Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a user, who is part of the accounting group. the accounting folder is owned by the group, accounting. when the user attempts to go into the folder, it says that permission is denied. why is the user not able to go inside of the folder?
If you want the "accounting" group to be able to cd to the "bob" directory, you need to do:
chmod g+x bob
In other words, members of a group can't cd to a directory if the group doesn't have execute permission for the directory.
However, this won't solve your problem, since your "ls -l" output indicates that the directory "bob" belongs to the "root" group, not the "accounting" group. To fix that, do:
chgrp -R accounting bob
Something still doesn't make sense, though, assuming "bob" is the user who is unable to access the directory "bob". What is the output of "ls -l .." if you execute it from the same place you executed "ls -l"? You need to make sure that the directory that contains "bob" also belongs to the "accounting" group and has group read and execute permissions.
I do not want the accounting group to cd to the bob directory. there is a shared directory for that. I thought execute permissions were just for running scripts?
If I add the accounting group to bob, would accounting then be able to access his content?
Normally the login "bob" would also have a group created with only one member in it - "bob". Thus the home directory would be owned by bob, and group bob. The access mask would usually be rwxr-x--- (meaning, user bob has read/write/search, members of the group bob have read/search, and no one else has access. If bob is the only member of the group "bob" then no one else can access it). For directory files, the x means "search" rather than "execute".
Having bob own a root group directory is peculiar, but also since bob is not in group root, it would make things look odd to an audit.
If a user has only read permission on a directory, she cannot change into it. If read permission exists, the user can see what files are in it, but cannot access them, regardless of their permissions.
"You can think of read and execute on directories this way: directories are data files that hold two pieces of information for each file within, the file's name and it's inode number. Read permission is needed to access the names of files in a directory. Execute (a.k.a. search) permission is needed to access the inodes of files in a directory, if you already know the file's name."
So a directory with "r--" permissions allows you see the file names. But you cannot open the files.
A directory with "--x" allows you to open the files, IF you already know the file name, AND have access permissions to read (or write) to the file.
To change the default directory requires both read and search.
This has been used in the past to provide an anonymous access to a dropbox type of operation. You could retrieve the file IF you already knew (or could guess) what the file name was. It has also been used to hide files from general viewing, but let specific individuals retrieve the data.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.