4 replies to this topic

[jazzman1]

Hey friends,
Let's say that I have a premission sub-directory in /var/www/html.
That permission directory belongs to user, named "apache".

[root@localhost jazzman]# mkdir -p /var/www/html/permission
[root@localhost jazzman]# chown apache:apache -Rv /var/www/html/permission
changed ownership of `/var/www/html/permission' to apache:apache

[jazzman@localhost ~]$ ls -ld /var/www/html/permission/
drwxr-xr-x 2 apache apache 4096 Nov 25 12:42 /var/www/html/permission/

The user, named "apache" has a file in that directory, it's called - index.php

[root@localhost jazzman]# ls -la /var/www/html/permission/index.php
-rw-r--r-- 1 apache apache 28 Nov 25 12:42 /var/www/html/permission/index.php

I've changed a permission for group's apache on this directory.

[root@localhost jazzman]# chmod 0770 -Rv /var/www/html/permission/
mode of `/var/www/html/permission/' changed to 0770 (rwxrwx---)
mode of `/var/www/html/permission/index.php' changed to 0770 (rwxrwx---)

[root@localhost jazzman]# ls -la /var/www/html/permission/
total 12
drwxrwx--- 2 apache apache 4096 Nov 25 12:42 .
drwxrwxr-x. 12 root root 4096 Nov 25 12:37 ..
-rwxrwx--- 1 apache apache 28 Nov 25 12:42 index.php

Add a new user, named "jazzman" to apache group

[root@localhost jazzman]# usermod -G jazzman apache
[root@localhost jazzman]# id apache
uid=48(apache) gid=48(apache) groups=48(apache),500(jazzman)

The question is, why jazzman doesn't open the index.php file?

[jazzman@localhost ~]$ cat /var/www/html/permission/index.php
cat: /var/www/html/permission/index.php: Permission denied

EDIT: OS CentOS 6.3

Edited by jazzman1, 25 November 2012 - 01:01 PM.

[jazzman1]

I solved it, in fact it was very simple
When you added a new user to some particular group, you must log off then log on the new one.

Results:

[jazzman@localhost ~]$ ls -ld /var/www/html/permission/index.php
-rwxrwx--- 1 apache apache 9 Nov 25 19:05 /var/www/html/permission/index.php

[jazzman@localhost ~]$ cat /var/www/html/permission/index.php
<?php
echo 'Hello World';
?>

But, for a regular user named - "dummy", the access is still denied:

[dummy@localhost jazzman]$ cat /var/www/html/permission/index.php
cat: /var/www/html/permission/index.php: Permission denied

[Christian F.]

Just a little warning: You generally never want to set the first octet as it controls the sticky/set/restrict attributes:

The first digit selects the set user ID (4) and set group ID (2) and restricted deletion or sticky (1) attributes.

That's one of the reasons why I recommend using the modes method when using chmod. It's quite a lot easier to actually see what you're going to do with it:

// Adds read, write and execute permissions to the user and the group. No other changes.
chmod ug+rwx {file}

// Removes write permissions from others.
chmod o-w

// Sets read & write permissions to user, sets all other bits to 0.
chmod u=rw

You'll generally want to use the two first operators the most, for adding and removing specific rights. The last one is the same as specifying the octets manually.

However, your main issue is that you removed access to the folder for "others", and since "dummy" is neither the user "apache" or in the group "apache" the access is restricted to it and all of its files. You'll need at least execute permissions on a folder, if you want to enable other users to open files inside them. If you want them to be able to ls the folder itself, then you'll need to set the read bit too.

Edited by Christian F., 26 November 2012 - 08:57 AM.

[jazzman1]

You'll need at least execute permissions on a folder, if you want to enable other users to open files inside them. If you want them to be able to ls the folder itself, then you'll need to set the read bit too.

No, that wasn't my purpose, that's why their permissions are set to 0 (zero)

[Christian F.]

Ah, ok. I just noticed that you had indeed solved it. For some reason I missed the bit where you added a user to the group.
Sorry about the confusion.