Join Log in
Score:0
avatar Ubuntu

Permission denied for user who owns the file and the directory

cn flag
Rusty Weber

User www-data, owns the "/shared/data" directory, and full permissions are graned to the "/shared" directory.

root@cloud:/shared# ls -al
total 28
drwxrwxrwx  4 root     root     4096 Sep 16 19:06 .
drwxr-xr-x 21 root     root     4096 Sep 16 00:44 ..
drwxrwx--- 21 www-data www-data 4096 Nov  7 16:02 data
drwxrwxrwx  2 root     root     4096 Sep 16 00:22 @Recycle

root@cloud:/# ls -al /
...
drwxrwxrwx   4 root root       4096 Sep 16 19:06 shared
...

There are no files owned by any other user in this directory.

for i in $(find /shared/data); do stat -c "%U %G" ''"$i"'' >> /tmp/output.txt; done
cat /tmp/output.txt | sort -u
www-data www-data

Selinux is set to permissive.

However, when I run:

root@cloud:/shared# sudo -u www-data ls -al /shared/
ls: cannot open directory '/shared/': Permission denied
root@cloud:/shared# sudo -u www-data ls -al /shared/data/
ls: cannot access '/shared/data/': Permission denied

The location "/shared" is mounted VIA NFS using the following entry in "/etc/fstab".

server.fully.qualified.domain:/shared/data /shared/ nfs4 _netdev,nofail,rw  0   0

What in the world is going on here? This was actually working a couple of weeks ago and I didn't change anything of import.

Audit log shows nothing of interest, syslog shows nothing of interest, dmesg shows nothing of interest.

Pathllld shows:

root@cloud:/# sudo -u www-data /pathlld/pathlld /shared/data/
drwxr-xr-x 22 root root 4096 Nov  7 23:23 /
/dev/mapper/ubuntu--vg-ubuntu--lv on / type ext4 (rw,relatime)
drwxrwxrwx 4 root root 4096 Sep 16 19:06 /shared
server.fully.qualified.domain:/shared/data on /shared type nfs4 (rw,relatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=192.168.1.4,local_lock=none,addr=192.168.1.2,_netdev)
/bin/ls: cannot access '/shared/data': Permission denied

root@cloud:/# sudo -u www-data /pathlld/pathlld /shared
drwxr-xr-x 22 root root 4096 Nov  7 23:23 /
/dev/mapper/ubuntu--vg-ubuntu--lv on / type ext4 (rw,relatime)
drwxrwxrwx 4 root root 4096 Sep 16 19:06 /shared
server.fully.qualified.domain:/shared/data on /shared type nfs4      (rw,relatime,vers=4.2,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=192.168.1.4,local_lock=none,addr=192.168.1.2,_netdev)
273
0 + 0
in flag
matigo
Is this directory on [the CIFS share](https://askubuntu.com/q/1372778/1222991) that you asked about a few days back? If so, what is the host OS of that other system?
0
Reply
waltinator avatar
it flag
waltinator
Explore your Mount/Read/Write/Execute problems with `https://github.com/waltinator/pathlld`, a `bash` script to show the permissions, mount options along the path to an object or objects.
1
Reply
cn flag
Rusty Weber
@matigo, This is actually a personal project while the other one is more of a work/school related thing. The location "/shared/data" is actually an NFS share. Updated question.
0
Reply
WinEunuuchs2Unix avatar
in flag
WinEunuuchs2Unix
I think I'm missing something because the command prompt changes between: `root@cloud:/shared# ls -al` and `$ls -al /` for no apparent reason. Were commands left out in between?
0
Reply
cn flag
Rusty Weber
@WinEunuuchs2Unix, Just redacted information so as to not expose any security information.
0
Reply
cn flag
Rusty Weber
@waltinator, added pathlld information.
0
Reply
Score:0
avatar Ubuntu
cn flag
Rusty Weber

The answer to this is that there is a security function in NFS where the user permissions are checked on the NFS server as well as the client. Adding a www-data user to the server and making the user id's and the group id's match between the two servers makes it work again. Someone actually deleted the www-data user from the NFS server which made it all stop very suddenly when it had been working.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.