub-directory
The below example allows user to perform wildcard option.
Use the below example to allow Prakash
user to set any permission to opt
directory and it’s sub directory.
Add the following entry in end of the visudo
file.
# visudo prakash ALL=(ALL) /bin/chmod *[!s] /opt/*
I’m going to run 755, 600 and 777 permission on /opt/test.txt file. All are success.
$ sudo /bin/chmod 755 /opt/test.txt [sudo] password for prakash: $ ls -lh /opt/test.txt -rwxr-xr-x 1 daygeek magesh 32 Dec 6 16:52 test.txt $ sudo /bin/chmod 600 /opt/test.txt [sudo] password for prakash: $ ls -lh /opt/test.txt -rw------- 1 daygeek magesh 32 Dec 6 16:53 test.txt $ sudo /bin/chmod 777 /opt/test.txt [sudo] password for prakash: $ ls -lh /opt/test.txt -rwxrwxrwx 1 daygeek magesh 32 Dec 6 16:54 test.txt
Method-4 : How to allow an user to set any permission to specific directory
The below example allows user to perform wildcard option.
Use the below example to allow Prakash
user to set any permission to only wikipedia2text
directory.
Add the following entry in end of the visudo
file.
# visudo prakash ALL=(ALL) /bin/chmod *[!s] /opt/wikipedia2text
Method-5 : How to allow an user to run multiple commands to specific directory and its sub-directory
This will allows user to perform multiple commands on specific directory and it’s sub-directory. This example allow Prakash
user to perform chmod & chown command on /opt directory.
Use the below example to allow Prakash
user to perform multiple commands on opt
directory and it’s sub directory. Add the following entry in end of the visudo
file.
# visudo prakash ALL=(ALL) /bin/chmod *[!s] /opt/*, /bin/chown *[!s] /opt/*
Checking current user and group permission. The below file has with “daygeek” user and “magesh” group permission.
$ ls -lh /opt/test.txt
-rwxr-xr-x 1 daygeek magesh 32 Dec 6 16:52 test.txt
Run the below command to change the user and group permission.
$ sudo /bin/chown root:root /opt/test.txt [sudo] password for prakash:
Re-checking the user and group permission. Yes, it’s got changed.
$ ls -lh /opt/test.txt
-rwxr-xr-x 1 root root 32 Dec 6 16:52 test.txt