Join Log in
Score:0
Pablo Matias Gomez avatar Server

stat Permission denied for user that belongs to the group

de flag
Pablo Matias Gomez

I installed nginx in a machine, and the site is not working because the user that nginx uses (www-data) doesn't have access to the folder with the site contents.

I decided to add the user www-data to the root group, which is the owner of this folder, but I still get Permission denied when trying to stat the folder.

the folder is located at /root/sources and here is the current permissions:

drwxr-xr-x 10 root root 4096 Feb 11 13:53 sources

(basically, for users in the group, it has read permissions)

I added the user to the group by running:

gpasswd -a www-data root

And ran the following to verify that it was added correctly:

root@pablomatiasgomez:~# grep www-data /etc/group
root:x:0:www-data
www-data:x:33:

Now, the typical issue with permissions is that any of the parents folder does not have the right permissions, but it my case they are correct:

root@pablomatiasgomez:~# sudo -u www-data stat /root
  File: /root
  Size: 4096        Blocks: 8          IO Block: 4096   directory
Device: fc01h/64513d    Inode: 1525        Links: 11
Access: (0700/drwx------)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2023-02-11 13:56:46.300094553 -0300
Modify: 2023-02-11 13:41:37.453201896 -0300
Change: 2023-02-11 13:41:37.453201896 -0300
 Birth: 2022-10-13 23:10:34.424934650 -0300
root@pablomatiasgomez:~# sudo -u www-data stat /root/sources
stat: cannot statx '/root/sources': Permission denied

I don't know what else could be wrong. I also tried adding write permissions to the group but it still getting the same.

514
1 + 0
Score:0
Pablo Matias Gomez avatar Server
de flag
Pablo Matias Gomez

Well, found the issue. Even though this command was showing that www-data had access to /root:

root@pablomatiasgomez:~# sudo -u www-data stat /root
  File: /root
  Size: 4096        Blocks: 8          IO Block: 4096   directory
Device: fc01h/64513d    Inode: 1525        Links: 11
Access: (0700/drwx------)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2023-02-11 13:56:46.300094553 -0300
Modify: 2023-02-11 13:41:37.453201896 -0300
Change: 2023-02-11 13:41:37.453201896 -0300
 Birth: 2022-10-13 23:10:34.424934650 -0300

It actually didn't (I don't know why stat works if it doesn't have access to it)

But checking the permissions of /root showed that the group didn't have any permissions on it:

drwx------  11 root root       4096 Feb 11 13:41 root

After adding read and execute permissions, everything worked fine:

chmod g+rx /root
+ 3
in flag
Gerald Schneider
Do not modify the permissions of the `/root` folder, they are restricted like that for security reasons. Instead, move your `sources` folder somewhere else.
0
Reply
in flag
Gerald Schneider
You were able to show the permissions of the `/root` folder because permissions on files and folders are stored in the parent folder, in this case `/`.
0
Reply
in flag
Gerald Schneider
And don't add www-data to the root group either, this opens security holes as well.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.