How to set permissions to use 'ls'

Question

I have a folder (which is owned by another user but the same group) and I want to view it's contents, but I always get the following error message:

"ls: cannot open directory .: Permission denied"

But the group has rwx-permissions!

Eg:

folder /var/log/somefolder is owned by www-data:www-data
user user1 belongs to group www-data (but this is not the main-group).

Which permissions do I have to set, that user1 is allowed to view the folders contents and write to it?

can you do a "ls -ld" for each parent folder in the directory tree, also, since adding that user to a group, did you open a new shell? Check "id " and see if said dir really is listed there — Petter H, Aug 19 '13 at 10:13
I used the same shell, id user1 includes 33(www-data) and ls -ld seems to work with each parent. — NaN, Aug 19 '13 at 10:26
To access that directory, www-data needs to be your primary group. The newgrp command temporarily changes your primary group to be www-data. — fpmurphy, Aug 19 '13 at 14:59

score 3 · Answer 1 · answered Aug 19 '13 at 10:26

3

The execute permission should be enough to list the directory content. But you have to make sure that all directories in the parent tree have execute permission as well, otherwise user1 can't traverse the tree down to this directory that you want to ls.

For example if you want to check the content of /var/www but you have no permissions on the directory /var, then you can't do ls /var/www because you can't walk the tree from / down to /var/www.

Another problem might be if SELinux is enabled. Is it enabled?

answered Aug 19 '13 at 10:26

replay

3,240
14
17

ls works in all parent directories perfectly, but not in the target dir! the parent dirs are owned by user1 only the target dir is owned by www-data. – NaN Aug 19 '13 at 10:50
What about SELinux? is it enabled? you can check by doing `sudo getenforce` – replay Aug 19 '13 at 10:52
Nope (sudo: getenforce: command not found) – NaN Aug 19 '13 at 11:10

ott-- · Accepted Answer · 2013-08-20T13:07:34.820

1

Edit

Obviously, you need to use newgrp www-data to make this supplementary group be your primary group. After this, you can ls that directory in question.

For me, it works without the newgrp:

$ ls -l
drwxr-x--- 2 root     adm          4096 Aug 19 14:26 ls-test
$ id
uid=1000(ott) gid=1000(ott) groups=1000(ott),4(adm),5000(vmail)
$ ls -l ls-test/
total 0
-rw-r--r-- 1 root root 0 Aug 19 14:26 xxx

What's your distribution, what version?

edited Aug 20 '13 at 13:07

answered Aug 19 '13 at 12:34

ott--

1,091
1
11
13

debian 6.0 (I know, not the newest version) – NaN Aug 19 '13 at 13:31
Mine is 6.0.7, rather old too. Can you put the output of `strace -v ls somedir` (the one that doesn't work) to http://pastebin.com or somwhere else? – ott-- Aug 19 '13 at 14:31

How to set permissions to use 'ls'

2 Answers2