4

I'm trying to give read permissions to lighttpd access logfiles to normal users which are on the same system. The permissions are currently:

-rw-r--r-- 1 www-data www-data 211K Feb 28 11:27 /var/log/lighttpd/access.log

So, if I understood correctly others have read permissions. Unfortunately this doesn't seem to work. If I try to read this file with an user account I get:

/var/log/lighttpd/access.log: Permission denied

I already tried to add the user to the group www-data which didn't work as well. Any hints what I'm doing wrong here?

NewProggie
  • 1,015
  • 1
  • 10
  • 24
  • is there anything like selinux running ? – exussum Feb 28 '14 at 12:40
  • @user1281385 Nope, the system is a simple Ubuntu 12.04. Selinux is not installed. – NewProggie Feb 28 '14 at 12:46
  • what does `lsattr /var/log/lighttpd/access.log` show – exussum Feb 28 '14 at 12:49
  • Output of `sudo lsattr /var/log/lighttpd/access.log` is `-------------e- /var/log/lighttpd/access.log` – NewProggie Feb 28 '14 at 12:51
  • Is the directory above accessible to your user? What are the permissions on `/var/log/lighthttpd`? – Arsen7 Feb 28 '14 at 12:58
  • @Arsen7 it shouldnt matter for read only. Is the user in group adm ? – exussum Feb 28 '14 at 13:00
  • Yes, the user is in `adm`. Groups reveal: `adm cdrom sudo dip plugdev lpadmin sambashare admin`. @Arsen7: The permissions on `/var/log/lighttpd` are www-data www-data – NewProggie Feb 28 '14 at 13:03
  • @user1281385 I'm not sure whether I understand properly, but I meant that if the user has no access to the directory containing the file (in this case: 'x' permission for 'others'), then he will still get the presented error. – Arsen7 Feb 28 '14 at 13:06
  • 1
    @NewProggie `www-data` is the user/group. Please, check whether there are three `x` in the first column of the `ls -ld /var/log/lighthttpd` – Arsen7 Feb 28 '14 at 13:08
  • @Arsen7: Well, yes, I've tried somewhat different before. I had given 655 permission to the file `/var/log/lighttpd/access.log`, but wasn't able to view the file. If I give 655 permissions to `/var/log/lighttpd` it is working. Thanks for your help. If you post this as an answer, I will accept it. – NewProggie Feb 28 '14 at 13:12

2 Answers2

6

To access a file, the system needs the execute permission on all the directories containing the file.

In this case it was necessary to issue the chmod o+x /var/log/lighthttps command (after making sure that the user belongs to the "other" part of the permission set).

The "execute" permission for a directory allows you to enter it. The "read" permission for the directory allows you to see the names of the files inside. The interesting thing is that you can give the x permission alone, what means that anyone can access the files inside, but he needs to know its names.

Arsen7
  • 12,522
  • 2
  • 43
  • 60
1

You might not have execute permission for the lighthttpd so the directory does not give the permission to access its containing file.

Use the command to set the execute permission to that directory.

chmod +x /var/log/lighthttpd
Q_SaD
  • 355
  • 1
  • 11