LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-20-2012, 12:55 PM   #1
knottulf
LQ Newbie
 
Registered: Oct 2012
Posts: 22

Rep: Reputation: Disabled
folder permissions and sgid


I try to make one folder accessible to the members of the folders' owner group, so that they are allowed to read all files in the folder and edit files they created by themselves.
To do this, I figured out that I have to set group id to the folder, so that its permissions would be drwxrws---.
I am not sure about the group's srite access, though. I reckon it means that the group members are allowed to create files inside the folder.
However, even though the folder is owned by one of the groups that I am a member of, I am not allowed to cd to the folder, or to ls it. Why?

trying:
knottulf@debian-server:/home$ sudo chmod g=rwx ledelse
and:
knottulf@debian-server:/home$ sudo chmod g+sx ledelse

But to now help.

Last edited by knottulf; 10-20-2012 at 12:57 PM.
 
Old 10-20-2012, 01:02 PM   #2
nugat
Member
 
Registered: Sep 2012
Posts: 122

Rep: Reputation: 31
Quote:
Originally Posted by knottulf View Post
I try to make one folder accessible to the members of the folders' owner group, so that they are allowed to read all files in the folder and edit files they created by themselves.
To do this, I figured out that I have to set group id to the folder, so that its permissions would be drwxrws---.
I am not sure about the group's srite access, though. I reckon it means that the group members are allowed to create files inside the folder.
However, even though the folder is owned by one of the groups that I am a member of, I am not allowed to cd to the folder, or to ls it. Why?

trying:
knottulf@debian-server:/home$ sudo chmod g=rwx ledelse
and:
knottulf@debian-server:/home$ sudo chmod g+sx ledelse

But to now help.
try giving the dir read/write access at the same time, e.g.:
Code:
sudo chmod g=+srwx ledelse
if that doesn't work, show the output of:
Code:
ls -ld ledelse
and:
Code:
lsattr -d ledelse
and:
Code:
getfacl ledelse
 
1 members found this post helpful.
Old 10-20-2012, 01:29 PM   #3
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 2,967

Rep: Reputation: 1268Reputation: 1268Reputation: 1268Reputation: 1268Reputation: 1268Reputation: 1268Reputation: 1268Reputation: 1268Reputation: 1268
Quote:
Originally Posted by knottulf View Post
I try to make one folder accessible to the members of the folders' owner group, so that they are allowed to read all files in the folder and edit files they created by themselves.
To do this, I figured out that I have to set group id to the folder, so that its permissions would be drwxrws---.
I am not sure about the group's srite access, though. I reckon it means that the group members are allowed to create files inside the folder.
However, even though the folder is owned by one of the groups that I am a member of, I am not allowed to cd to the folder, or to ls it. Why?
The group write permission allows members of the group to create and delete files in that directory. That would include files owned by others. If you want to restrict people from deleting files they do not own, you should add the sticky bit (chmod +t) to the permission settings.

As a member of the group, you should be able to cd to that directory and list its contents. You would of course need at least execute permission for any higher level directories leading to this one. Are you sure your current session includes that group membership? If you have not logged out and back in since adding yourself to the group, you don't yet have that group included in your credentials. You can use the id command to see what your current credentials are.

Last edited by rknichols; 10-20-2012 at 01:31 PM.
 
1 members found this post helpful.
Old 10-20-2012, 04:45 PM   #4
knottulf
LQ Newbie
 
Registered: Oct 2012
Posts: 22

Original Poster
Rep: Reputation: Disabled
Thank you nugat and rknichols
I thought at once that rknichols' suggestion about the permissions of the parent directory was the key to the issue, but moving ledelse to a directory with permissions 777 made no difference: still no access.

Quote:
Originally Posted by nugat View Post
try giving the dir read/write access at the same time, e.g.:
Code:
sudo chmod g=+srwx ledelse
Tried it, with no effect.

Quote:
Originally Posted by nugat View Post
if that doesn't work, show the output of:
Code:
ls -ld ledelse
knottulf@debian-server:/home/prosj$ ls -ld ledelse
drwxrws--- 2 root ledelse 4096 2012-09-28 13:49 ledelse

Quote:
Originally Posted by nugat View Post
and:
Code:
lsattr -d ledelse
knottulf@debian-server:/home/prosj$ sudo lsattr -d ledelse
------------------- ledelse

Quote:
Originally Posted by nugat View Post
and:
Code:
getfacl ledelse
knottulf@debian-server:/home/prosj$ getfacl ledelse
# file: ledelse
# owner: root
# group: ledelse
# flags: -s-
user::rwx
group::rwx
other::---

So, still no access. Strange...
 
Old 10-20-2012, 11:34 PM   #5
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 2,967

Rep: Reputation: 1268Reputation: 1268Reputation: 1268Reputation: 1268Reputation: 1268Reputation: 1268Reputation: 1268Reputation: 1268Reputation: 1268
And does the output from the id command include "ledelse" in the groups list?
 
Old 10-21-2012, 01:02 AM   #6
shivaa
Senior Member
 
Registered: Jul 2012
Location: Grenoble, Fr.
Distribution: Sun Solaris, RHEL, Ubuntu, Debian 6.0
Posts: 1,800
Blog Entries: 4

Rep: Reputation: 286Reputation: 286Reputation: 286
As far as I understood your pb, I would conclude:
First, you've not used right way to assign SGID permission, as it should be g+xs not g+sx, because SGID is replacing "execute" on that dir. with "s", so the dir. first should have execute then "s".
Quote:
knottulf@debian-server:/home$ sudo chmod g+sx ledelse (This is wrong way)
So do like this,
Quote:
knottulf@debian-server:/home$ sudo chmod g+xs ledelse
Second, you can set sticky bit permission also, instead of SGID as follow:
Quote:
sudo chmod a+t ledelse
It will allows the owner of the directory, the owner of the file, or the super-user to modify the files that the directory contains.

Last edited by shivaa; 10-21-2012 at 01:05 AM.
 
Old 10-21-2012, 05:58 AM   #7
knottulf
LQ Newbie
 
Registered: Oct 2012
Posts: 22

Original Poster
Rep: Reputation: Disabled
Strange:
Quote:
knottulf@debian-server:/home$ sudo chmod g+xs ledelse
Makes no difference.

Quote:
knottulf@debian-server:/home/prosj$ groups knottulf
knottulf : knottulf cdrom floppy sudo audio dip video plugdev netdev bluetooth scanner kvm ledelse
So, I am in the owner group, but still no access to the folder. What else in the system could interfere with these settings?
 
Old 10-21-2012, 06:56 AM   #8
shivaa
Senior Member
 
Registered: Jul 2012
Location: Grenoble, Fr.
Distribution: Sun Solaris, RHEL, Ubuntu, Debian 6.0
Posts: 1,800
Blog Entries: 4

Rep: Reputation: 286Reputation: 286Reputation: 286
Use of SGID is that, if this permission is set on a directory, then newly created files inside the directory inherit the same group ID as that of the parent directory has. So could you once share the result of "ls -la ledelse" comamnd, as I want to see what permissions are set on parent dir. and some of the files inside it?
One more thing, are you getting "Permission denied" error or any other message when u try to access the dir.?
If you're getting permission denied, then add permission as follow:
# chmod g+rwx ledelse
And also make sure that you're a member of the dir.'s group.
 
Old 10-21-2012, 02:26 PM   #9
knottulf
LQ Newbie
 
Registered: Oct 2012
Posts: 22

Original Poster
Rep: Reputation: Disabled
Thanks meninvenus

I tried your "chmod g+rwx ledelse" command.
The result when cd-ing to the ledelse directory, still is "no access".

The result of "ls -la ledelse" is "No access".

The result of "ls -la prosj" is
Quote:
knottulf@debian-server:/home$ ls -la prosj
totalt 20
drwxrwxrwx 5 root root 4096 2012-10-20 22:19 .
drwxr-xr-x 10 root root 4096 2012-10-20 22:19 ..
drwxr-xr-x 2 root administrasjon 4096 2012-09-28 13:47 administrasjon
drwxrws--T 2 root ledelse 4096 2012-09-28 13:49 ledelse
drwxrws--- 2 root utviklere 4096 2012-09-28 13:47 utviklere

Last edited by knottulf; 10-21-2012 at 02:31 PM.
 
Old 10-21-2012, 07:06 PM   #10
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,241

Rep: Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325Reputation: 2325
Need to check the perms and ownerships of all(!) dirs from the root down to the dir in qn.
 
Old 10-22-2012, 12:35 AM   #11
shivaa
Senior Member
 
Registered: Jul 2012
Location: Grenoble, Fr.
Distribution: Sun Solaris, RHEL, Ubuntu, Debian 6.0
Posts: 1,800
Blog Entries: 4

Rep: Reputation: 286Reputation: 286Reputation: 286
Quote:
I tried your "chmod g+rwx ledelse" command.
The result when cd-ing to the ledelse directory, still is "no access".

The result of "ls -la ledelse" is "No access".
Even after addding all the permission, if you cannot access/view the content, then I am sure you're nither owner of the ledelse dir. nor a member of it's group.
As I can see, ledelse dir. has following permissions/ownership:
Quote:
drwxrws--T 2 root ledelse 4096 2012-09-28 13:49 ledelse
As a root user, you can see it's content and do anything, but a simple user, your user account should be a member of the group "ledelse" (highlighted in bold above).
So check your group using
Code:
id -a <your-username>
and see whether there's group "ledelse" in your groups list? If not, add yourself to it as follow:
# usermod -G ledelse <your-username> (Become root and invoke this cmd)

It should work then. Else, after doing all this as above, open a new terminal and try to access/open "ledelse" dir.
 
1 members found this post helpful.
Old 10-22-2012, 08:52 AM   #12
knottulf
LQ Newbie
 
Registered: Oct 2012
Posts: 22

Original Poster
Rep: Reputation: Disabled
Restart magic

I thought the magic of restart was more of a mac or windows thing than Linux. However, when checking after two restarts, my access to the problematic folder was ok after all.

Thanks to all your help, all of you!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Changing folder permissions and its sub folder and files? stratotak Linux - Newbie 6 12-29-2011 06:11 AM
[SOLVED] trouble with SGID on a shareable folder chytraeus Linux - Newbie 7 01-27-2010 05:40 PM
folder permissions myfoot Linux - Newbie 1 11-30-2007 06:10 PM
LXer: Setting the SUID/SGID bits: Giving a program YOUR permissions when it runs LXer Syndicated Linux News 0 03-09-2007 08:16 PM
permissions difference between /home/..../folder and /root/folder darkleaf Linux - General 3 07-21-2005 06:23 PM


All times are GMT -5. The time now is 01:28 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration