This post is a summary of (workaround) methods to have a file/directory owned by multiple Linux groups with traditional Unix permissions.

  • Access Control Lists (ACL)

Each file or directory can only have one group as owner, but permissions can be defined for other groups using ACL.

If your system hasn’t ACL installed, install the command line tools which are in the acl package with:

sudo apt-get install acl

Then with getfacl you can read the ACL information of a directory or other file, and with setfacl you can add groups to a file.

For example, to adds the group YourGroup with read, write, execute permissions to directory YourDirectory:

setfacl -m g:YourGroup:rwx /YourDirectory/

If you also want files created in that directory to be owned by multiple groups, set the ACL as the default ACL. The X in the default group entry means “allow execution if executable by the owner (or anyone else)”.

setfacl -d -m g:YourGroup:rwX /YourDirectory/
  • “Super Group”

The following workaround creates a new group SuperGroup that will include the users of a set of subgroups {SubGroup1, ..., SubGroupN}. You create and add users to these subgroups with:

sudo addgroup SuperGroup

sudo addgroup SubGroup1
...
sudo addgroup SubGroup1
sudo adduser NEWUSER SubGroup

First, you might have to install id-utils to get the lid-command:

sudo apt-get install id-utils

Then you can run the following line of code to easily copy all users of SourceGroup to TargeGroup. Of course you have to run the command once for each group you want to copy. Don’t forget to replace the capitalized place-holders with the actual group names.

for u in $(lid -g -n SourceGroup); do sudo usermod -a -G TargeGroup $u; done

So in your case you would have to run the command (all lines at once):

sudo addgroup SuperGroup &&
for u in $(lid -g -n SubGroup1); do sudo usermod -a -G SuperGroup $u; done
... 
for u in $(lid -g -n SubGroupN); do sudo usermod -a -G SuperGroup $u; done

Note that these commands only copy all users who are current members of the source groups. Every user who gets added later will also have to be manually added to your common group with the adduser command. Just replace once again the capitalized place-holders with the actual user and group name:

sudo adduser NEWUSER SubGroup
sudo adduser NEWUSER SuperGroup
Setting permissions for one file/directory to multiple groups in Linux

Leave a Reply

Your email address will not be published. Required fields are marked *