[SOLVED] Can't access folder I am in group of

I Use Dial · 01-12-2013, 03:13 PM

I am just learning permissions and I'm running into a problem I can't figure out.

My goal is to have a group with write access to a folder where the owner does not have write access.

Code:

mkdir newfolder
chown lesseruser newfolder
chgrp greaterusers newfolder
chmod 570 newfolder

I have verified in /etc/group that my user is a member of greaterusers, but I can't access the folder.

Snark1994 · 01-12-2013, 04:08 PM

The 'user' permissions get applied before the 'group' permissions - so if you're the user, then regardless of the group permissions, you get what the user permissions allow you to do (e.g. if you run

Code:

chown otheruser newfolder

then lesseruser should be able to write to the folder correctly)

Regards,

I Use Dial · 01-12-2013, 04:20 PM

That is not what I'm trying to do.

I Use Dial · 01-12-2013, 04:23 PM

Is this response on serverfault not correct? (Skip to "You can have your cake and eat it too")

http://serverfault.com/questions/357...for-my-website

Snark1994 · 01-13-2013, 03:56 AM

It is correct, but you've misinterpreted it. As I understand it, they are trying to limit the capabilities of the www-data user! (compare it with the "Single user" scenario above). They want r-x permissions for the www-data user, and rwx permissions for the developers, who will be in the dev-fabrikam group. So the permissions function exactly as they want them to.

I Use Dial · 01-13-2013, 04:26 AM

I am not the owner of the directory. I am a member of the group. I cannot access the directory.

I Use Dial · 01-13-2013, 05:10 AM

What am I misunderstanding?

Snark1994 · 01-14-2013, 05:26 AM

Sorry, are you saying you can't reproduce these steps:

Code:

$ whoami
joshua
$ pwd
/home/joshua/test
$ groups
users sudo
$ mkdir newfolder
$ sudo chown nobody newfolder
$ sudo chmod 570 newfolder 
$ ls -ld newfolder 
dr-xrwx--- 2 nobody users 4096 Jan 14 11:20 newfolder
$ ls -l newfolder 
total 0
$ cd newfolder 
$ ls
$ touch a_file
$ ls
a_file
$ pwd
/home/joshua/test/newfolder
$

I am a member of the group users, and I am not the user "nobody", and I can cd into the folder, ls its contents, and create new files.

If your system doesn't work correctly like that, can you post the output of you trying to do what I did above, please?

I Use Dial · 01-14-2013, 11:50 PM

Sorry, forgot to update the thread. The issue was solved with a reboot. Very embarrassing. That's now SOP when I'm considering a post. I was really confounded by why 570 didn't work. However, I did learn one interesting thing: setuid is ignored in linux, in case you were wondering.

chrism01 · 01-15-2013, 01:47 AM

Quote:

setuid is ignored in linux

Huh?? I beg to differ, unless you mean on scripts (eg .sh, pl etc), in which case you are correct

I Use Dial · 01-16-2013, 06:18 PM

Quote:

Originally Posted by chrism01

Huh?? I beg to differ, unless you mean on scripts (eg .sh, pl etc), in which case you are correct

On directories, the setuid permission is ignored, but setguid can be used. I learned it from the Wikipedia article and then I tested on my own system and it is correct. Files created in Linux are always owned by the creator, except possibly under ACL, which I don't know anything about.

wstewart · 01-17-2013, 02:45 AM

I was just thinking about that prior to reading the whole discussion on the group being limited to the permissions of the file owner. If you recently added a user to a group, you usually need to log out and log back in as that user. A reboot would do the same thing. I'm not sure if there is a simpler way of having group changes take effect but simply logging in again should do it.

chrism01 · 01-17-2013, 06:33 AM

I see; I've never tried it (suid) on a dir