LinuxQuestions.org - Multiple user permissions on a directory

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - Multiple user permissions on a directory (https://www.linuxquestions.org/questions/linux-newbie-8/multiple-user-permissions-on-a-directory-4175736341/)

Multiple user permissions on a directory

Hello,
I changed the docker storage to another location:

Code:

{

"data-root": "/mnt/newlocation/"

}

The root user has access to this directory:

Code:

# ls -l /mnt/newlocation/

total 20

drwxr-xr-x 5 root root  4096 Apr 22 09:22 containers

drwx------ 2 root root 16384 Apr  9 16:50 lost+found

I have installed GitLab Runner and want it to have full access to this directory. I did the following command:

Code:

# chown -R gitlab-runner /mnt/newlocation/

The permissions were changed as follows:

Code:

# ls -l /mnt/newlocation/

total 20

drwxr-xr-x 5 gitlab-runner root  4096 Apr 22 09:22 containers

drwx------ 2 gitlab-runner root 16384 Apr  9 16:50 lost+found

The GitLab Runner problem is fixed, but what problems might this cause for Docker and others? Can I make both the root user and the gitlab-runner user have full access to this directory?

I found solutions on the internet that were about creating a group, then adding users to that group, and finally giving that group full permission for that directory. Is this OK?

Thank you.

Yes, this would be the correct solution, versus changing the "owner." I recommend that you [immediately ...] change the owner back, define a group, add "gitlab-runner" to that group, and change the group of that directory and its contents appropriately. Assign the desired permissions to the group.

FYI: There is also an entirely-parallel permissions system known as ACLs = Access Control Lists. Which are much more flexible, and which can coexist. I encourage you to research this option also.

Quote:

Originally Posted by sundialsvcs (Post 6497872)

Hello,
Thank you so much for your reply.
So I create a group and add the root and gitlab-runner users to it and then give permission to this group for that directory. I did:

Code:

# chown -R root data/

# groupadd runner

# /sbin/usermod -a -G runner gitlab-runner

# /sbin/usermod -a -G runner root

# chgrp -R runner data/

# chmod -R g+rwx data/

And result is:

Code:

# ls -l

total 20

drwxrwxr-x 5 root runner  4096 Apr 22 09:22 containers

drwxrwx--- 2 root runner 16384 Apr  9 16:50 lost+found

Now, root and gitlab-runner users have full access to the directories. Right?

Hello,
I have a problem. When I ran the runner, I got the following error message:

Code:

$ rm -rf /mnt/data/containers/

rm: cannot remove '/mnt/data/containers/.gitlab-ci.yml': Permission denied

rm: cannot remove '/mnt/data/containers/CHANGELOG.md': Permission denied

rm: cannot remove '/mnt/data/containers/README.md': Permission denied

/mnt and /mnt/data/ must have an x bit (access) set, otherwise all access is denied.
/mnt/data/containers/ looks ok, gives write access for the group members. (Note that a modified group is recognized at the next login.)

A remaining problem is that a directory created by one user is not writable by the other, unless the one user does a chgrp and chmod. The traditional fix is

a g+s bit on all the directories that make new items inherit the group from its directory
the users use a umask 002 that sets the g+w bit on new items.

Regarding the ACL alternative, I posted a solution that worked in Linux and Solaris
https://community.unix.com/t/tip-gro...rectory/383754