2

List all the file permission :

sudo ls -al /home/ftpuser
total 40
drwxr-x--- 6 ftpuser ftpuser 4096 Jul 24 11:32 .
drwxr-xr-x 5 root    root    4096 Jul 22 13:26 ..
-rwxr-x--- 1 ftpuser ftpuser  169 Jul 24 11:54 .bash_history
-rwxr-x--- 1 ftpuser ftpuser  220 Jul 22 13:26 .bash_logout
-rwxr-x--- 1 ftpuser ftpuser 3526 Jul 22 13:26 .bashrc
drwxr-x--- 4 ftpuser ftpuser 4096 Jul 22 13:36 .config
drwxr-x--- 3 ftpuser ftpuser 4096 Jul 22 13:27 ftp_dir
drwxr-x--- 3 ftpuser ftpuser 4096 Jul 22 13:43 home
-rwxr-x--- 1 ftpuser ftpuser  807 Jul 22 13:26 .profile
drwxr-x--- 2 ftpuser ftpuser 4096 Jul 24 11:29 .ssh

All directory and file are 750,i have already add debian into group ftpuser:

grep  'ftpuser'  /etc/group
ftpuser:x:1001:debian

groups ftpuser
ftpuser : ftpuser

Login as account debian:

debian@debian:~$ ls /home/ftpuser
ls: cannot open directory '/home/ftpuser': Permission denied

Why the user debian has no permission?

sudo chmod -R 770  /home/ftpuser
ls  /home/ftpuser
ls: cannot open directory '/home/ftpuser': Permission denied

Only 777 can work.

sudo chmod  -R  777  /home/ftpuser
ls  /home/ftpuser
ftp_dir  home

How many groups is debian already in?

groups debian
debian : debian cdrom floppy audio dip video plugdev netdev bluetooth lpadmin scanner ftpuser

Add extra info on the directory:

df  /home/ftpuser
Filesystem     1K-blocks     Used Available Use% Mounted on
/dev/sda1      767863552 26621992 702162752   4% /

sudo blkid | grep sda1 |cut -d ' ' -f 4
TYPE="ext4"


groups
debian cdrom floppy audio dip video plugdev netdev bluetooth lpadmin scanner ftpuser


namei -l /home/ftpuser
f: /home/ftpuser
drwxr-xr-x root    root    /
drwxr-xr-x root    root    home
drwxr-x--- ftpuser ftpuser ftpuser


getfacl /home/ftpuser
getfacl: Removing leading '/' from absolute path names


file: home/ftpuser


owner: ftpuser


group: ftpuser


user::rwx
group::r-x
other::---

More extra info:

debian@debian:~$ id debian
uid=1000(debian) gid=1000(debian) groups=1000(debian),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),108(netdev),114(bluetooth),120(lpadmin),123(scanner),1001(ftpuser)
debian@debian:~$ ls -aln /home/ftpuser
total 44
drwxr-x--- 6 1001 1001 4096 Jul 27 10:12 .
drwxr-xr-x 5    0    0 4096 Jul 27 21:09 ..
-rwxr-x--- 1 1001 1001  576 Jul 27 10:15 .bash_history
-rwxr-x--- 1 1001 1001  220 Jul 22 13:26 .bash_logout
-rwxr-x--- 1 1001 1001 3526 Jul 22 13:26 .bashrc
drwxr-x--- 4 1001 1001 4096 Jul 22 13:36 .config
drwxr-x--- 3 1001 1001 4096 Jul 22 13:27 ftp_dir
drwxr-x--- 3 1001 1001 4096 Jul 22 13:43 home
-rwxr-x--- 1 1001 1001  807 Jul 22 13:26 .profile
drwxr-x--- 2 1001 1001 4096 Jul 24 11:29 .ssh
debian@debian:~$ sudo grpck /etc/group
debian@debian:~$ 
cat /etc/group |grep ftpuser
ftpuser:x:1001:debian

enter image description here

enter image description here

harrymc
  • 498,455
showkey
  • 291

2 Answers2

2

A strange problem indeed. Everything looks fine and the access should work.

I found one way to reproduce this behaviour but it is very unlikely to be actually OPs problem.

All the output you provided shows user- and groupnames but Linux uses numerical ids internally. It is very unlikely but the mapping can fail.

With the following setup:

$ cat /etc/group
ftpuser:x:1000:
ftpuser:x:1001:debian
$ mkdir test
$ sudo chown ftpuser:ftpuser test
$ ls -l
drwxr-x--- 1 ftpuser ftpuser 0 Jul 26 23:00 test
$ groups debian
debian : ... ftpuser
$ sudo -u debian ls test
ls: cannot open directory 'test': Permission denied

This could happen because all commands always show the group name instead of id and none of them prints an error for the duplicated group. (the only command complaining was usermod with "Multiple entries named 'ftpuser' in /etc/group. Please fix this with pwck or grpck.")

What you can do to ensure that this is not your problem:

  • run id as user debian to see the gid it is assigned
  • run ls -aln /home/ftpuser to see what gid the directory is using
  • run grpck to check if your /etc/group is ok
Paul Pazderski
  • 251
0

The post as a whole, if we only take the information that we were given, just doesn't make sense. The problem is surely to do with badly configured user accounts, which can only happen with manual editing of /etc files.

Although the useradd program will not let you create a duplicate user name, it is possible for an administrator to manually edit the /etc/passwd file and change the user name.

My guess is that there are two ftpuser entries in /etc/passwd. I can't know the course of events, but evidently the output of ls is misleading.

The poster can verify it by running grep ftpuser /etc/passwd.

Login and using the id command risks at picking up only the first entry in the file.

My guess was wrong (or is only wrong now), but I suspect that someone had manually edited one or both of the files /etc/group and /etc/passwd.

If you did this or suspect that this happened, I would suggest removing the ftpuser user account and group (including the home folder) and start from a clean slate.

harrymc
  • 498,455