stat Permission denied for user that belongs to the group

Question

I installed nginx in a machine, and the site is not working because the user that nginx uses (www-data) doesn't have access to the folder with the site contents.

I decided to add the user www-data to the root group, which is the owner of this folder, but I still get Permission denied when trying to stat the folder.

the folder is located at /root/sources and here is the current permissions:

drwxr-xr-x 10 root root 4096 Feb 11 13:53 sources

(basically, for users in the group, it has read permissions)

I added the user to the group by running:

gpasswd -a www-data root

And ran the following to verify that it was added correctly:

root@pablomatiasgomez:~# grep www-data /etc/group
root:x:0:www-data
www-data:x:33:

Now, the typical issue with permissions is that any of the parents folder does not have the right permissions, but it my case they are correct:

root@pablomatiasgomez:~# sudo -u www-data stat /root
  File: /root
  Size: 4096        Blocks: 8          IO Block: 4096   directory
Device: fc01h/64513d    Inode: 1525        Links: 11
Access: (0700/drwx------)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2023-02-11 13:56:46.300094553 -0300
Modify: 2023-02-11 13:41:37.453201896 -0300
Change: 2023-02-11 13:41:37.453201896 -0300
 Birth: 2022-10-13 23:10:34.424934650 -0300
root@pablomatiasgomez:~# sudo -u www-data stat /root/sources
stat: cannot statx '/root/sources': Permission denied

I don't know what else could be wrong. I also tried adding write permissions to the group but it still getting the same.

score 0 · Accepted Answer · answered Feb 11 '23 at 22:04

0

Well, found the issue. Even though this command was showing that www-data had access to /root:

root@pablomatiasgomez:~# sudo -u www-data stat /root
  File: /root
  Size: 4096        Blocks: 8          IO Block: 4096   directory
Device: fc01h/64513d    Inode: 1525        Links: 11
Access: (0700/drwx------)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2023-02-11 13:56:46.300094553 -0300
Modify: 2023-02-11 13:41:37.453201896 -0300
Change: 2023-02-11 13:41:37.453201896 -0300
 Birth: 2022-10-13 23:10:34.424934650 -0300

It actually didn't (I don't know why stat works if it doesn't have access to it)

But checking the permissions of /root showed that the group didn't have any permissions on it:

drwx------  11 root root       4096 Feb 11 13:41 root

After adding read and execute permissions, everything worked fine:

chmod g+rx /root

answered Feb 11 '23 at 22:04

Pablo Matias Gomez

101
3

Do not modify the permissions of the `/root` folder, they are restricted like that for security reasons. Instead, move your `sources` folder somewhere else. – Gerald Schneider Feb 12 '23 at 06:27
You were able to show the permissions of the `/root` folder because permissions on files and folders are stored in the parent folder, in this case `/`. – Gerald Schneider Feb 12 '23 at 06:28
And don't add www-data to the root group either, this opens security holes as well. – Gerald Schneider Feb 12 '23 at 06:30

stat Permission denied for user that belongs to the group

1 Answers1