Linux – Permission denied but group permissions look good on redhat

linuxpermissions

I have a user ftpadmin:

-bash-3.2$ id ftpadmin
uid=10001(ftpadmin) gid=2525(fsg) groups=2525(fsg),10005(git)

The important group to note is "git"

Then I have my git repository:

ls -al
drwxrwxr-x   7 git      git          4096 Apr 20 14:17 fsg

So ftpadmin is a member of git, and git has given all permissions to people in the group. Why do I see this when I login as ftpadmin:

-bash-3.2$ ls -al /home/git/
ls: /home/git/fsg: Permission denied
...

Seems like I should have permission…

Update
The permissions on /home/git are

drwxrw-rw-   6 git      git          4096 Apr 26 09:20 git

still looks good…

Update
New permissions on /home/git are:

drwxrwxrw-   6 git      git          4096 Apr 26 09:20 git

Permissions on /home/git/fsg are:

drwxrwxr-x   7 git      git          4096 Apr 20 14:17 fsg

However, I still get 

ls: /home/git/fsg: Permission denied
ls: /home/git/fsg: Permission denied

Best Answer

Wanted to give mpez0 a +1 specifically, for his answer "You need the group "x" bit set in the directory to allow group searches. The "rw-" permissions allow opening a file given its name (r) or creating a file (w), but not listing or searching the files (x)."

Its so easy to forget, and his solution is buried in the middle. This is definitely a problem for new Linux users with respects to file / directory permissions for users and groups.

Everything Avery said was right on the money, again wish I could give you a +1 as well.

Figure another more detailed example might help new Linux users (not looking for any credit, just providing another example for clarity). On my own pc I wanted to create an additional user for a specific development project. Was testing some SSH, SFTP issues between my machine and a co-located server out on the web. Got the same "Permission denied" error after setting everything up...and yes it looked correct except for the searching issue based on the permissions for other that mpez0 pointed out.

Note: For new Linux users, permissions are user, group, other or rwx, rwx, rwx respectively and would look like this 

drwxr-xr--   

user has read + write + execute, rwx 
group has only read and execute, r-x
other has only read acces r--

For 'other' we are reminded its NOT enough to find/search for the directory, thus the error message.

Here is what I did, (encountered the error message in step 6)

1) created a user, hoiuser (to see user information, you can use the finger cmd, "finger hoiuser" or read the 'cat /etc/passwd' file)

2) created a group, hoidevs (added user "hoiuser" to group)

root@zareason-breeze:/etc# cat group | grep hoidevs 
hoidevs:x:1010:userz,hoiuser

Remember you have to log off and log in again for the new “group” permissions to be associated with the Account ID.

3) chgrp hoidevs for directory /home/userz/data/Sites/hoi and created a place for the files 

hoiuser@zareason-breeze:/home/userz/data/Sites/hoi$ ls -alF
total 16
drwxr-xr-x  4 userz hoidevs  4096 2012-02-27 13:34 ./
drwxr-xr-x  2 userz userz 4096 2012-02-29 17:00 odt/
drwxrwxr-x  2 userz hoidevs  4096 2012-02-27 13:34 html/

4) Opened a Terminal Window, user userz was active

5) su - hoiuser (switched to user hoiuser)

6) Attempted to cd /home/userz/data/Sites 

hoiuser@zareason-breeze:/home/userz/data$ cd Sites
-su: cd: Sites: Permission denied    (voila, the problem)


userz@zareason-breeze:~/data/Sites$ ls -alF
total 60
drwxr-xr--  11 userz userz  4096 2012-02-24 16:20 ./
drwxr-xr-x   4 userz hoidevs   4096 2012-02-27 13:34 hoi/

7) Changed the permissions for Sites

userz@zareason-breeze:~/data/Sites$ chmod 755 .
userz@zareason-breeze:~/data/Sites$ ls -alF
total 60
drwxr-xr-x  11 userz userz  4096 2012-02-24 16:20 ./

And voila problem fixed....here is proof

hoiuser@zareason-breeze:/home/userz/data$ id
uid=1009(hoiuser) gid=1009(hoiuser) groups=1009(hoiuser),1010(hoidevs)

hoiuser@zareason-breeze:/home/userz/data$ cd Sites        (<- yea no error message)
hoiuser@zareason-breeze:/home/userz/data/Sites$ cd hoi
hoiuser@zareason-breeze:/home/userz/data/Sites/hoi$ ls -alF
total 16
drwxr-xr-x  4 userz hoidevs  4096 2012-02-27 13:34 ./
drwxr-xr-x 11 userz userz 4096 2012-02-24 16:20 ../
drwxr-xr-x  2 userz userz 4096 2012-02-29 17:00 odt/
drwxrwxr-x  2 userz hoidevs  4096 2012-02-27 13:34 html/

Even us experienced Linux/Unix users need a reminder now and again.

As was pointed out, it is not enough to just give the correct permissions to the directory where the files are, you also need to make sure all the directories leading up to that directory have the correct permissions, especially the ability for "other" to "search" and look for the directory and the files. Hardly intuitive when x means execute, right.

My subdirectory structure was: /home/userz/data/Sites/hoi/html/

Starting from home

userz@zareason-breeze:~$ pwd
/home

This was my directory structure BEFORE the chmod

drwxr-xr-x  13 root root     4096 2012-02-29 14:51 home/
drwxr-xr-x 88 userz userz 4096 2012-02-29 17:07 userz/
drwxr-xr-x 476 userz userz    20480 2012-02-26 16:08 data/
drwxr-xr--  11 userz userz     4096 2012-02-24 16:20 Sites/    (<-- Do you see it, other is r--)
drwxr-xr-x   4 userz hoidevs   4096 2012-02-27 13:34 hoi/
drwxrwxr-x  2 userz hoidevs  4096 2012-02-27 13:34 html/

This was my directory structure AFTER the chmod

drwxr-xr-x  13 root root     4096 2012-02-29 14:51 home/
drwxr-xr-x 88 userz userz 4096 2012-02-29 17:07 userz/
drwxr-xr-x 476 userz userz    20480 2012-02-26 16:08 data/
drwxr-xr-x  11 userz userz     4096 2012-02-24 16:20 Sites/      (<-- Fixed by the chmod > 755 ., now r-x)
drwxr-xr-x   4 userz hoidevs   4096 2012-02-27 13:34 hoi/
drwxrwxr-x  2 userz hoidevs  4096 2012-02-27 13:34 html/

Note the only change was the r-x permissions for 'other' for the directory 'Sites'. Hope this helps others, it was a good refresher for me.

Related Topic