You can use ACLs. I got direction from this article to set this up in my CentOS test environment.
https://unix.stackexchange.com/questions/176666/how-do-i-know-acls-are-supported-on-my-file-system#176731
From the article: Some filesystem types always have ACL available, regardless of mount options; this is the case for tmpfs, xfs and zfs.
To check your filesystem:
df -T
If you're running with one of these filesystem types, you can set permissions as required by following this article:
https://www.server-world.info/en/note?os=CentOS_7&p=acl
examples:
To set acl to a directory recursively:
setfacl -R -m u:splunk:r /var/log
getfacl -R /var/log
To set acl for individual files:
setfacl -m u:splunk:r /var/log/messages
ll /var/log/messages
If you are running a filesystem that does not have ACLs available natively, then here is an article to run through in your test environment:
http://wiki.whyaskwhy.org/GNU_Linux/Permissions/POSIX_ACLs
Take care. Brush your hair.
... View more