Join Log in
Score:0
avatar Ubuntu

Give read only access to every user for a folder

es flag
helperFunction

I am the owner of directory mydir.
I don't have root access.
How can I give only read access to someone so that they can create a local copy of mydir?

Edit: ChatGPT tells me chmod -R o+r mydir should work. Is this correct?

1434
2 + 2
user535733 avatar
cn flag
user535733
Your question does not show the current permissions of your directory, nor if ACLs are set up. Maybe someone can already read `mydir`. Or maybe an admin has made it impossible. We need to know your starting point.
0
Reply
es flag
helperFunction
How do I check all this?
0
Reply
Score:2
Martin Thornton avatar Ubuntu
cn flag
Martin Thornton

ChatGPT is wrong, because it cannot understand that words have different meanings to different people.

The commonsense meaning of read access is different from the technical meaning of read permissions.

Surprisingly, access to a directory is determined by execute, not read, permissions. A lack of directory read permissions only prevents listing unknown contents, not access to them.

So in addition to adding read access to the files and directories, you also need to add a capital X to add execute permissions only for the directories, not the files:

chmod -R go+rX mydir

The -R means recursive, it applies to all files and directories within.

The go+ adds those permissions for every user (the g means including those in the same group as the file, just in case).

But that might still not be enough.

All parent directories of the directory to be shared will also require execute permissions to allow access to the inner directory, which I'm assuming in this case is somewhere within your home directory.

You cannot allow access to your cupboard without allowing access into your home (directory), though you may already be allowing this.

You can lock all the other doors (the read, write, and execute permissions of files and other sub-directories), and you can leave the lights off (that directory's read and write permissions), but by guessing filenames, people can still feel their way around the corridor from different error messages even if they cannot peek inside the rooms:

$ ls parent_dir
ls: cannot open directory 'parent_dir': Permission denied
$ cat parent_dir/exists
cat: parent_dir/exists: Permission denied
$ cat parent_dir/doesn\'t                                                                                                
cat: "parent_dir/doesn't": No such file or directory

And even if you carefully lock all those inner doors, new unlocked doors might be created by programs you later run.

So I'm not sure you want to do this, but to make the inner directory accessible to every user:

chmod go+X mydir/..
chmod go+X mydir/../..

etc, up to and including /home/$USER.

What you might want instead

If you maybe now want to only trust a specific user, not everyone, you could create a special case with ACLs instead:

setfacl -m OTHER_USERNAME:X mydir/..
setfacl -m OTHER_USERNAME:X mydir/../..

etc, again up to and including /home/$USER.

You could even remove this as soon as they are done copying, with:

setfacl -x OTHER_USERNAME mydir/..

etc.

But then if you really just wanted to allow someone to make a one-time copy of it, and the directory isn't too large, it would be much easier to just copy it to /var/tmp, run chmod -R go+rX /var/tmp/mydir, then delete it when the other user is done copying from that.

+ 2
es flag
helperFunction
Thanks for the well-explained answer. Indeed only `chmod o+r mydir` did not work.
0
Reply
NovHak avatar
cn flag
NovHak
There’s another potential problem : if new data is added to the directory after permissions have been set, the new files/directories may not be readable by everyone. A default ACL should be set to prevent this.
0
Reply
Score:0
Nerrit avatar Ubuntu
ad flag
Nerrit

With ls -l mydir you can display the current permission settings for your folder.

The first column shows the permissions and should look something like drwxr-----.
The first d just means that it's a directory.
The following rwx are the permissions of the owner.
After that comes the group and the last three symbols represent the permissions of all other users. r stands for read, w for write and x for execute permissions.

If you now want to remove write and execute permissions (if they are present) and add read permissions for all other users (which are not in your group) recursively for your directory and all sub files you could do chmod -R o=r mydir. If you also want your group to have read only permissions, use chmod -R g=r,o=r mydir.

+ 2
es flag
helperFunction
Thanks. If `mydir` is a subdirectory in `parentdir`, how do I allow someone to copy `mydir` without giving them any access to `parentdir`?
0
Reply
Nerrit avatar
ad flag
Nerrit
@helperFunction In this case you would need to give them read access to `parentdir`. If you don't want them to be able to access any other files/directories within `parentdir` just change the permission of all those files with `chmod -R g=,o= parentdir` and then allow other's to access the desired folder with `chmod g=r,o=r parentdir` and `chmod -R g=r,o=r mydir`.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.