[SOLVED] Permission issue for directory access in user's home directory
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Permission issue for directory access in user's home directory
Hello,
I have 10 CentOS 7 servers. There is a python script which creates admin user, generates SSH keys, set the correct groups for admin user & other necessary settings.
On 8 out of the 10 servers, the script ran successfully. On 2 servers, the script fails while executing the below command -
Could not stat /home/admin/.ssh: Permission denied
The issue is not with sudo access. Now, I checked the python script. It creates the admin user, then creates the .ssh directory inside the admin user's home directory, executes chown command so that admin user is owner for the .ssh directory.
The only difference I observed is that on servers where the python script is successful -
Code:
userb@server5:~$ ls -lZd /home/admin/
drwxr-x---. admin admin system_u:object_r:user_home_dir_t:s0 /home/admin
And where the script failed -
Code:
userb@server6:~$ ls -lZd /home/admin/
drwxr-x---. 1001 1001 system_u:object_r:user_home_dir_t:s0 /home/admin/
The groups that admin belongs to is same on all the servers -
Code:
userb@server6:~$ id admin
uid=2000(admin) gid=2000(admin) groups=2000(admin),10(wheel),600(java)
Any idea what the '1001' means here? And what could be the issue?
Any idea what the '1001' means here? And what could be the issue?
It is a user ID. It means that: on systems (2 of them, you said) where the script failed, the folder /home/admin is NOT owned by 2000:2000, rather it is owned by 1001:1001 --user and group.
Thus, try to check whether somebody is already using the UID 2000 in those units/systems and make appropriate adjustments in assigning other UIDs. or
Try to change the owner:group of that mistaken folders in the 2 systems MANUALLY and observe if the problem goes off.
I guess the user 'admin' previously existed with uid 1001 on the two system that produces the error.
Appearantly, the uid 2000 comes from one of your scripts. At some point you create the user and subsequently assume the user to have uid 2000. But if the user already extisted with uid 1001, the creation fails and assumoption does not hold. You may fix the uid after the user creation attempt, see BW-userxs reply.
However, if user 'admin' existed beforehand there might be some reason for this, and if so you risk to break its previous function. If you dont know whether the existence of the user 'admin' is a relict of previous trials of yours, or has been on the system for other reasons, you better choose another user name, f.i. 'adminbushan', presuming the role the user you created has nothing to do with the role the previously existing 'admin'.
I debugged this further and found the following -
1. All 10 centOS servers had a user admin created which had UID 1001
2. The python script that I executed intentionally deletes the admin user with UID 1001 & creates again with UID 2000
The same script worked on 8 servers & failed on 2.
Additionally, I cannot change the user name from admin to something else. Is there any thing else I can debug?
If I execute the script again, it would probably work as the old admin user [with UID 1001] is deleted from the system. This issue came up again on another 3 servers over the weekend.
Last edited by BhushanPathak; 07-04-2017 at 01:29 AM.
Reason: Rectified UID from 200 to 2000
I verified that the python script indeed uses the UID & GID to set the ownership of the directory -
Code:
os.chown(path, uid, gid)
Just out of curiosity - if the home directory had some files in it & we delete the admin user, would the home directory be also deleted? If not, is there a possibility that we would run into this issue?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.