Group permissions: user can't access 770 directory even though a member of group
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Group permissions: user can't access 770 directory even though a member of group
I have 3 users that belong to 3 corresponding groups:
user-russia belongs to group-russia
user-belarus belongs to group-belarus
user-ukraine belongs to group-ukraine.
I also have 3 directories: russia (belongs to “user-russia”), belarus (belongs to “user-belarus”), ukraine (belongs to “user-ukraine”). Each of these directories has permissions rwxrwx--- (full permissions to members of group).
So if I login as user-russia, I can access directory “russia”, but cannot access the other two, and so on.
THE PROBLEM:
I also created “user-all”, and made it a member of groups group-russia, group-belarus and group-ukraine. I expected this user to have access to all 3 directories, since it belongs to all these groups, and each directory has full permissions for members of user group. Meanwhile, whenever I try to access ANY of these directories as “user-all”, I get “Permission denied”.
That should work.
Did you log in as user-all before you added that user to the 3 groups?
That would explain it - group membership is read at login.
If so, log out & log in again.
If not, or if that doesn't help, return with info about distro, desktop manager, pam, SE-Linux...
Last edited by pingu; 05-16-2012 at 11:05 AM.
Reason: Spelling
a user may belong to several groups, but actually it is only member of a given one and he can change this group (from the list)
So there is an actual group selected from the list, by default it is the primary group. If you want to change it you need to use the command newgrp <another group>.
You can check the actual settings by the command id, or by creating a file.
pan64, no.
I tried creating another directory, which is not home to any user, gave membership to "user-russia" and set permissions to 770. But I still can't access it with user-all.
-sh-3.2$ ls -la
total 20
drwxr-xr-x 5 root root 4096 May 16 14:19 .
drwxr-xr-x 20 root root 4096 May 16 10:03 ..
drwxrwx--- 2 user-belarus root 4096 May 16 12:44 belarus
drwxrwx--- 2 user-russia root 4096 May 16 12:44 russia
drwxrwx--- 2 user-ukraine root 4096 May 16 12:44 ukraine
Ha, look at that again: the 3 directories are group root!
They are owned by their respective user (user-belarus, user-russia & user-ukraine) but group is root!
So, "chgrp group-russia russia" etc and you're done!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.