My question is concerning generic troubleshooting when getting 'permission denied' errors while accessing files as certain user and here is a specific example where I could use some extra help:
As a user 'builder' I have a folder 'repo' in my home dir that belongs to group 'builders'. It currently reads as follows:
$ pwd
/home/builder/repo
$ ls -la
total 4
drwxr-sr-x 2 builder builders 20 Jun 9 02:28 .
drwxr--r-- 4 builder builder 123 Jun 7 23:36 ..
-rw-rw-r-- 1 builder builders 5 Jun 9 02:18 status
So, I can see that everyone who is in the 'builders' group should be able to access that 'status' file. It should be noted, that as 'builder' user I can read it, file is not corrupted and readable, i.e. cat /home/builder/repo/status
returns its contents.
However, for some reason I can't access it as another user – 'ec2-user' who happens to be in the builders group:
$ whoami
ec2-user
$ groups
ec2-user adm wheel systemd-journal docker builders
$ ls -la /home/builder/repo/status
ls: cannot access /home/builder/repo/status: Permission denied
$ cat /home/builder/repo/status
cat: /home/builder/repo/status: Permission denied
I'm obviously missing something, but I'm still stuck trying to answer why user belonging to the same group can't access that file. Is there something else that can tell me what I need to do (e.g. as superuser or owner) to properly grant group access permission to a dir/file – or just find out why read permissions not working for some user? The only answer I found for myself is just carefully inspecting ownership info and access control bits, but in the example above everything looks good.
Best Answer
You get the permission denied error because the
/home/builder
directory is missing thex
(execution) bit for group and others. This prevents that group members and others can change into the/home/builder
directory or access anything beneath.Depending on what if that was just set accidentally, you could just add the
x
(execution) bit for group to/home/builder
If you want group members to only access subfolders and prevent them from listing the contents of
/home/builder
, you could add thex
(execution) bit and remove ther
(read) bit from the folder.You also might want to change the permissions for
o
(others) as above or remove it completely.For such problems
namei
is very helpful as it can display all the permissions of a file down the path. You should run that as a user that has access to get the desired output.