Thursday, 18 April 2013

Home » , » Check permissions for intermediate directories on Linux/UNIX when troubleshooting permission problems

Check permissions for intermediate directories on Linux/UNIX when troubleshooting permission problems

By No comments
I've seen several Linux/UNIX system administrators struggle with a scenario like this one:
A user reports to the administrator they are trying to "cd" in to a directory but keep getting permission denied:
$ cd /tmp/level1/level2/level3/level4/level5/level6
ksh: /tmp/level1/level2/level3/level4/level5/level6: Permission denied.
As the root user, the administartor checks the permissions on the directory:
# ls -ald /tmp/level1/level2/level3/level4/level5/level6
drwxrwxrwx    2 root     system          256 Dec 19 20:11 /tmp/level1/level2/level3/level4/level5/level6
The administrator see's the permissions are rwxrwxrwx (777) and can't figure out why the user is getting a permission denied message when they try to CD in to the directory.

What is going on here?   In order for a user to CD in to any directory on the system, they must also have at least read and execute permissions on EVERY parent directory all the way down to the root of the filesystem (/).

So in the example above the user can't access the directory because they don't have read and execute permissions on one of the parent directories.

An easy way to quickly see all the parent directory permissions is to run this one-liner as root (change the dir= to the directory you would like to check)

dir=/tmp/level1/level2/level3/level4/level5/level6; while [ "$dir" != "/" ]; do ls -ald $dir; dir=`dirname $dir`; done

When I run this in this example scenario, I get this output:
# dir=/tmp/level1/level2/level3/level4/level5/level6; while [ "$dir" != "/" ]; do ls -ald $dir; dir=`dirname $dir`; done
drwxrwxrwx    2 root     system          256 Dec 19 20:11 /tmp/level1/level2/level3/level4/level5/level6
drwxr-xr-x    3 root     system          256 Dec 19 20:11 /tmp/level1/level2/level3/level4/level5
drwxr-xr-x    3 root     system          256 Dec 19 20:11 /tmp/level1/level2/level3/level4
drwx------    3 root     system          256 Dec 19 20:11 /tmp/level1/level2/level3
drwxr-xr-x    3 root     system          256 Dec 19 20:11 /tmp/level1/level2
drwxr-xr-x    3 root     system          256 Dec 19 20:11 /tmp/level1
drwxrwxrwt   17 bin      bin            4096 Dec 19 20:25 /tmp
And I can quickly see the reason the user can't access  /tmp/level1/level2/level3/level4/level5/level6 is because the permissions on /tmp/level1/level2/level3 are too restrictive.  

0 blogger-disqus:

Post a Comment