How can I grant permission for files to a specific user or a specific group?
We have three groups: "g12" ("u1" and "u2), "g34" and "g56".
g12 - should only read the file.
g34 - should write and read it.
g56 - should have all permissions (rwx).
And others should not access the file at all.
You need to use Access Control Lists. They are a more advanced way of handling permissions than the default user/group/other way in Linux. See this page for example: Ubuntu Access Control Lists
An example from that page:
setfacl -m u:mike:rwx file or directory
I've only used these commands in a lab on an server adminstration course myself, but as far as I could see, it's a pretty easy way to do it.
As root:
chown u1:u1 f1.txt
chmod 400 f1.txt
This will ensure that the file is owned by user u1 (chown) and group u1 (assuming that user u1's default group is u1) and that only that user can read the file (chmod). If you would like the user to be able to write to the file, change 400 to 600.
You can add a second user to the default group of the first user with:
useradd -G u1 u2
The above command assumes that user u1's default group is also called u1 and the second user is u2.
Now we change the permissions on f1.txt to allow members of group u1 read access (the second "4" in 400 is group permissions):
chmod 440 f1.txt
Each of the three digits following the chmod command represents the permissions for the owner (first digit), the group (second digit), and all other users (third digit) on the system. A value of 1 is the execute permission, 2 is the write permission and 4 is the read permission. You add add these numbers together to "mix" these three types of permissions. Example, 4 (read) + 1 (execute) = 5, so to allow the owner and the group to read and execute the file but restrict access to everyone else you would use 550, to allow the owner to read and write to the file and the group and all other users to read the file, you would use 644.
There are other formats to setting permissions, type:
man chmod
at the command prompt for more details.
short answer is, you can't
you don't set permissions for groups or users, you set permissions for files. A file has an owner and a group, and you can set the "read" "write" and "execute" permissions seperately for one user, one group, and everyone else.
Can you give an example of what it is you're wanting to do?
I think what you want done is in how you organize your groups.
I'm relatively new to Linux but from what I understand, you can make some new groups. Say something like AccessLow and AccessAll. Let's say you want Jim to access all, then you just put Jim in that group. Then you give that specific directory you want them to have access to the group ownership of AccessAll. Then say what you want them to be able to do with chmod (if you want them to access it with execute, just give them Chmod 750. This gives owner full control while AccessAll group only has Read and Execute ability but cannot write to the folder. If you want a folder to have limited access, then use group ownership to AccessLow and do your appropriate mode for what you want them to be able to do. I think this will work knowing what I know. If a new person comes along you want to give access to, you can simply consider then "Other" and give specific chmod to allow them to just read but if you want them to do a little more than what "Other" specifies but still want to have some things still concealed then I suggest putting them in a group that has the ability to do a little more but not as low access as "Other". It takes a little setting up but seems to be able to do what you are looking for. It's all I know from what I was reading here in searching for a way to change ownership myself for something very similar. Using Ubuntu server, I was limited to changing those parameters, but found out in the process and ended up deciding to write about what I think could work.
EDIT: In thinking about this, I wonder if there is a way to assign people to more than one group cause I have come up with some idea now to do a different type of share in Samba. I may research this later and get my own answer. But in Windows, you are able to do so, so think it may be somehow possible here. It would be nice to say people currently with my domain access to be able to have most permissions available to them while someone authenticated but not in domain only has read abilities and maybe execute with no writing at all, etc. I think it could be possible by making them specific but generalized login names as well. Like to access my music directory, can just make a login called "music" (with an easy password) that is already set up in Samba to be able to access the specific directory Music with full read ability and won't see nothing else.
