Permission Denied with ls -l or ls -la but ls ok

StupidNewbie · 03-01-2011, 01:51 PM

Hello.

I have a user (let's call him John) who is not able to list contents of several 777 directories even though it appears he has permission to.

Case in point, as root:

Code:

server:/media # cd nss
server:/media/nss # ls -la
total 20
drwxr-xr-x 8 root root 4096 Nov 16 14:58 .
drwxr-xr-x 3 root root 4096 Feb  1 16:08 ..
drwxrwxrwx 1 root root    0 Jan 20 09:34 DOCUCTR
drwxrwxrwx 1 root root    0 Jan 20 09:34 ENG
drwxrwxrwx 1 root root    0 Feb 10 11:31 QIS
drwxrwxrwx 1 root root    0 Jul 22  2010 VOL1
drwxrwxrwx 3 root root 4096 Jul 19  2010 VOL1_SAVE
drwxrwxrwx 1 root root    0 Feb  8 10:43 VOL4
-rw-r--r-- 1 root root    6 May 25  2010 ncpcon.err
-rw-r--r-- 1 root root   77 May 25  2010 nul
server:/media/nss #

as john:

Code:

johns@server:~> cd /media/nss
john@server:/media/nss> ls -la
/bin/ls: QIS: Permission denied
/bin/ls: VOL4: Permission denied
/bin/ls: ENG: Permission denied
/bin/ls: DOCUCTR: Permission denied
/bin/ls: VOL1: Permission denied
total 20
drwxr-xr-x 8 root root 4096 2010-11-16 14:58 .
drwxr-xr-x 3 root root 4096 2011-02-01 16:08 ..
-rw-r--r-- 1 root root    6 2010-05-25 16:13 ncpcon.err
-rw-r--r-- 1 root root   77 2010-05-25 16:13 nul
drwxrwxrwx 3 root root 4096 2010-07-19 11:23 VOL1_SAVE
john@server:/media/nss>

If I use ls -a or strictly ls as john, I can list the contents of the nss directory:

Code:

john@server:/media/nss> ls -a
.  ..  DOCUCTR  ENG  ncpcon.err  nul  QIS  VOL1  VOL1_SAVE  VOL4

That says to me that I have an issue listing permissions. Fine, I don't really need john to be able to list permissions. I want him to have rwx access to /media/nss/ENG which as you can see from my listing as root shouldn't be a problem since the perms on that dir are 777.

I am able to CD into the ENG directory or any other directory or subdirectory in /media/nss that has equivalent 777 perms, but once in the directories I can't list the contents:

Code:

john@server:/media/nss> cd ENG
john@server:/media/nss/ENG> ls
/bin/ls: .: Permission denied
john@server:/media/nss/ENG> ls -a
/bin/ls: .: Permission denied
john@server:/media/nss/ENG> ls -la
/bin/ls: .: Permission denied
john@server:/media/nss/ENG> ls -l
/bin/ls: .: Permission denied
john@server:/media/nss/ENG> cd ../VOL1
john@server:/media/nss/VOL1> ls
/bin/ls: .: Permission denied
john@server:/media/nss/VOL1> cd ../
john@server:/media/nss>

I can get anywhere and do anything I want under the media/nss folder as john, except listing files. I even tried using an ACL i.e.

Code:

setfacl -R -m u:john:rwx nss

Any ideas why this isn't working? Thanks!

Snark1994 · 03-01-2011, 02:24 PM

I don't know, but all the directories that john can't access have a size of 0, according to root's "ls -l"... Perhaps that's something to do with it?

PrinceCruise · 03-01-2011, 02:52 PM

Hmmm, the directories are of size 0 where it can not list anything, strange, and if you get in what it's gonna list?

StupidNewbie · 03-01-2011, 03:18 PM

There are hundreds of files and directories within /ENG and all the volumes. I can see all of it as root. The /ENG and other similar volumes are actually our company network drives and people access them every day from Windows PCs, but this particular user needs to access them from Ubuntu over an SSH session and can't seem to get access.

Reuti · 03-01-2011, 04:03 PM

Can you `stat` for example VOL1 from the root account? What is it saying?

Edit: The .../ENG and so on are local on this machine or mounted from somewhere?

SL00b · 03-01-2011, 04:10 PM

If these are network drives, then it's likely that it's the other side that is denying access. How are you handling authentication to the mounts?

StupidNewbie · 03-03-2011, 02:48 PM

Authentication is handled by Novell eDirectory if you are a Windows user. In John's case, I am just using an SSH session direct to the server and logging in as John@server with his standard Linux password (in other words, the password that lives in /etc/passwd). He is using Ubuntu 10.10 so I figured it would be easier this way. He can access the server with no problem, just has this strange permissions issue.

SL00b · 03-03-2011, 03:25 PM

That explains how you're authenticating the user to the server, not the user to the mounts.

For example, I have this entry in an fstab:

Code:

//hostname/fileshare       /fileshare        cifs    credentials=/home/shareadmin/.smb_p
ass 0 0

And in that .smb_pass file:

Code:

username=shareuserid
password=dfg7kxf7563l

On the remote server, this is the owner of the filesystem, so the system mounts this filesystem as the owner, and anyone who has access to the server has full r-w-x access to any file in this filesystem, since they're inheriting the permissions of shareuserid. Not the most secure setup, but since almost nobody has access to the local server, it serves its purposes.

So...

How are you handling authentication/authorization for your mount?