LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-09-2013, 05:10 PM   #1
tyap
LQ Newbie
 
Registered: Aug 2013
Posts: 3

Rep: Reputation: Disabled
Cannot access directory (group permission)


Hi,

I'm starting to expose myself into the wonderful world of Linux. I have a very basic background of Linux, and am trying to improve my working knowledge within this wonderful OS. I have a question regarding permissions.

I tried to cd into the html directory below, but received a permission denied prompt.

dr-xr-s---. 5 root root 4096 Jun 26 16:12 _backup
dr-xr-s---. 6 booking-prod booking-prod 4096 Jun 26 16:12 html
-bash: cd: html: Permission denied

I looked into the /etc/group file, and noticed that my id (tyap) is part of the wheel and apache group. Since apache is also part of the booking-prod group, shouldn't I be able to access the html directory above? Or what would I need to do to gain access to the html directory?

wheel:x:10:twining,kandyw,aboscarino,tyap
apache:x:48:twining,kandyw,aboscarino,tyap
tyap:x:516:
booking-prod:x:510:apache
 
Old 08-09-2013, 07:34 PM   #2
GlennsPref
Senior Member
 
Registered: Apr 2004
Location: Brisbane, Australia
Posts: 3,366
Blog Entries: 33

Rep: Reputation: 216Reputation: 216Reputation: 216
Quote:
Hi, Welcome to LQ!

LQ has a fantastic search function that may save you time waiting for an answer to a popular question.

With over 4 million posts to search it's possible the answer has been given.
Code:
man chmod
Quote:
The format of a symbolic mode is '[ugoa...][[+-=][rwxXstugo...]...][,...]'. Multiple symbolic operations can be
given, separated by commas.

A combination of the letters 'ugoa' controls which users' access to the file will be changed: the user who owns
it (u), other users in the file's group (g), other users not in the file's group (o), or all users (a).
If none of these are given, the effect is as if 'a' were given, but bits that are set in the umask are not
affected.

The operator '+' causes the permissions selected to be added to the existing permissions of each
file; '-' causes them to be removed; and '=' causes them to be the only permissions that the file has.

The letters 'rwxXstugo' select the new permissions for the affected users: read (r), write (w), execute
(or access for directories) (x), execute only if the file is a directory or already has execute permission
for some user (X), set user or group ID on execution (s), sticky (t), the permissions granted to the user
who owns the file (u), the permissions granted to other users who are members of the file's group (g), and
the permissions granted to users that are in neither of the two preceding categories (o)
.

A numeric mode is from one to four octal digits (0-7), derived by adding up the bits with values 4, 2, and 1.
Any omitted digits are assumed to be leading zeros. The first digit selects the set user ID (4) and set
group ID (2) and sticky (1) attributes. The second digit selects permissions for the user who owns the
file: read (4), write (2), and execute (1); the third selects permissions for other users in the file's
group, with the same values; and the fourth for other users not in the file's group, with the same values.
If the files are in your /home/.. folder you may have other problems.
 
Old 08-09-2013, 07:44 PM   #3
tyap
LQ Newbie
 
Registered: Aug 2013
Posts: 3

Original Poster
Rep: Reputation: Disabled
Thanks Glenn for the reply. I took a look at the post, but I'm still confused as to why I can't access the html directory even though I am part of the apache group, and the apache group is part of the booking-prod group. Is my understanding correct that I am within the apache group, and that the apache group is within the booking-prod group? This in turn should allow me to cd into the html directory.
 
Old 08-09-2013, 07:46 PM   #4
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=14, FreeBSD_10{.0|.1|.2}
Posts: 3,887
Blog Entries: 1

Rep: Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007
Quote:
Originally Posted by tyap View Post
Thanks Glenn for the reply. I took a look at the post, but I'm still confused as to why I can't access the html directory even though I am part of the apache group, and the apache group is part of the booking-prod group. Is my understanding correct that I am within the apache group, and that the apache group is within the booking-prod group? This in turn should allow me to cd into the html directory.
Actually I don't think that is correct. The apache 'user' is part of the booking-prod group.

To access that by group permissions you must be a member of the booking-prod group itself.

[EDIT]

To be a little more complete, there is no heirarchy of group memberships - you are either a member of a group or you are not.

In the case you give, the apache user is a member of the booking-prod group - the apache group is not a member of booking-prod group. Tyap user is a member of the wheel and apache groups, but not the booking-prod group.

I am also curious why the group is setgid? You have not said what distro you are using, but SETGID is probably disabled anyway, and if that was related to trying to obtain group permissions then that is not the way to do it.

[/EDIT]

Last edited by astrogeek; 08-09-2013 at 08:03 PM.
 
Old 08-09-2013, 07:55 PM   #5
tyap
LQ Newbie
 
Registered: Aug 2013
Posts: 3

Original Poster
Rep: Reputation: Disabled
Thanks! So it would seem that Linux does not support "nested groups". I did a "groups" command, and noticed that I am part of the wheel group, which I understand has some elevated rights. Will I be able to grant include myself in the booking-prod group?
 
Old 08-09-2013, 08:09 PM   #6
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=14, FreeBSD_10{.0|.1|.2}
Posts: 3,887
Blog Entries: 1

Rep: Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007Reputation: 2007
Quote:
Originally Posted by tyap View Post
Thanks! So it would seem that Linux does not support "nested groups". I did a "groups" command, and noticed that I am part of the wheel group, which I understand has some elevated rights. Will I be able to grant include myself in the booking-prod group?
You typed faster than I did - see my EDIT to last post - that is correct, there is no support for nested groups at this level (you might be able to do that with something like LDAP, I really don't know).

I don't know what your wheel group membership gets you on that system, but you might try it.

It might also help you get more qualified answers if you post what your OS is.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
permission for directory by different group aksharb Linux - Software 3 07-31-2013 07:10 AM
Group permissions: user can't access 770 directory even though a member of group jm34003 Linux - Security 13 05-16-2012 03:03 PM
[SOLVED] Group access to directory not seeming to work dajester2011 Linux - General 6 06-13-2011 01:47 PM
can i give directory permission to a group and not specific user? SamuraiCoder Linux - Newbie 5 05-26-2010 05:23 PM
apparent group member can't access directory xuanadoo Linux - Newbie 2 09-14-2006 09:02 PM


All times are GMT -5. The time now is 08:54 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration