I have a user, who is part of the accounting group. the accounting folder is owned by the group, accounting. when the user attempts to go into the folder, it says that permission is denied. why is the user not able to go inside of the folder?

Can you login as the user and run the 'id' cmd.
Also show the dir permissions & ownerships (ls -l)

sure.

Attached Thumbnails

   

If you want the "accounting" group to be able to cd to the "bob" directory, you need to do:
chmod g+x bob
In other words, members of a group can't cd to a directory if the group doesn't have execute permission for the directory.

However, this won't solve your problem, since your "ls -l" output indicates that the directory "bob" belongs to the "root" group, not the "accounting" group. To fix that, do:
chgrp -R accounting bob

Something still doesn't make sense, though, assuming "bob" is the user who is unable to access the directory "bob". What is the output of "ls -l .." if you execute it from the same place you executed "ls -l"? You need to make sure that the directory that contains "bob" also belongs to the "accounting" group and has group read and execute permissions.

I do not want the accounting group to cd to the bob directory. there is a shared directory for that. I thought execute permissions were just for running scripts?
If I add the accounting group to bob, would accounting then be able to access his content?

no.

Normally the login "bob" would also have a group created with only one member in it - "bob". Thus the home directory would be owned by bob, and group bob. The access mask would usually be rwxr-x--- (meaning, user bob has read/write/search, members of the group bob have read/search, and no one else has access. If bob is the only member of the group "bob" then no one else can access it). For directory files, the x means "search" rather than "execute".

Having bob own a root group directory is peculiar, but also since bob is not in group root, it would make things look odd to an audit.

ok - i see. I will try this, and see if it helps. thanks!

what do you mean by this? a user can search that specified directory for a file?

If a user has only read permission on a directory, she cannot change into it. If read permission exists, the user can see what files are in it, but cannot access them, regardless of their permissions.

From http://content.hccfl.edu/pollock/aun...ermissions.htm

"You can think of read and execute on directories this way: directories are data files that hold two pieces of information for each file within, the file's name and it's inode number. Read permission is needed to access the names of files in a directory. Execute (a.k.a. search) permission is needed to access the inodes of files in a directory, if you already know the file's name."

So a directory with "r--" permissions allows you see the file names. But you cannot open the files.
A directory with "--x" allows you to open the files, IF you already know the file name, AND have access permissions to read (or write) to the file.

To change the default directory requires both read and search.

This has been used in the past to provide an anonymous access to a dropbox type of operation. You could retrieve the file IF you already knew (or could guess) what the file name was. It has also been used to hide files from general viewing, but let specific individuals retrieve the data.