LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 01-12-2013, 03:13 PM   #1
I Use Dial
LQ Newbie
 
Registered: Jul 2009
Location: Morgan Hill, CA
Distribution: Ubuntu
Posts: 20

Rep: Reputation: 0
Can't access folder I am in group of


I am just learning permissions and I'm running into a problem I can't figure out.

My goal is to have a group with write access to a folder where the owner does not have write access.

Code:
mkdir newfolder
chown lesseruser newfolder
chgrp greaterusers newfolder
chmod 570 newfolder
I have verified in /etc/group that my user is a member of greaterusers, but I can't access the folder.
 
Old 01-12-2013, 04:08 PM   #2
Snark1994
Senior Member
 
Registered: Sep 2010
Location: Wales, UK
Distribution: Arch
Posts: 1,632
Blog Entries: 3

Rep: Reputation: 345Reputation: 345Reputation: 345Reputation: 345
The 'user' permissions get applied before the 'group' permissions - so if you're the user, then regardless of the group permissions, you get what the user permissions allow you to do (e.g. if you run

Code:
chown otheruser newfolder
then lesseruser should be able to write to the folder correctly)

Regards,
 
Old 01-12-2013, 04:20 PM   #3
I Use Dial
LQ Newbie
 
Registered: Jul 2009
Location: Morgan Hill, CA
Distribution: Ubuntu
Posts: 20

Original Poster
Rep: Reputation: 0
That is not what I'm trying to do.

Last edited by I Use Dial; 01-12-2013 at 04:21 PM.
 
Old 01-12-2013, 04:23 PM   #4
I Use Dial
LQ Newbie
 
Registered: Jul 2009
Location: Morgan Hill, CA
Distribution: Ubuntu
Posts: 20

Original Poster
Rep: Reputation: 0
Is this response on serverfault not correct? (Skip to "You can have your cake and eat it too")

http://serverfault.com/questions/357...for-my-website
 
Old 01-13-2013, 03:56 AM   #5
Snark1994
Senior Member
 
Registered: Sep 2010
Location: Wales, UK
Distribution: Arch
Posts: 1,632
Blog Entries: 3

Rep: Reputation: 345Reputation: 345Reputation: 345Reputation: 345
It is correct, but you've misinterpreted it. As I understand it, they are trying to limit the capabilities of the www-data user! (compare it with the "Single user" scenario above). They want r-x permissions for the www-data user, and rwx permissions for the developers, who will be in the dev-fabrikam group. So the permissions function exactly as they want them to.
 
Old 01-13-2013, 04:26 AM   #6
I Use Dial
LQ Newbie
 
Registered: Jul 2009
Location: Morgan Hill, CA
Distribution: Ubuntu
Posts: 20

Original Poster
Rep: Reputation: 0
I am not the owner of the directory. I am a member of the group. I cannot access the directory.
 
Old 01-13-2013, 05:10 AM   #7
I Use Dial
LQ Newbie
 
Registered: Jul 2009
Location: Morgan Hill, CA
Distribution: Ubuntu
Posts: 20

Original Poster
Rep: Reputation: 0
What am I misunderstanding?
 
Old 01-14-2013, 05:26 AM   #8
Snark1994
Senior Member
 
Registered: Sep 2010
Location: Wales, UK
Distribution: Arch
Posts: 1,632
Blog Entries: 3

Rep: Reputation: 345Reputation: 345Reputation: 345Reputation: 345
Sorry, are you saying you can't reproduce these steps:

Code:
$ whoami
joshua
$ pwd
/home/joshua/test
$ groups
users sudo
$ mkdir newfolder
$ sudo chown nobody newfolder
$ sudo chmod 570 newfolder 
$ ls -ld newfolder 
dr-xrwx--- 2 nobody users 4096 Jan 14 11:20 newfolder
$ ls -l newfolder 
total 0
$ cd newfolder 
$ ls
$ touch a_file
$ ls
a_file
$ pwd
/home/joshua/test/newfolder
$ 
I am a member of the group users, and I am not the user "nobody", and I can cd into the folder, ls its contents, and create new files.

If your system doesn't work correctly like that, can you post the output of you trying to do what I did above, please?
 
Old 01-14-2013, 11:50 PM   #9
I Use Dial
LQ Newbie
 
Registered: Jul 2009
Location: Morgan Hill, CA
Distribution: Ubuntu
Posts: 20

Original Poster
Rep: Reputation: 0
Sorry, forgot to update the thread. The issue was solved with a reboot. Very embarrassing. That's now SOP when I'm considering a post. I was really confounded by why 570 didn't work. However, I did learn one interesting thing: setuid is ignored in linux, in case you were wondering.
 
Old 01-15-2013, 01:47 AM   #10
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,289

Rep: Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034
Quote:
setuid is ignored in linux
Huh?? I beg to differ, unless you mean on scripts (eg .sh, pl etc), in which case you are correct
 
Old 01-16-2013, 06:18 PM   #11
I Use Dial
LQ Newbie
 
Registered: Jul 2009
Location: Morgan Hill, CA
Distribution: Ubuntu
Posts: 20

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by chrism01 View Post
Huh?? I beg to differ, unless you mean on scripts (eg .sh, pl etc), in which case you are correct
On directories, the setuid permission is ignored, but setguid can be used. I learned it from the Wikipedia article and then I tested on my own system and it is correct. Files created in Linux are always owned by the creator, except possibly under ACL, which I don't know anything about.
 
Old 01-17-2013, 02:45 AM   #12
wstewart
Member
 
Registered: Dec 2012
Location: Tampa, FL
Distribution: Slackware, FreeBSD, CentOS
Posts: 41

Rep: Reputation: 1
I was just thinking about that prior to reading the whole discussion on the group being limited to the permissions of the file owner. If you recently added a user to a group, you usually need to log out and log back in as that user. A reboot would do the same thing. I'm not sure if there is a simpler way of having group changes take effect but simply logging in again should do it.

Last edited by wstewart; 01-17-2013 at 06:53 AM.
 
Old 01-17-2013, 06:33 AM   #13
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,289

Rep: Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034Reputation: 2034
I see; I've never tried it (suid) on a dir
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Group permissions: user can't access 770 directory even though a member of group jm34003 Linux - Security 13 05-16-2012 02:03 PM
how to give access to particulat user in ftp user group to particular folder marora Linux - General 2 06-16-2011 02:03 AM
How to give access rights to one group to the home-dirs of another group Peter@KKVS Linux - Networking 2 11-09-2006 12:38 AM
Folder Max Size and Limiting SSH access to home folder. Mefistofeles Linux - General 4 11-26-2005 02:09 PM
samba : access denied for some user in same NT group on a folder mtrento Linux - Networking 0 06-27-2005 10:01 AM


All times are GMT -5. The time now is 04:41 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration