Hi Linux gurus,
Short version of my question:
I have a directory that my primary group owns and the permission mask on this directory is rwxrwxr-x. Yet when I try to cd to this directory or ls it, I get permission denied. Why? And how to fix/work around this?
Now let me explain everything in great detail.
I am working on a backup script of my network attached storage called MyBook Live (or just mybook). This mybook is essentially a PPC Linux box running Debian Squeezy PPC. I have full root access to it via ssh.
There are two mybook users on this mybook device, let's call them tony and leslie. These users were created through mybook's web console. In practice it means that each user has a corresponding linux user created and also each user has his or her own share directory created (/shares/tony and /shares/leslie).
The primary group of both tony and leslie is share; and also the group owner of both /shares/tony and /shares/leslie is the same group share. However somehow tony has full access to /shares/tony but gets permission denied to /shares/leslie. And vice versa, leslie has full access to her own directory, but not to tony's one. If you don't believe me, here is some output from mybook:
Code:
# sudo -u tony bash
$ whoami
tony
$ id
uid=1000(tony) gid=1000(share) groups=33(www-data),1000(share)
$ cd /shares/
$ ls -l
drwxrwxr-x 16 nobody share 65536 Aug 18 10:00 Public
drwxrwxr-x 6 nobody share 65536 Aug 18 10:00 SmartWare
drwxrwxr-x 5 nobody share 65536 Oct 31 02:33 TimeMachine
drwxrwxr-x 10 nobody share 65536 Aug 17 16:30 leslie
drwxrwxr-x 15 nobody share 65536 Jan 12 18:50 tony
$ ls tony |cat
backup
music
work
<...>..
$ ls leslie |cat
ls: cannot open directory leslie: Permission denied
Also root user has full access to both tony's and leslie's directories.
\
I also created snother linux user pibackup, and I was planning to run my backup script on behalf of this user. The primary group of pibackup is share, but pibackup doesn't have access to either tony's or leslie's directories:
Code:
# sudo -u pibackup bash
$ whoami
pibackup
$ id
uid=1100(pibackup) gid=1000(share) groups=1000(share)
$ cd /shares
$ ls tony leslie
ls: cannot open directory leslie: Permission denied
ls: cannot open directory tony: Permission denied
$
Correct me if I'm wrong, but this behavior cannot be explained by simple unix-style permissions. I have been investigating two additional theories, but neither of them led me to an explanation.
Theory #: ACLs. But I couldn't find any ACLs on these directories:
Code:
# getfacl tony
# file: tony
# owner: nobody
# group: share
user::rwx
group::rwx
other::r-x
Theory #2: selinux. I don';t know much about selinux, but it seems that it is turned off. Also none of selinux packages are installed (or mostly none, I haven't actually checked the entire list; but if I try apt-get install policycoreutils, it'd need to install 80+ new packages). Interestingly enough there is an empty /selinux/ directory in the root directory. But:
Code:
# getenforce
Disabled
Just in case, here is the output of my mount command:
Code:
# mount
/dev/md1 on / type ext3 (rw,noatime,nodiratime,barrier=1)
tmpfs on /lib/init/rw type tmpfs (rw,nosuid,mode=0755,size=5M)
proc on /proc type proc (rw,noexec,nosuid,nodev)
sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
udev on /dev type tmpfs (rw,mode=0755)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,size=5M)
devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=620)
tmpfs on /tmp type tmpfs (rw,size=100M)
/var/log on /var/log.hdd type none (rw,bind)
ramlog-tmpfs on /var/log type tmpfs (rw,size=20M)
/dev/sda4 on /DataVolume type ext4 (rw,noatime,nodiratime)
/DataVolume/cache on /CacheVolume type none (rw,bind)
/DataVolume/shares on /shares type none (rw,bind)
/DataVolume/shares on /nfs type none (rw,bind)
none on /sys/kernel/security type securityfs (rw)
rpc_pipefs on /var/lib/nfs/rpc_pipefs type rpc_pipefs (rw)
nfsd on /proc/fs/nfsd type nfsd (rw)
Any help would be greatly appreciated!
Just to reiterate my quesitons:
1. How to give pibackup access to these two directories?
2. Why this is happening? Or how did mybook's manufacturer do this?
Thanks!
Tony