LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (http://www.linuxquestions.org/questions/linux-general-1/)
-   -   Can't access folder I am in group of (http://www.linuxquestions.org/questions/linux-general-1/cant-access-folder-i-am-in-group-of-4175445305/)

I Use Dial 01-12-2013 03:13 PM

Can't access folder I am in group of
 
I am just learning permissions and I'm running into a problem I can't figure out.

My goal is to have a group with write access to a folder where the owner does not have write access.

Code:

mkdir newfolder
chown lesseruser newfolder
chgrp greaterusers newfolder
chmod 570 newfolder

I have verified in /etc/group that my user is a member of greaterusers, but I can't access the folder.

Snark1994 01-12-2013 04:08 PM

The 'user' permissions get applied before the 'group' permissions - so if you're the user, then regardless of the group permissions, you get what the user permissions allow you to do (e.g. if you run

Code:

chown otheruser newfolder
then lesseruser should be able to write to the folder correctly)

Regards,

I Use Dial 01-12-2013 04:20 PM

That is not what I'm trying to do.

I Use Dial 01-12-2013 04:23 PM

Is this response on serverfault not correct? (Skip to "You can have your cake and eat it too")

http://serverfault.com/questions/357...for-my-website

Snark1994 01-13-2013 03:56 AM

It is correct, but you've misinterpreted it. As I understand it, they are trying to limit the capabilities of the www-data user! (compare it with the "Single user" scenario above). They want r-x permissions for the www-data user, and rwx permissions for the developers, who will be in the dev-fabrikam group. So the permissions function exactly as they want them to.

I Use Dial 01-13-2013 04:26 AM

I am not the owner of the directory. I am a member of the group. I cannot access the directory.

I Use Dial 01-13-2013 05:10 AM

What am I misunderstanding?

Snark1994 01-14-2013 05:26 AM

Sorry, are you saying you can't reproduce these steps:

Code:

$ whoami
joshua
$ pwd
/home/joshua/test
$ groups
users sudo
$ mkdir newfolder
$ sudo chown nobody newfolder
$ sudo chmod 570 newfolder
$ ls -ld newfolder

dr-xrwx--- 2 nobody users 4096 Jan 14 11:20 newfolder
$ ls -l newfolder
total 0
$ cd newfolder
$ ls
$ touch a_file
$ ls

a_file
$ pwd
/home/joshua/test/newfolder
$

I am a member of the group users, and I am not the user "nobody", and I can cd into the folder, ls its contents, and create new files.

If your system doesn't work correctly like that, can you post the output of you trying to do what I did above, please?

I Use Dial 01-14-2013 11:50 PM

Sorry, forgot to update the thread. The issue was solved with a reboot. Very embarrassing. That's now SOP when I'm considering a post. I was really confounded by why 570 didn't work. However, I did learn one interesting thing: setuid is ignored in linux, in case you were wondering.

chrism01 01-15-2013 01:47 AM

Quote:

setuid is ignored in linux
Huh?? I beg to differ, unless you mean on scripts (eg .sh, pl etc), in which case you are correct :)

I Use Dial 01-16-2013 06:18 PM

Quote:

Originally Posted by chrism01 (Post 4870312)
Huh?? I beg to differ, unless you mean on scripts (eg .sh, pl etc), in which case you are correct :)

On directories, the setuid permission is ignored, but setguid can be used. I learned it from the Wikipedia article and then I tested on my own system and it is correct. Files created in Linux are always owned by the creator, except possibly under ACL, which I don't know anything about.

wstewart 01-17-2013 02:45 AM

I was just thinking about that prior to reading the whole discussion on the group being limited to the permissions of the file owner. If you recently added a user to a group, you usually need to log out and log back in as that user. A reboot would do the same thing. I'm not sure if there is a simpler way of having group changes take effect but simply logging in again should do it.

chrism01 01-17-2013 06:33 AM

I see; I've never tried it (suid) on a dir :)


All times are GMT -5. The time now is 01:15 AM.