f



Directory/File Access

Question about directories/files, ownerships and permissions.....

Example Directory Structure:
/dir1/dir2/dir3/dir4/dir5/dir6/dir7/dir8/file

Vital Data:
DIRECTORY	PERMS	OWNERSHIP
/dir1   	555	root:root
....dir2		775	root:root
....dir3		775	per1:grp1
....dir4		775	per2:grp1
....dir5		775	per2:grp2
....dir6		775	per1:grp3
....dir7		555	per1:grp3
....dir8		775	per1:grp3

Person3 ("per3") has a primary group of "staff" and also belongs to
secondary groups of "grp2" and "grp3" but is NOT a member of "grp1".

Person3 ("per3") is able to "cd" to each of the directory levels from
/dir1 all the way down to /dir8.  This makes sense due to each
directory having "x" (execute) access.

I can understand why (based on the above perms and ownerships) that
Person3 is NOT able to touch a file in /dir1 thru /dir4 and also in
/dir7 by virtue of NOT being the owner and EITHER not belong to the
GROUP OR not having write access.

Person3 ("per3") is ONLY able to "touch" a file within /dir8.....It is
clear why Person3 IS able to "touch" a file in /dir8 due to being a
member of "grp3" AND having group permissions wide open.

However...

Person3 does not seem to have the ability to "touch" a file in /dir5 or
/dir6 for some reason, even though she is a member of "grp2" and "grp3"
AND the group permissions are also wide open.
What may be the cause of the last situation?

Thanks.

0
2/2/2005 9:02:25 PM
comp.unix.questions 2631 articles. 0 followers. Post Follow

8 Replies
365 Views

Similar Articles

[PageSpeed] 14

What are the permissions on the file she does not have the ability to
touch?

0
gbeeker (102)
2/3/2005 4:31:50 PM
RESgrignoli wrote:
> Question about directories/files, ownerships and permissions.....
>
> Example Directory Structure:
> /dir1/dir2/dir3/dir4/dir5/dir6/dir7/dir8/file
A side note: why is the structure so deep?
>
> Vital Data:
> DIRECTORY	PERMS	OWNERSHIP
> /dir1   	555	root:root
> ...dir2		775	root:root
> ...dir3		775	per1:grp1
> ...dir4		775	per2:grp1
> ...dir5		775	per2:grp2
> ...dir6		775	per1:grp3
> ...dir7		555	per1:grp3
> ...dir8		775	per1:grp3
>
> Person3 ("per3") has a primary group of "staff" and also belongs to
> secondary groups of "grp2" and "grp3" but is NOT a member of "grp1".
>
> Person3 ("per3") is able to "cd" to each of the directory levels from
> /dir1 all the way down to /dir8.  This makes sense due to each
> directory having "x" (execute) access.
>
> I can understand why (based on the above perms and ownerships) that
> Person3 is NOT able to touch a file in /dir1 thru /dir4 and also in
> /dir7 by virtue of NOT being the owner and EITHER not belong to the
> GROUP OR not having write access.
>
> Person3 ("per3") is ONLY able to "touch" a file within /dir8.....It
is
> clear why Person3 IS able to "touch" a file in /dir8 due to being a
> member of "grp3" AND having group permissions wide open.
>
> However...
>
> Person3 does not seem to have the ability to "touch" a file in /dir5
or
> /dir6 for some reason, even though she is a member of "grp2" and
"grp3"
> AND the group permissions are also wide open.
> What may be the cause of the last situation?

Generally, file and directory permissions are tricky to understand, and
it seems you have a good start.

I'd say you have a file permission issue, but I can't say for sure
until I see the file permissions that she is trying to touch.
 For example: -rw-r-----   1 root     staff          2960 Dec 13 2000
x0040

0
gbeeker (102)
2/3/2005 5:27:26 PM
I guess I should clarify what I mean by "touch".  In this particular
case, the file does NOT yet exist; therefore, when one touches a file,
it is essentially the same as "cat /dev/null > filename".  That being
said, the permissions and ownerships of the directories above AND that
which holds the file are already provided.

To further clarify (in case anyone asks), it is not the intention for
the user to "simply" touch an empty file, but only serves as an
example.  The person is actually attempting to create a file in the
directory WITH DATA.

Richard




Greg Beeker wrote:
> RESgrignoli wrote:
> > Question about directories/files, ownerships and permissions.....
> >
> > Example Directory Structure:
> > /dir1/dir2/dir3/dir4/dir5/dir6/dir7/dir8/file
> A side note: why is the structure so deep?
> >
> > Vital Data:
> > DIRECTORY	PERMS	OWNERSHIP
> > /dir1   	555	root:root
> > ...dir2		775	root:root
> > ...dir3		775	per1:grp1
> > ...dir4		775	per2:grp1
> > ...dir5		775	per2:grp2
> > ...dir6		775	per1:grp3
> > ...dir7		555	per1:grp3
> > ...dir8		775	per1:grp3
> >
> > Person3 ("per3") has a primary group of "staff" and also belongs to
> > secondary groups of "grp2" and "grp3" but is NOT a member of
"grp1".
> >
> > Person3 ("per3") is able to "cd" to each of the directory levels
from
> > /dir1 all the way down to /dir8.  This makes sense due to each
> > directory having "x" (execute) access.
> >
> > I can understand why (based on the above perms and ownerships) that
> > Person3 is NOT able to touch a file in /dir1 thru /dir4 and also in
> > /dir7 by virtue of NOT being the owner and EITHER not belong to the
> > GROUP OR not having write access.
> >
> > Person3 ("per3") is ONLY able to "touch" a file within /dir8.....It
> is
> > clear why Person3 IS able to "touch" a file in /dir8 due to being a
> > member of "grp3" AND having group permissions wide open.
> >
> > However...
> >
> > Person3 does not seem to have the ability to "touch" a file in
/dir5
> or
> > /dir6 for some reason, even though she is a member of "grp2" and
> "grp3"
> > AND the group permissions are also wide open.
> > What may be the cause of the last situation?
>
> Generally, file and directory permissions are tricky to understand,
and
> it seems you have a good start.
>
> I'd say you have a file permission issue, but I can't say for sure
> until I see the file permissions that she is trying to touch.
>  For example: -rw-r-----   1 root     staff          2960 Dec 13 2000
> x0040

0
2/20/2005 5:21:05 AM
As far as why the structure is so deep, we have numerous applications
running on these servers, and because of the nature of the
applications, it is not unusual for their directory structures to be
very detailed.  I agree that they sometimes go overboard, but
fortunately I'm just a Solaris Sys Admin and not working within the
applications department, especially WebSphere.

0
2/20/2005 5:24:53 AM
RESgrignoli wrote:
> Question about directories/files, ownerships and permissions.....
>
> Example Directory Structure:
> /dir1/dir2/dir3/dir4/dir5/dir6/dir7/dir8/file
>
> Vital Data:
> DIRECTORY	PERMS	OWNERSHIP
> /dir1   	555	root:root
> ...dir2		775	root:root
> ...dir3		775	per1:grp1
> ...dir4		775	per2:grp1
> ...dir5		775	per2:grp2
> ...dir6		775	per1:grp3
> ...dir7		555	per1:grp3
> ...dir8		775	per1:grp3
>
> Person3 ("per3") has a primary group of "staff" and also belongs to
> secondary groups of "grp2" and "grp3" but is NOT a member of "grp1".
<snip>
> Person3 ("per3") is ONLY able to "touch" a file within /dir8.....It
is
> clear why Person3 IS able to "touch" a file in /dir8 due to being a
> member of "grp3" AND having group permissions wide open.
>
> However...
>
> Person3 does not seem to have the ability to "touch" a file in /dir5
or
> /dir6 for some reason, even though she is a member of "grp2" and
"grp3"
> AND the group permissions are also wide open.
> What may be the cause of the last situation?
>
> Thanks.

I am on an AIX 5.1 system and tried to simulate your problem, with the
following results. I created a user (per3) and the directory structure:

$ ls -ld dir*
dr-xr-xr-x   3 root     system          512 Feb 21 17:22 dir1
drwxrwxr-x   2 root     system          512 Feb 21 17:23 dir2
drwxrwxr-x   2 root     grp1            512 Feb 21 17:23 dir3
drwxrwxr-x   2 root     grp1            512 Feb 21 17:23 dir4
drwxrwxr-x   2 root     grp2            512 Feb 21 17:26 dir5
drwxrwxr-x   2 root     grp3            512 Feb 21 17:29 dir6
dr-xr-xr-x   2 root     grp3            512 Feb 21 17:23 dir7
drwxrwxr-x   2 root     grp3            512 Feb 21 17:23 dir8

I was able to touch files in both dir5 and dir6:
$ touch dir5/tt
$ touch dir6/tt

$ id
uid=204(per3) gid=1(staff) groups=206(grp2),207(grp3)

It would help if you posted the perms for the dir5 and dir6 like I did,
and also the exact error message you are getting.

I think for the purpose of solving your problem, the structure is not
important, but only the individual directory perms.

0
gbeeker (102)
2/21/2005 10:39:13 PM
>From looking at your example, I sense that you are creating "dir1"
"dir2" "dir3" and so on IMMEDIATELY underneath the SAME upper
directory.....however, that is not how I was depicting it.....

According to my first example, the hierarchy was:
/dir1/dir2/dir3/dir4/dir5/dir6=AD/dir7/dir8/file

In other words, "dir1" is subordinate to the ROOT directory....."dir2"
is subordinate to "dir1"....."dir3" is subordinate to "dir2".....and so
on.....

0
3/11/2005 5:38:03 PM
Greg Beeker wrote:
> RESgrignoli wrote:
> > Question about directories/files, ownerships and permissions.....
> >
> > Example Directory Structure:
> > /dir1/dir2/dir3/dir4/dir5/dir6/dir7/dir8/file
> >
> > Vital Data:
> > DIRECTORY	PERMS	OWNERSHIP
> > /dir1   	555	root:root
> > ...dir2		775	root:root
> > ...dir3		775	per1:grp1
> > ...dir4		775	per2:grp1
> > ...dir5		775	per2:grp2
> > ...dir6		775	per1:grp3
> > ...dir7		555	per1:grp3
> > ...dir8		775	per1:grp3
> >
> > Person3 ("per3") has a primary group of "staff" and also belongs to
> > secondary groups of "grp2" and "grp3" but is NOT a member of
"grp1".
> <snip>
> > Person3 ("per3") is ONLY able to "touch" a file within /dir8.....It
> is
> > clear why Person3 IS able to "touch" a file in /dir8 due to being a
> > member of "grp3" AND having group permissions wide open.
> >
> > However...
> >
> > Person3 does not seem to have the ability to "touch" a file in
/dir5
> or
> > /dir6 for some reason, even though she is a member of "grp2" and
> "grp3"
> > AND the group permissions are also wide open.
> > What may be the cause of the last situation?
> >
> > Thanks.
>
> I am on an AIX 5.1 system and tried to simulate your problem, with
the
> following results. I created a user (per3) and the directory
structure:
>
> $ ls -ld dir*
> dr-xr-xr-x   3 root     system          512 Feb 21 17:22 dir1
> drwxrwxr-x   2 root     system          512 Feb 21 17:23 dir2
> drwxrwxr-x   2 root     grp1            512 Feb 21 17:23 dir3
> drwxrwxr-x   2 root     grp1            512 Feb 21 17:23 dir4
> drwxrwxr-x   2 root     grp2            512 Feb 21 17:26 dir5
> drwxrwxr-x   2 root     grp3            512 Feb 21 17:29 dir6
> dr-xr-xr-x   2 root     grp3            512 Feb 21 17:23 dir7
> drwxrwxr-x   2 root     grp3            512 Feb 21 17:23 dir8
>
> I was able to touch files in both dir5 and dir6:
> $ touch dir5/tt
> $ touch dir6/tt
>
> $ id
> uid=204(per3) gid=1(staff) groups=206(grp2),207(grp3)
>
> It would help if you posted the perms for the dir5 and dir6 like I
did,
> and also the exact error message you are getting.

If you are still having a question on the permissions, please post the
perms for dir5 and dir6, and the erorr message.

>
> I think for the purpose of solving your problem, the structure is not
> important, but only the individual directory perms.

0
gbeeker (102)
3/14/2005 4:01:43 PM
RESgrignoli wrote:
> >From looking at your example, I sense that you are creating "dir1"
> "dir2" "dir3" and so on IMMEDIATELY underneath the SAME upper
> directory.....however, that is not how I was depicting it.....

I know. The only way I can help you, is if you post the exact directory
permissions for the lowest dir (dir8 in your example).
Or post the entire structure if you prefer.

>
> According to my first example, the hierarchy was:
> /dir1/dir2/dir3/dir4/dir5/dir6=AD/dir7/dir8/file
>
> In other words, "dir1" is subordinate to the ROOT
directory....."dir2"
> is subordinate to "dir1"....."dir3" is subordinate to "dir2".....and
so
> on.....

I think for the purpose of solving your problem, the structure is not
important, but only the individual directory perms.

Please post the exact perms, and error message.

0
gbeeker (102)
3/14/2005 4:05:14 PM
Reply: