centos - Restrict user to only limited set of commands

I have two users, user1 and user2 which are both in a group matching their user name. I'd like both users to have full r/w/x permissions on all of each other's files as default without having to CHMOD them manually.

How can I set this up?

You should have a users group in /etc/group. You can change them to this group and change umask to default file permissions to 664. These steps should do it.

• Run chgrp -R users on both their home directories.
• Enable group access on all their files chmod -R g+w on the directories they want to share. I would exclude Maildir if they have one.
• Change their group membership with the command usermod -g users for each of their userids.
• Uncomment the umask command in their .profile and change the value to 002 from 022.

For a project or privacy for these users you could add a new group or use one of their private groups in the commands above. If you chose user1, then you only need to change the group of user2. You still need to change access and umask for both.

EDIT: You can default new users to the users group by editing /etc/default/useradd. However, this would give all new users to the files owned by the two users you are modifying.

If the filesystem used supports ACLs I recommend their use in such selective user access control.

setfacl -m u:${USER}:rw

write and executable permissions should be given mutually exclusive (except for directories). Giving them both may cause serious security problems.

Create a new group to hold both users. As root:

groupadd foo

Then add both users to the group:

usermod -aG foo tommy
usermod -aG foo sally

Make sure their files have group read/write/execute permissions (at least 0770) and you should be set.