0

I have this folder with these permissions:

jessie@services1:~$ ls -lisa /srv/
total 12
  1769 4 drwxr-xr-x  3 root root   4096 Nov  5 20:42 .    
     2 4 drwxr-xr-x 18 root root   4096 Oct 28 11:43 ..   
386699 4 drw-rw----  2 root docker 4096 Nov 17 20:03 vault

If I am correct I should be able to access the vault directory when I am in the group docker.

jessie@services1:~$ groups
jessie sudo www-data docker
jessie@services1:~$ id
uid=1000(jessie) gid=1001(jessie) groups=1001(jessie),27(sudo),33(www-data),998(docker)

But when I try to access the folder I get a permission denied

jessie@services1:~$ cat /srv/vault/docker-compose.yml 
cat: /srv/vault/docker-compose.yml: Permission denied

The permissions inside are also correct (I think):

root@services1:/home/jessie# ls -lisa /srv/vault/
total 12
386699 4 drw-rw---- 2 root docker 4096 Nov 17 20:03 .
  1769 4 drwxr-xr-x 3 root root   4096 Nov  5 20:42 ..
389900 4 -rw-rw---- 1 root docker  424 Nov 17 20:03 docker-compose.yml

Machine OS: Debian 10

I have tried logging out and back in but nothing seems to work. Do any of you know what I am doing wrong?

Jessie Liauw A Fong
  • 1

1 Answers1

1
386699 4 drw-rw----  2 root docker 4096 Nov 17 20:03 vault

No x in rw-rw---- for vault indicates the directory is not executable for anyone. The root user is not denied access though, regular users are.

You need the x bit to access files inside the directory. See:

chmod g+x vault is what you need. The resulting permissions will be rw-rwx---. It's somewhat unusual to have x for the owning group and not for the owning user; but since the owner is root, it won't matter much in this case.

In general (i.e. when the owner is not necessarily root) rwxrwx--- makes more sense than rw-rwx---, unless the owner has a reason to restrict access for himself. Note the owning user's permissions matter for the owner even if he's in the owning group.

Kamil Maciorowski
  • 81,893