Permission Denied when using absolute path, relative path works OK
 

OK - full disclosure, not really a newbie to Linux but this is my first post on LinuxQuestions, and it feels like my problem could maybe be a rookie mistake, so I will post here:

I am trying to write to a file as a particular user (www-data) using "su". The file being written to is owned by www-data:www-data, and has write permissions. Writing to the file as this user fails if I use an absolute pathname, but it works if I use a relative pathname.

Here are the details:

The directory where the file lives:
root@moe:/home/pete/cm# ls -l |grep logs
drwxrwxr-x 2 www-data www-data 4096 Jul 31 11:38 logs

The contents of that directory:
root@moe:/home/pete/cm# ls -l logs
total 5564
-rw-rw-r-- 1 www-data www-data 0 Jul 31 11:40 hm.log
-rw-rw-r-- 1 www-data www-data 199915 Jul 2 2013 hm.log.1
-rw-rw-r-- 1 www-data www-data 199886 Jun 30 2013 hm.log.2
-rw-rw-r-- 1 www-data www-data 199850 Jun 29 2013 hm.log.3
-rw-rw-r-- 1 www-data www-data 199875 Jun 26 2013 hm.log.4
-rw-rw-r-- 1 www-data www-data 199913 Jun 23 2013 hm.log.5
-rw-rw-r-- 1 www-data www-data 23204 Jul 31 11:37 server.log

Now I try to make a change to a file like so:
root@moe:/home/pete/cm# cd logs
root@moe:/home/pete/cm/logs# su www-data -c "touch hm.log"

and it works. However, when I do:
root@moe:/home/pete/cm/logs# su www-data -c "touch /home/pete/cm/logs/hm.log"
touch: cannot touch ‘/home/pete/cm/logs/hm.log’: Permission denied

I need to use absolute paths for this. I cannot figure out why it works using relative paths but not absolute paths. /home is mounted to a different device than /, could that be the problem?

I tried to make the relative path longer to isolate the point at which it no longer works, and found the following:
- in directory /home/pete/cm/logs, changing hm.log works
- in directory /home/pete/cm, changing logs/hm.log works
- in directory /home/pete, changing cm/logs/hm/log fails.

I'm stumped. Any ideas?

... and what is ownership/permission of /home/pete?

You have files with owner and group both different from the home directory owner. Is pete a member of www-data group? is www-data a member of pete group?

Full info needed please.

Hi - thanks for your reply. Here are the answers to your questions:

Permissions on /home/pete:
drwx------ 110 pete pete 12288 Jul 31 06:36 pete

is pete a member of www-data group? No:
uid=1000(pete) gid=1000(pete) groups=1000(pete),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),108(lpadmin),124(sambashare)

Is www-data a member of pete group? No:
uid=33(www-data) gid=33(www-data) groups=33(www-data)

Then you shouldn't have a directory that's owned by www-data in pete's home directory. You'll always face permission hell trying to operate that way. Pete's home directory is for pete, and nobody else. Similarly, www-data's home directory is for www-data, and nobody else. If you need a neutral location that both users can share, then create one elsewhere, like "/home/cm" or something, and give it the necessary permissions.

Interesting that it works one way but not another - I guess that's a good definition of permission hell!

I moved the cm directory to a neutral location and everything works.

Thanks for your help!

When you are in that directory before you su, using relative paths, the process does not have to traverse any forbidden directories to get there.

When you use absolute paths as www-data it cannot traverse /home/pete so it fails.

Yep, permission hell, it is designed that way! Better to work with it than against it.

Glad you got it figured out!

Thanks for the explanation, it makes perfect sense. Appreciate the help!