I have a a directory dir1 with permissions 700 (yes wantedly) and is owned by user1:group1
rwx------ user1 group1 dir1
I need to give permissions to user2 (belongs to group2) on dir1 and its files, so I granted the permissions using setfacl ; instead of adding the user to groups and them doing the chmod 770 permissions.
Because, I dont want members of this group also should access this content.
setfacl -Rdm u:user2:rwx dir1
But the user2 is still not able to access the dir1. Is it because, the directory is having 700 ?
Is there a way to accomplish the need?
Not sure I understood all requirement, but I will give an example I do for a dept here:
Statisticians in groupA should be able to execute and modify files of statisticians in GroupB but they are should not see what is in DirB of groupB except the files they know of
I use a common directory DirC, put the executables and files in that directory with 664perms for the data files group owner GroupB, 755 for the executables and and 711 perms for DirC with a statistician of GroupB as owner and responsible for content of this directory...
The use of 711 on directory makes its content unreadable except for the owner, but if you know what is there e.g. a. executable like a script and you have the right to execute or modify, you can do so, but you have no ways to see what else is in that directory...
(just in case I was not clear, The GID of the files in this directory are set to GroupB)