[SOLVED] user permission is not working

zillur · 04-12-2017, 02:03 PM

Hi there,
I have a system like the following:

Code:

[root@localhost zillur]# df -h
Filesystem             Size  Used Avail Use% Mounted on
/dev/mapper/cl00-root   50G  4.4G   46G   9% /
devtmpfs                87G     0   87G   0% /dev
tmpfs                   87G     0   87G   0% /dev/shm
tmpfs                   87G  9.7M   87G   1% /run
tmpfs                   87G     0   87G   0% /sys/fs/cgroup
/dev/sdb2             1014M  205M  810M  21% /boot
/dev/mapper/cl00-home   56G  264M   56G   1% /home
tmpfs                   18G     0   18G   0% /run/user/1000
/dev/sdc1               11T  5.1T  5.3T  49% /mordor
tmpfs                   18G     0   18G   0% /run/user/1002

In the /gondor folder I have backup files from previous system. I created a new user and wanted to give ownership the user to a folder. It seems working, but still the user can't enter to the directory. Here is what I have done:

Code:

[root@localhost zillur]# sudo chown -R edgardo:edgardo /mordor/mar_27_backup/edgardo

Maybe it related with selinux related problem:

Code:

[root@localhost zillur]# id
uid=0(root) gid=0(root) groups=0(root) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Code:

[edgardo@localhost ~]$ id
uid=1002(edgardo) gid=1002(edgardo) groups=1002(edgardo) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Code:

ls: cannot access /mordor/mar_27_backup/edgardo: Permission denied

And the permissions:

Code:

[root@localhost zillur]# ls -lZ /mordor/mar_27_backup/edgardo/
drwxrwxr-x. edgardo edgardo system_u:object_r:default_t:s0   anaconda2
-rwxrwxr-x. edgardo edgardo system_u:object_r:default_t:s0   Anaconda2-4.3.0-Linux-x86_64.sh
drwxr-xr-x. edgardo edgardo system_u:object_r:default_t:s0   Desktop
drwxr-xr-x. edgardo edgardo system_u:object_r:default_t:s0   Documents
drwxr-xr-x. edgardo edgardo system_u:object_r:default_t:s0   Downloads
drwxrwxr-x. edgardo edgardo system_u:object_r:default_t:s0   genome
-rwxr-xr-x. edgardo edgardo system_u:object_r:default_t:s0   GenomeAnalysisTK.jar
drwxr-xr-x. edgardo edgardo system_u:object_r:default_t:s0   Music
drwxrwxr-x. edgardo edgardo system_u:object_r:default_t:s0   ncbi
drwxrwxr-x. edgardo edgardo system_u:object_r:default_t:s0   ncbi-outdir
drwxrwxr-x. edgardo edgardo system_u:object_r:default_t:s0   ngs
-rwx--x--x. edgardo edgardo system_u:object_r:default_t:s0   nohup.out
drwxrwxr-x. edgardo edgardo system_u:object_r:default_t:s0   perl5
-rwxrwxr-x. edgardo edgardo system_u:object_r:default_t:s0   picard.jar
drwxr-xr-x. edgardo edgardo system_u:object_r:default_t:s0   Pictures
drwxr-xr-x. edgardo edgardo system_u:object_r:default_t:s0   Public
drwxrwxr-x. edgardo edgardo system_u:object_r:default_t:s0   resources
drwxrwxr-x. edgardo edgardo system_u:object_r:default_t:s0   sra-tools-master
drwxr-xr-x. edgardo edgardo system_u:object_r:default_t:s0   Templates
drwxrwxr-x. edgardo edgardo system_u:object_r:default_t:s0   tmp
drwxr-xr-x. edgardo edgardo system_u:object_r:default_t:s0   Videos

Any suggestions?

Best Regards
Zillur

r3sistance · 04-12-2017, 04:21 PM

su to the user and then try each directory separately I.E.

Code:

 su edgardo -
cd /mordor
cd mar_27_backup
cd edgardo

confirm exactly where the issue starts first. It maybe that the user doesn't have execute permissions on mordor or mar_27_backup, selinux would usually not interfere with a cd or ls..

zillur · 04-12-2017, 06:15 PM

Thank you very much. I have done this, but:

Code:

[root@localhost zillur]# su edgardo -
[edgardo@localhost zillur]$ cd /mordor/
bash: cd: /mordor/: Permission denied

I have just newly installed centos 7. In the /mordor folder I have backup file using rsync from another machine. Now I created a user and gave him the permission using chown. but it is not working. I am not sure what I am missing!! any suggestion?

Now my file system looks like this:

Quote:

[root@localhost zillur]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 14.6T 0 disk
└─sda1 8:1 0 14.6T 0 part
sdb 8:16 0 111.8G 0 disk
├─sdb1 8:17 0 1G 0 part
├─sdb2 8:18 0 1G 0 part /boot
└─sdb3 8:19 0 109.8G 0 part
├─cl00-root 253:0 0 50G 0 lvm /
├─cl00-swap 253:1 0 4G 0 lvm [SWAP]
└─cl00-home 253:2 0 55.8G 0 lvm /home
sdc 8:32 0 10.9T 0 disk
└─sdc1 8:33 0 10.9T 0 part /mordor
sr0 11:0 1 1024M 0 rom
sr1 11:1 1 1024M 0 rom

I tried :

Quote:

mount /dev/sda1 /gondor

But its not working. Any suggestion??

Best Regards
Zillur

r3sistance · 04-12-2017, 06:31 PM

you seem to be going off on a tangent, the issue is with /mordor right? Other than that mount command, what are you doing with /gondor that suggests it has failed?

Well what is the output of

Code:

ls -l / | grep "mordor"

should give some interesting information.

zillur · 04-12-2017, 07:17 PM

Thank you very much for your reply. Here is it:

Code:

[root@localhost zillur]# ls -l / | grep "mordor"
drwx------.   4 zillur zillur 4096 Apr  6 21:02 mordor
[root@localhost zillur]# ls -l / | grep "gondor"
drwxr-xr-x.   2 root   root      6 Apr  5 15:37 gondor

After using mount command, it is not showing the mount point for /gondor :

Code:

[root@localhost zillur]# df -h
Filesystem             Size  Used Avail Use% Mounted on
/dev/mapper/cl00-root   50G  4.4G   46G   9% /
devtmpfs                87G     0   87G   0% /dev
tmpfs                   87G     0   87G   0% /dev/shm
tmpfs                   87G   18M   87G   1% /run
tmpfs                   87G     0   87G   0% /sys/fs/cgroup
/dev/sdb2             1014M  205M  810M  21% /boot
/dev/mapper/cl00-home   56G  264M   56G   1% /home
tmpfs                   18G     0   18G   0% /run/user/1000
/dev/sdc1               11T  5.1T  5.3T  49% /mordor
tmpfs                   18G     0   18G   0% /run/user/1002

If the mount worked, I would have a filesystem like: /dev/sda1 . But I don't have it.

Code:

[root@localhost zillur]# lsblk 
NAME          MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
sda             8:0    0  14.6T  0 disk 
└─sda1          8:1    0  14.6T  0 part 
sdb             8:16   0 111.8G  0 disk 
├─sdb1          8:17   0     1G  0 part 
├─sdb2          8:18   0     1G  0 part /boot
└─sdb3          8:19   0 109.8G  0 part 
  ├─cl00-root 253:0    0    50G  0 lvm  /
  ├─cl00-swap 253:1    0     4G  0 lvm  [SWAP]
  └─cl00-home 253:2    0  55.8G  0 lvm  /home
sdc             8:32   0  10.9T  0 disk 
└─sdc1          8:33   0  10.9T  0 part /mordor
sr0            11:0    1  1024M  0 rom  
sr1            11:1    1  1024M  0 rom

I tried "mount /dev/sda1 /gondor" but both in "df -h" and "lsblk" is showing that sda1 is not mounted. What should I do now?

Best Regards
Zillur

astrogeek · 04-12-2017, 07:39 PM

Well, edgardo cannot traverse /mordor, so it doesn't matter that some subdirectory belongs to them - they cannot get to it.

Code:

[root@localhost zillur]# ls -l / | grep "mordor"
drwx------.   4 zillur zillur 4096 Apr  6 21:02 mordor

[edgardo@localhost zillur]$ cd /mordor/
bash: cd: /mordor/: Permission denied

The trailing dot indicates other rules apply, ACL's, SE-Linux.

Can you show us a complete listing of / which includes gondor, and show the mount command used to mount sda1 to it, along with the prompt string (i.e. user context) and any messages that result.

zillur · 04-12-2017, 07:50 PM

Thank you very much for your reply. So how can I give permission to this user and others to use /mordor/mar_27_backup/user directory?
The mount command I used:

Code:

mount /dev/sda1 /gondor/

and it does not give any error message.

Code:

[root@localhost zillur]# ls /
1    boot  etc     home  lib64  mnt     opt   root  sbin  sys  usr
bin  dev   gondor  lib   media  mordor  proc  run   srv   tmp  var

Best Regards
Zillur

astrogeek · 04-12-2017, 08:07 PM

The 'x' in directory listings means the user or group can "traverse", or cross into the directory (for files it means "execute", but you cannot execute a directory - the meaning is different).

Here is an article, Understanding Linux File Permissions, hopefully it will provide the necessary background.

To allow all others to cross into some directory and access its contents, it and all parent directories back to / must generally have r-x for user, group and other.

To set this for a given directory, for example /mordor...

Code:

chmod 755 /mordor

astrogeek · 04-12-2017, 08:12 PM

How about the complete long listing...

Code:

ls -l /

And after mounting, how about...

Code:

ls -l /gondor/

zillur · 04-12-2017, 08:30 PM

Thank you very much. Here it is:

Code:

[root@localhost zillur]# ls -l /
total 24
-rw-r--r--.   1 root   root      0 Apr  5 13:54 1
lrwxrwxrwx.   1 root   root      7 Apr  5 13:36 bin -> usr/bin
dr-xr-xr-x.   4 root   root   4096 Apr 12 14:31 boot
drwxr-xr-x.  20 root   root   3720 Apr 12 14:30 dev
drwxr-xr-x. 133 root   root   8192 Apr 12 14:30 etc
drwxr-xr-x.   2 root   root      6 Apr  5 15:37 gondor
drwxr-xr-x.   5 root   root     50 Apr 12 13:10 home
lrwxrwxrwx.   1 root   root      7 Apr  5 13:36 lib -> usr/lib
lrwxrwxrwx.   1 root   root      9 Apr  5 13:36 lib64 -> usr/lib64
drwxr-xr-x.   2 root   root      6 Nov  5 11:38 media
drwxr-xr-x.   2 root   root      6 Nov  5 11:38 mnt
drwxr-xr-x.   4 zillur zillur 4096 Apr  6 21:02 mordor
drwxr-xr-x.   3 root   root     16 Apr  5 14:00 opt
dr-xr-xr-x. 290 root   root      0 Apr 12 14:30 proc
dr-xr-x---.   4 root   root    212 Apr  5 16:33 root
drwxr-xr-x.  36 root   root   1160 Apr 12 14:31 run
lrwxrwxrwx.   1 root   root      8 Apr  5 13:36 sbin -> usr/sbin
drwxr-xr-x.   2 root   root      6 Nov  5 11:38 srv
dr-xr-xr-x.  13 root   root      0 Apr 12 14:30 sys
drwxrwxrwt.  18 root   root   4096 Apr 12 21:27 tmp
drwxr-xr-x.  13 root   root    155 Apr  5 13:36 usr
drwxr-xr-x.  20 root   root    282 Apr 12 14:30 var

and:

Code:

[root@localhost zillur]# ls -l /gondor/
total 0

This is after mounting.

astrogeek · 04-12-2017, 08:33 PM

Hmmm... and as root:

Code:

fdisk -l /dev/sda

zillur · 04-12-2017, 08:34 PM

Thank you very much. Here it is:

Code:

[root@localhost zillur]# fdisk -l /dev/sda
WARNING: fdisk GPT support is currently new, and therefore in an experimental phase. Use at your own discretion.

Disk /dev/sda: 16000.9 GB, 16000900661248 bytes, 31251759104 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disk label type: gpt


#         Start          End    Size  Type            Name
 1         2048  31251759070   14.6T  Linux filesyste  
[root@localhost zillur]#

astrogeek · 04-12-2017, 09:38 PM

It had not registered with me that it is a GPT partitioned disk (my experience with those is still very limited).

So let's do that again with parted and post the output...

Code:

parted /dev/sda print

...and hope someone more knowledgable about mounting GPT partitions jumps in here.

But I don't think there should be any problem mounting it if the partition exists and is formatted. Mount should work as usual.

zillur · 04-13-2017, 08:44 AM

Thank you very much for your kind suggestions. Here it is:

Code:

[root@localhost zillur]# parted /dev/sda print
Model: LSI MR9361-8i (scsi)
Disk /dev/sda: 16.0TB
Sector size (logical/physical): 512B/4096B
Partition Table: gpt
Disk Flags: pmbr_boot

Number  Start   End     Size    File system  Name  Flags
 1      1049kB  16.0TB  16.0TB  ext4

and

Code:

[root@localhost zillur]# parted /dev/sdc print
Model: LaCie 2big v2 THB USB3 (scsi)
Disk /dev/sdc: 12.0TB
Sector size (logical/physical): 512B/4096B
Partition Table: gpt
Disk Flags: pmbr_boot

Number  Start   End     Size    File system  Name  Flags
 1      1049kB  12.0TB  12.0TB  ext4

Thanks again.
Best Regards
Zillur

zillur · 04-13-2017, 08:59 AM

Thank you very much. I had to edit the /etc/fstab file and then use the chmod 755 /directories. Now everything is working perfectly. Thanks again.

Best Regards
Zillur