Linux – `Permission Denied` to CD into a directory even though permissions are correct

linuxpermissions

This is so wierd. Logged in to a Linux (RHEL) box as a user 'g', doing an ls -lah shows

drwxrwxrwx 6 g    g    4.0K Jun 23 13:27 .
drwxrw-r-x 6 root root 4.0K Jun 23 13:15 ..
-rwxrw---- 1 g    g     678 Jun 23 13:26 .bash_history
-rwxrw---- 1 g    g      33 Jun 23 13:15 .bash_logout
-rwxrw---- 1 g    g     176 Jun 23 13:15 .bash_profile
-rwxrw---- 1 g    g     124 Jun 23 13:15 .bashrc
drw-r----- 2 g    g    4.0K Jun 23 13:25 .ssh

So the user 'g' in group 'g' /should/ be able to read and write to the .ssh directory but if I do ls -lah .ssh/ I get ls: .ssh/: Permission denied. I also get Permission denied if I try and cat any files in the directory

If I go in as root and change the permissions to 700, 744, 766 or anything as long as the 'user' permission is 7 it works and I can CD and LS the directory and files within.

id g returns

uid=504(g) gid=506(g) groups=506(g)

Edit:

I've copied these permissions exactly to another identical box and there is no issue. I can cd into a directory without execute permissions.

Best Answer

The directory will require the execute bit set in order for you to enter it. I don't know what you tested, but you cannot enter a directory without the execute bit, or read files in it:

$ mkdir foo
$ echo "baz" > foo/bar
$ chmod 660 foo
$ cd foo
bash: cd: foo: Permission denied
$ cat foo/bar
cat: foo/bar: Permission denied

That is, unless your process has the CAP_DAC_OVERRIDE POSIX capability set (like root has), which allows you to enter directories without the executable bit set, iirc.

Basically, you should try to keep you .ssh directory at 700, and everything in it at 600, just to be safe. The ssh man page gives per file instructions on the required ownerships and permission modes for files in ~/.ssh.

Related Topic