Join Log in
Score:0
theberzi avatar Ubuntu

Cannot cd into directory even though group has permissions

cn flag
theberzi

I'm aware that there are other similar questions, but nothing in there solved my issue.

gitlab-runner@my-machine:~$ groups
gitlab-runner my-user

gitlab-runner@my-machine:~$ sudo ls -l /home
total 16
drwxrwsr-x+ 16 my-user my-user 4096 Feb 13 09:22 my-user
# ... other users' homes omitted ...

gitlab-runner@my-machine:~$ sudo ls -l /home/my-user
total 528
drwsrws---+ 4 my-user my-user 4096 Jun  7  2020 my-dir
# ... irrelevant files omitted ...

gitlab-runner@my-machine:~$ sudo ls -l /home/my-user/my-dir
total 48
drwxrwsr-x+ 7 my-user my-user 4096 Aug 12  2021 my-dir
drwxrwsr-x+ 6 my-user my-user 4096 Jun  7  2020 venv

gitlab-runner@my-machine:~$ cd /home/my-user/my-dir
-bash: cd: /home/my-user/my-dir: Permission denied

The user is a member of the group, the group has read and execute permissions on the target folder and the home it's contained in, and yet the user cannot cd into it. I have also tried logout and then sudo - gitlab-runner again, but it still doesn't work. Why?

I'm unsure why the x bit shows s and I can't find an explanation anywhere. Maybe that's relevant but I don't know what it means nor how to change it, since sudo chmod g+x doesn't change it.

35
0 + 0
cn flag
Ray
The `s` is the SetUID, SetGID, etc. bit. You can read about it in many places, such as [this](https://www.geeksforgeeks.org/setuid-setgid-and-sticky-bits-in-linux-file-permissions) link. As for your problem, why don't you take it a bit at a time? `cd` into `/home`, then `/home/my-user`, etc. Let's see where it gets to. Also, why are you doing `sudo - gitlab-runner`? Does that user not have a password that you can log in with?
0
Reply
raj avatar
cn flag
raj
There is a `+` sign after permissions field shown for each one of the directories, which means that additional permissions are set using ACLs. These may override the "basic" permissions. Check with `sudo getfacl pathname` for each directory. As for the `s` bit on group, it means that the files/subdirs created in directory will have group set to directory's group regardless of who creates them. You can remove this with `sudo chmod g-s pathname`.
3
Reply
theberzi avatar
cn flag
theberzi
@Ray i meant `su - gitlab-runner`, not `sudo`. My bad.
0
Reply
Score:1
theberzi avatar Ubuntu
cn flag
theberzi

It turns out that I had ACLs set for that folder, as @raj correctly pointed out in the comments.

I was under the mistaken impression that ACL permissions would be ORed to the permission bits, whereas instead they entirely override them. My ACL for the directory had rw- permissions, the x bit was missing, and so I had no permissions to cd there with that user.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.