Permission denied but group permissions look good on redhat

Wanted to give mpez0 a +1 specifically, for his answer "You need the group "x" bit set in the directory to allow group searches. The "rw-" permissions allow opening a file given its name (r) or creating a file (w), but not listing or searching the files (x)."

Its so easy to forget, and his solution is buried in the middle. This is definitely a problem for new Linux users with respects to file / directory permissions for users and groups.

Everything Avery said was right on the money, again wish I could give you a +1 as well.

Figure another more detailed example might help new Linux users (not looking for any credit, just providing another example for clarity). On my own pc I wanted to create an additional user for a specific development project. Was testing some SSH, SFTP issues between my machine and a co-located server out on the web. Got the same "Permission denied" error after setting everything up...and yes it looked correct except for the searching issue based on the permissions for other that mpez0 pointed out.

Note: For new Linux users, permissions are user, group, other or rwx, rwx, rwx respectively and would look like this

drwxr-xr--   

user has read + write + execute, rwx 
group has only read and execute, r-x
other has only read acces r--

For 'other' we are reminded its NOT enough to find/search for the directory, thus the error message.

Here is what I did, (encountered the error message in step 6)

1) created a user, hoiuser (to see user information, you can use the finger cmd, "finger hoiuser" or read the 'cat /etc/passwd' file)

2) created a group, hoidevs (added user "hoiuser" to group)

root@zareason-breeze:/etc# cat group | grep hoidevs 
hoidevs:x:1010:userz,hoiuser 

Remember you have to log off and log in again for the new “group” permissions to be associated with the Account ID.

3) chgrp hoidevs for directory /home/userz/data/Sites/hoi and created a place for the files

hoiuser@zareason-breeze:/home/userz/data/Sites/hoi$ ls -alF
total 16
drwxr-xr-x  4 userz hoidevs  4096 2012-02-27 13:34 ./
drwxr-xr-x  2 userz userz 4096 2012-02-29 17:00 odt/
drwxrwxr-x  2 userz hoidevs  4096 2012-02-27 13:34 html/

4) Opened a Terminal Window, user userz was active

5) su - hoiuser (switched to user hoiuser)

6) Attempted to cd /home/userz/data/Sites

hoiuser@zareason-breeze:/home/userz/data$ cd Sites
-su: cd: Sites: Permission denied    (voila, the problem)


userz@zareason-breeze:~/data/Sites$ ls -alF
total 60
drwxr-xr--  11 userz userz  4096 2012-02-24 16:20 ./
drwxr-xr-x   4 userz hoidevs   4096 2012-02-27 13:34 hoi/

7) Changed the permissions for Sites

userz@zareason-breeze:~/data/Sites$ chmod 755 .
userz@zareason-breeze:~/data/Sites$ ls -alF
total 60
drwxr-xr-x  11 userz userz  4096 2012-02-24 16:20 ./

And voila problem fixed....here is proof

hoiuser@zareason-breeze:/home/userz/data$ id
uid=1009(hoiuser) gid=1009(hoiuser) groups=1009(hoiuser),1010(hoidevs)

hoiuser@zareason-breeze:/home/userz/data$ cd Sites        (<- yea no error message)
hoiuser@zareason-breeze:/home/userz/data/Sites$ cd hoi
hoiuser@zareason-breeze:/home/userz/data/Sites/hoi$ ls -alF
total 16
drwxr-xr-x  4 userz hoidevs  4096 2012-02-27 13:34 ./
drwxr-xr-x 11 userz userz 4096 2012-02-24 16:20 ../
drwxr-xr-x  2 userz userz 4096 2012-02-29 17:00 odt/
drwxrwxr-x  2 userz hoidevs  4096 2012-02-27 13:34 html/

Even us experienced Linux/Unix users need a reminder now and again.

As was pointed out, it is not enough to just give the correct permissions to the directory where the files are, you also need to make sure all the directories leading up to that directory have the correct permissions, especially the ability for "other" to "search" and look for the directory and the files. Hardly intuitive when x means execute, right.

My subdirectory structure was: /home/userz/data/Sites/hoi/html/

Starting from home

userz@zareason-breeze:~$ pwd
/home

This was my directory structure BEFORE the chmod

drwxr-xr-x  13 root root     4096 2012-02-29 14:51 home/
drwxr-xr-x 88 userz userz 4096 2012-02-29 17:07 userz/
drwxr-xr-x 476 userz userz    20480 2012-02-26 16:08 data/
drwxr-xr--  11 userz userz     4096 2012-02-24 16:20 Sites/    (<-- Do you see it, other is r--)
drwxr-xr-x   4 userz hoidevs   4096 2012-02-27 13:34 hoi/
drwxrwxr-x  2 userz hoidevs  4096 2012-02-27 13:34 html/

This was my directory structure AFTER the chmod

drwxr-xr-x  13 root root     4096 2012-02-29 14:51 home/
drwxr-xr-x 88 userz userz 4096 2012-02-29 17:07 userz/
drwxr-xr-x 476 userz userz    20480 2012-02-26 16:08 data/
drwxr-xr-x  11 userz userz     4096 2012-02-24 16:20 Sites/      (<-- Fixed by the chmod > 755 ., now r-x)
drwxr-xr-x   4 userz hoidevs   4096 2012-02-27 13:34 hoi/
drwxrwxr-x  2 userz hoidevs  4096 2012-02-27 13:34 html/

Note the only change was the r-x permissions for 'other' for the directory 'Sites'. Hope this helps others, it was a good refresher for me.

You have to have permissions on the directory that contains the file to get to the file. What are the permissions on /home/git? (yes, Zoredache, I gave you a +1 for pointing that out)

Follow-up: You need the execute (x) bit set for the group in order for that group to enter the directory. Think of it as a rough analog to the windows "Traverse Directory" setting. Without it, access will be denied for the group. If you're desperate, you can do:

chmod g+x /home/git
chmod g+x /home/git/fsg

Try the following and post the message from each:

cd /home
cd /home/git
cd /home/git/fsg

Each one of those should be accessable by ftpadmin. If any one of them isn't, then it will stop you from getting into /home/git/fsg.

Try logging in again, or running su - ftpadmin to login inside the current shell. Since groups are set when you log in, it might just be that you added so-and-so to a group but the old group settings are still being used.

After changing groups of an user X via root access, you must log out and log in again with that user X, otherwise new groups won't be taken into account