Why can't I modify a file whose group I belong to?
I have a file with group write status which belongs to group "phped". I expected to be able to delete it with a user that belongs to the same group, but cannot do so. I later tried to edit it using vi, however, similarly was not able to do so.
Please explain what is happening. Thank you Code:
[Michael@devserver child_dir]$ pwd |
-rwxrwxr-x. the "." should be a good indaction... Its a SELinux ACL
To remove it run the following in the directory Code:
find . -print0 |xargs -0 -n 1 sudo setfattr -h -x security.selinux |
Quote:
I tried your code, and no success. Code:
[Michael@devserver child_dir]$ find . -print0 |xargs -0 -n 1 sudo setfattr -h -x security.selinux I just looked at http://wiki.centos.org/HowTos/SELinux, and it appears to confirm that permissive mode should not enforce security policy. Still think it is a selinux issue? Quote:
|
Quote:
Policy and SELINUX ACLS are different, you can't turn off SELINUX ACLS you can remove them from the permissions bits but their not no blaket remove all function. What dictro are you running? |
Quote:
Code:
[root@devserver /]# cat /proc/version |
Try this disable SELINUX entirely, now do a reboot and see if the permissions are fixed. (see if you can access your files r/w) if you can just get rid of SELINUX entirely, if you want the added nonsense of 'restorecon and all the other wonderful things SELINUX bringd to the table, I myself am not a fan of SELINUX and have often went with (in my opinion better) PaX/GreSecrity patches and tools.
|
Quote:
@NotionCommotion I am going to ask you a stupid question: you did login in again, right? Whenever you add a user to a group, you need to relogin in order for /etc/group to be reread, otherwise you don't have the respective permissions. P.S. My current SELinux mode is 'enforcing' |
ACLs are not a SELinux thing. They are a property of the filesystem that the kernel supports. And the "." indicates there is no ACL list.
One thing that can prevent your deletion of /var/www/main/user_resources/documents/parent_dir/child_dir is that you need write access to /var/www/main/user_resources/documents. This is because you are removing a file name from the directory - and that means you must be able to write to it. You might check that the group permissions (as well as group ownership) of the documents directory permit read/write/search (the x on directories). |
Quote:
|
Don't beat yourself up to badly ... I doubt there is anyone on this forum who has not made a similar oversight in the last couple of months :)
You are correct though ... you only have to make certain errors once and you have learnt them for a life time :D |
This is not a selinux issue. Removing a file from a directory requires write permission on the directory itself. The permissions on the actual file to be removed are irrelevant. Conceptually, a directory is just a file that contains a list of other filenames. Adding or removing a file in a directory requires write permission to that list of filenames.
|
Quote:
The reason I gave you that advice was because I myself have made that mistake and I've struggled in vain for a while until I realised that was the problem :) |
Quote:
|
All times are GMT -5. The time now is 08:32 PM. |