Saturday, November 28, 2015

Not able to access a folder with read and write permission for group



I can't access a directory that has both r permissions for the group my current user belongs to, in the others column, it has rw-



[ec2-user@host]$ ls -la
drwxrw-rw- 8 apache apache 4096 Nov 4 14:16 .git


[ec2-user@host]$ cd .git
-bash: cd: .git: Permission denied

[ec2-user@host]$ cat /etc/group |grep ec2-user
wheel:x:10:ec2-user
ec2-user:x:500:
apache:x:48:ec2-user



Why can't I descend into this directory?


Answer



In the Unix permissions model, in order to enter (descend into) a directory, you need (somewhat unintuitively) execute permission on the directory.



In order to list the files in a directory, you need read permission on the directory. (This can be conceptualized by considering a directory as a file that holds a list of other files and their locations. In fact, that's pretty much what a directory is at the conceptual level.)



It doesn't really make any sense to have read permission but not execute permission on a directory, but having execute permission without read permission has a valid use case (where you want to be able to access files knowing their names, but not to be able to enumerate the files).



Your directory is owned by user apache, group apache; judging by your prompt, you are ec2-user; those two are not the same. Hence, either group or other permissions apply. Based on your /etc/group snippet, ec2-user belongs to the apache group, so group permissions would apply. Group permissions is read and write, but not execute, and hence you cannot descend into the directory.




First, add some group execute permissions. Second, you might want to remove some write permissions. World writable is almost never what you want.



Note that in order to change the permissions on the directory, you need to have write permission to its parent directory. (So to change the permissions on ./.git, you need write permission to .. This works the same for files and directories alike.)


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...