Can't touch/connect to a unix socket from the same group

Question

sudo ls -la /var/lib/redis/6379/ produces:

drwxrwxr-x 2 redis redis    4096 Nov 28 23:10 .
drwx-w---- 3 redis redis    4096 Nov 22 00:10 ..
srwxrwx--- 1 redis redis       0 Nov 28 23:10 redis.sock

Great, now sudo groups www-data produces:

www-data : www-data redis

OK, but then sudo -u www-data -g www-data touch /var/lib/redis/6379/redis.sock causes the following error:

touch: cannot touch ‘/var/lib/redis/6379/redis.sock’: Permission denied

This shouldn't happen to my understanding. Can someone point out where I'm completely wrong? The following doesn't work either with the same error (which is what I'm actually interested in):

sudo -u www-data -g www-data redis-cli -s /var/lib/redis/6379/redis.sock with

Could not connect to Redis at /var/lib/redis/6379/redis.sock: Permission denied

This is on Debian 8.2.

@Nik this is Debian, I think it's disabled by default - not sure how to check? `/etc/sysconfig/selinux` doesn't exist. — Cenoc, Nov 29 '15 at 16:11

Cenoc · Accepted Answer · 2015-11-29T22:38:51.087

1

Turns out it was the grandparent missing the x-bit. Now no permission issues!

edited Nov 29 '15 at 22:38

answered Nov 29 '15 at 20:39

Cenoc

217
1
12

2

What do you mean by the "grandparent"? I'm having this exact same issue with my socket in `/var/run/redis/redis.sock` - redis.sock has 770 permissions, and the parent dir (`/var/run/redis`) has 775 and both /var and /var/run have global execute permissions. – Andy Nov 08 '17 at 12:25
1

As I have observed, to use a UNIX socket, user needs rw permission for the socket itself and also posses execute (x) permission for all the parent folders of the socket. – ravinsp Jun 15 '21 at 11:18

Can't touch/connect to a unix socket from the same group

1 Answers1