Allow access to particular folder inside HOME directory to other users

I have a "downloads" folder inside "tempuser" home folder ("/home/tempuser/downloads") which I want to allow "rwx" permission for a different user say "testuser". The testuser should not have any permission to anyother files or folders inside /home/tempuser other than the "downloads" folder.

How can I do it ?


Solution 1:

to traverse a folder, one needs the execute permission. Execute will give access to "execute" (ie. traverse) the folder without having any access to read the files in it.

So, imagine you have the following tree of directories in your home folder:

jvehent@laptop:~$ tree -d Downloads
├── linux-2.6.38
│   ├── arch
│   │   ├── alpha
│   │   │   ├── boot
│   │   │   │   └── tools
│   │   │   ├── include
│   │   │   │   └── asm

You can give anybody access to the "asm" folder without giving them access to anything else by setting the execute permission to everybody on the complete hierarchy, and then the write permission on the asm folder:

chmod o+x /home/jvehent
chmod o+x /home/jvehent/Downloads
chmod o+x /home/jvehent/linux-2.6.38/
chmod o+x /home/jvehent/linux-2.6.38/arch
chmod o+x /home/jvehent/linux-2.6.38/arch/alpha
chmod o+x /home/jvehent/linux-2.6.38/arch/alpha/include
chmod -R o+wx /home/jvehent/linux-2.6.38/arch/alpha/include/asm

Following the same logic, you can put "testuser" and "tempuser" in a separate group "testgroup" and give access to "tempgroup" only

chgrp -R tempgroup /home/jvehent/linux-2.6.38/arch/alpha/include/asm
chmod -R g+wx /home/jvehent/linux-2.6.38/arch/alpha/include/asm

Solution 2:

Add tempuser and testuser into a group and make /home/tempuser/downloads can be writable by this group:

# groupadd temptest
# usermod -a -G temptest tempuser
# usermod -a -G temptest testuser
# chgrp -R temptest /home/tempuser/downloads
# chmod -R g+w /home/tempuser/downloads