Linux Permissions – How to Troubleshoot ‘Permission Denied’ Errors in Linux

file-permissionsuser-permissions

My question is concerning generic troubleshooting when getting 'permission denied' errors while accessing files as certain user and here is a specific example where I could use some extra help:

As a user 'builder' I have a folder 'repo' in my home dir that belongs to group 'builders'. It currently reads as follows:

$ pwd
/home/builder/repo
$ ls -la
total 4
drwxr-sr-x 2 builder builders  20 Jun  9 02:28 .
drwxr--r-- 4 builder builder  123 Jun  7 23:36 ..
-rw-rw-r-- 1 builder builders   5 Jun  9 02:18 status

So, I can see that everyone who is in the 'builders' group should be able to access that 'status' file. It should be noted, that as 'builder' user I can read it, file is not corrupted and readable, i.e. cat /home/builder/repo/status returns its contents.

However, for some reason I can't access it as another user – 'ec2-user' who happens to be in the builders group:

$ whoami
ec2-user
$ groups
ec2-user adm wheel systemd-journal docker builders
$ ls -la /home/builder/repo/status
ls: cannot access /home/builder/repo/status: Permission denied
$ cat /home/builder/repo/status
cat: /home/builder/repo/status: Permission denied

I'm obviously missing something, but I'm still stuck trying to answer why user belonging to the same group can't access that file. Is there something else that can tell me what I need to do (e.g. as superuser or owner) to properly grant group access permission to a dir/file – or just find out why read permissions not working for some user? The only answer I found for myself is just carefully inspecting ownership info and access control bits, but in the example above everything looks good.

Best Answer

You get the permission denied error because the /home/builder directory is missing the x (execution) bit for group and others. This prevents that group members and others can change into the /home/builder directory or access anything beneath.

Depending on what if that was just set accidentally, you could just add the x (execution) bit for group to /home/builder

chmod g+x /home/builder

If you want group members to only access subfolders and prevent them from listing the contents of /home/builder, you could add the x (execution) bit and remove the r (read) bit from the folder.

chmod g+x,g-r /home/builder

You also might want to change the permissions for o (others) as above or remove it completely.

For such problems namei is very helpful as it can display all the permissions of a file down the path. You should run that as a user that has access to get the desired output.

# namei -olm /tmp/test/testdir/status 
f: /tmp/test/testdir/status
dr-xr-xr-x root root /
drwxrwxrwt root root tmp
drwxr-x--x root root test
drwxr-xr-x root root testdir
-rw-r--r-- root root status

Best Answer

Related Solutions

Linux User and Permission Management within an AD Environment

Truecrypt & apache, how to manage the file permission

Related Topic