0

I have a folder that has permissions set to 2760. The folder seems to be owned by www-data user and group.

drwxrwS---  2 www-data www-data  196 Dec 5 19:52 folder

I added new user to www-data group, but it still cant access the folder without modifying permissions on the folder?

How can I modify the user to allow it to read that folder?

I tried re-logging in, but it still doesn't let the user view the folder.

I just need this user to be able to read / download the files from that folder.

UPDATE:

Added out put of:

getfacl folder

Output:

# file: folder
# owner: www-data
# group: www-data
# flags: -s-
user::rwx
group::rw-
other::---
Kalvin Klien
  • 911
  • 1
  • 12
  • 32
  • @fpmurphy I am not sure. What's the difference? I inherited this project and this was set up so general users were not able to see the files that contain DB connection data. I generally need this just to do incremental backups of the whole site so if something changes, I can see it in the logs. – Kalvin Klien Jan 14 '21 at 19:18
  • 1
    Also log in as the new user and run `id -gn` to check that the user is a member of the `www-data` group. – fpmurphy Jan 14 '21 at 19:19
  • @fpmurphy its showing only it's name. When I run groups it shows "user" and "www-data". Do I need to reboot the server or something? I tried to re-login into the website with the user, but that didnt seem to change anything. – Kalvin Klien Jan 14 '21 at 19:21
  • 1
    Long shot - please add output of `getfacl www-data` to your question. – fpmurphy Jan 14 '21 at 19:26
  • @fpmurphy is this a correct command?(getfacl www-data) Its saying "no such directory". getfacl does exist though. – Kalvin Klien Jan 14 '21 at 19:29
  • Add the output of the command on the folder in question. – Kalvin Klien Jan 14 '21 at 19:32

1 Answers1

1

With the mode 2760, resp. drwxrwS---, the group has permission to read and write the directory, but can not access anything inside the directory (because the executable bit is missing). You likely want to use 2770, resp. drwxrws--- instead.

The setgroup-id bit is not important when reading files as (in this case, i.e., when set on a directory), it affects the default group of newly created files within the directory. Instead of using the primary group of the current user, new files will be created with the group set to the group of the parent directory (if allowed)

With that being said, if you only want the owner to add files and members of the group to read files from the directory, you can simply use mode 0750, resp. rwxr-x--- on your directory.

Holger Just
  • 52,918
  • 14
  • 115
  • 123
  • I dont want to edit the permissions on the folder. Is there a way to change the user to give it ability to view / read folder contents? – Kalvin Klien Jan 14 '21 at 20:24
  • 1
    Well, the group has permission to read the directory (that is enumerate: the contents of the directory) but it does not have the permission to access any files or directories inside it. Thus, the only user who is currently able to read files inside the directory is the `www-data` user. You can either use the `www-data` user or change the permissions of the directory (which would be allowed to do by any user in the `www-data` group). – Holger Just Jan 15 '21 at 13:38