I have a directory with the following permissions:
lighttpd drwx------ Which contains the following file:
lighttpd.pid -rw-r--r-- Unfortunately, when trying to run:
cat lighttpd/lighttpd.pid with a user that isn't the owner, nor a member of the owning group, I get the message:
cat: lighttpd/lighttpd.pid: Permission denied
How would I enable a user that isn't an owner, nor a group member, access to lighttpd.pid?
Creating a hard link outside the directory to the file will work - E.G. ln lighttpd/lighttpd.pid example/lighttpd.pid. Users will be able to view example/lighttpd.pid without having access to lighttpd/.
Grant execute/search (x) permissions for 'others' to the lighthttpd directory.
$ chmod o+X lighthttpd The capital X file mode bit selector in chmod enables the execute/search only if the file is a directory (or already has execute permission for some user).
The execute/search bit, when set on directories allows the affected user to enter (call open()) the directory, and access files and directories inside. In addition, they need read (r) permissions for the files themselves (which according to the question is already set).
Without read (r) permission on the directory, users are not able to obtain the contents of the directory, so they will need to know the name of the file they are going to access in advance.
If the underlying filesystem supports Posix Access Control Lists, you can also grant the execute/search permission on the directory with setfacl for a specific user without adjusting the owner or group assignment:
$ setfacl -m u:user:x lighthttpd You can determine if the filesystems support Posix ACLs by verifying if it's been mounted with the acl mount option /by running mount:
$ mount | grep /dev/sdaX /dev/sdaX on /mountpoint type ext4 (rw,acl) If acl is not present in the output of mount, it might still be one of the default options for that filesystem type. You can verify this with tune2fs:
$ sudo tune2fs -l /dev/sdaX |grep acl Default mount options: user_xattr acl If acl is not enabled you for some reason do not want to grant all users the ability to enter the directory, you can follow Larkeith's advice and link the file you want the users to be able to access to another pathname in the filesystem.
x permission on the directory, they can access all the files in the directory, subject to the files' permissions. The only consequence having x permission on the directory without r is that the user can't list files, they have to guess the file names. In a directory containing a pidfile, there's typically no file name to hide, so this is probably not at all useful for you. As for ACL, they could allow a specific user to access files, but they have no advantage in letting a user access a specific file. I no deeper read man setfacl,but seem you need it.
man setfacl part contents:
EXAMPLES
Granting an additional user read access setfacl -m u:lisa:r file Revoking write access from all groups and all named users (using the effective rights mask) setfacl -m m::rx file Removing a named group entry from a file's ACL setfacl -x g:staff file Copying the ACL of one file to another getfacl file1 | setfacl --set-file=- file2 Copying the access ACL into the Default ACL getfacl --access dir | setfacl -d -M- dir
setfacl could be used to grant the capability to access the file to a specific user who isn't the owner nor the member of the owning group, this answer does not explain what change to the ACL should be made and thus does not answer the OPs question. This is also only possible in the underlying filesystem supports Posix Access Control Lists. If setfacl is used on a file system which does not support ACLs, it operates on the file mode permission bits, which are not expressive enough to grant specific permissions to arbitrary users.