Score:0

Linux bash way for unprivileged user to take ownership of contents of only one particular directory?

in flag

I want a particular user to recursively change owner and group of all the contents of a particular directory, and only that directory. The directory is a kind of "inbox", where a service writes files, and subdirectories.

Currently, I have an administrator sudo chown, but I would prefer the destination owner to do it themselves, without that user having any more permissions then required. Let's say the original owner is "headsman", and the final owner should be "audience". Neither user is in the same group.

sudo chown -R audience:watchers /usr/files/pathofdir Is not quite right, because I don’t want audience to have unlimited authority to use chown. My first guess was to try to add "audience" to /etc/ sudoers with permission to /usr/bin/chown and /usr/bin/chgrp. But that is too much authority.

I thought of writing a script exclusively for audience, but I don’t know how to make that script have the correct permissions and no more.

What is a good way to do this?

Score:1
in flag

You can specify a full command in sudoers, with arguments and all, in which case the user will have authority to run the specified command only with the specified arguments. So this sudoers entry should solve your problem:

audience  ALL=/usr/bin/chown -R audience\:watchers /usr/files/pathofdir

However, I think you should check out ACLs, as I suspect your problem can be more easily handled with the use of a default ACL on the directory. See this post for an example.

in flag
I have ubuntu 20.4, and visudo rejects the syntax of the example above, but as Lacek said, I wanted a default ACL anyway. So see my answer below.
in flag
My bad, the colon is the command separator, so it should be protected. I've edited my answer so it now contains the correct `sudoers` entry.
Score:0
in flag

@Lasek pointed out that I probably wanted to use ACLS. This seems to be working for me:

sudo setfacl -RPdm user:audience:rwX /usr/files/pathofdir
sudo setfacl -RPdm group:watchers:rwX /usr/files/pathofdir
sudo setfacl -RPm user:audience:rwX /usr/files/pathofdir
sudo setfacl -RPm group:watchers:rwX /usr/files/pathofdir

There is probably a more concise syntax, but this is my first use of setfacl

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.