Giving a user permission to a folder within the root folder

Question 1

In my root folder, I have a folder called app (e.g. /root/myapp). This /root/app folder is owned by the user root, and the group team. I have this applied to the entire directory by using chown -R root:team /root/myapp; however I have a user who is a part of the team group and they are unable to access this folder.

 ⚡ root@dev  ~/myapp   dev ●  ls -la                                 
total 10568                                                                       
drwxrwxr-x 18 root team    4096 Aug 11 21:44 .                                  
drwx------  9 root root      4096 Aug 11 21:47 ..                                 
-rw-rw-r--  1 root team     341 Jun 17 02:17 .env                               
drwxrw-r-x  8 root team    4096 Aug 11 21:47 .git                               
-rw-rw-r--  1 root team    1573 Aug 11 15:53 .gitignore                                       
-rw-rw-r--  1 root team    4405 Jul 30 15:11 Gemfile                            
-rw-rw-r--  1 root team   13315 Aug  3 17:18 Gemfile.lock                       
-rw-rw-r--  1 root team     384 Jun 17 02:11 README.md                          
-rw-rw-r--  1 root team     227 Jun 17 02:11 Rakefile                           
drwxrw-r-x 13 root team    4096 Aug 11 20:23 app                                
drwxrw-r-x  2 root team    4096 Jun 17 02:11 bin                                
drwxrw-r-x  3 root team    4096 Jun 17 02:11 cfn-templates                      
drwxrw-r-x  5 root team    4096 Aug 11 15:54 config                             
-rw-rw-r--  1 root team     130 Jun 17 02:11 config.ru                          
drwxrw-r-x  3 root team    4096 Aug 11 16:08 db                                 
drwxrw-r-x  2 root team    4096 Aug 11 16:49 doc                                             
drwxrw-r-x  6 root team    4096 Aug 11 20:23 lib                                
drwxrw-r-x  2 root team    4096 Jun 17 02:27 log                                
-rw-rw-r--  1 root team   34733 Aug 11 16:50 models.dot                         
-rw-rw-r--  1 root team 4439122 Aug 11 16:50 models.png                         
drwxrw-r-x  2 root team    4096 Jun 17 02:11 nginx                              
drwxrw-r-x 51 root team    4096 Jun 17 02:27 node_modules                       
-rw-rw-r--  1 root team   14122 Jun 17 02:27 package-lock.json                  
-rw-rw-r--  1 root team     706 Jun 17 02:11 package.json                       
drwxrw-r-x  2 root team    4096 Aug  3 18:38 public                             
drwxrw-r-x  2 root team    4096 Jun 17 02:11 storage                            
drwxrw-r-x 10 root team    4096 Jun 17 02:11 test                               
drwxrw-r-x  5 root team    4096 Jun 17 02:25 tmp                                
drwxrw-r-x  2 root team    4096 Jun 17 02:11 vendor

When I run groups user1, I can see that user1 is in the team group:

 ⚡ root@dev  ~/myapp   dev ●  groups user1                                                                                                                     
user1 : user1 team

In that user's home directory, I have created a symlink in the following manner: ln -s /root/myapp /home/user1/myapp; however, if I try to cd into that directory under that user, I get permission denied.

Any idea what could be causing this? From what I can understand, anyone on the team group should be able to read, write, or execute to the entire directory.

Here's an ls from user's home directory as the user` user:

│user1@dev ~ % ls -la                                             
│total 84
│drwxr-xr-x 3 user1 user1  4096 Aug 11 21:55 .
│drwxr-xr-x 3 root    root     4096 Aug 11 21:17 ..
│-rw------- 1 user1 user1    29 Aug 11 21:19 .bash_history
│-rw-r--r-- 1 user1 user1   220 Apr  4  2018 .bash_logout
│-rw-r--r-- 1 user1 user1  3771 Apr  4  2018 .bashrc
│-rw-r--r-- 1 user1 user1     0 Jun 23 04:40 .cloud-locale-test.skip
│-rw-r--r-- 1 user1 user1   807 Apr  4  2018 .profile
│drwxr-xr-x 2 root    root     4096 Aug 11 21:17 .ssh
│-rw------- 1 user1 user1   695 Aug 11 21:32 .viminfo
│-rw-rw-r-- 1 user1 user1 42357 Aug 11 21:19 .zcompdump
│-rw------- 1 user1 user1   673 Aug 11 21:55 .zsh_history
│-rw-r--r-- 1 user1 user1  1295 Aug 11 21:21 .zshrc
│lrwxrwxrwx 1 user1 user1    10 Aug 11 21:18 myapp -> /root/myapp

Question 2

Changing the rights of the "/root 'folder is an important security flaw, and should never be changed and should never be done!

Your "myapp" folder should not be found here, but either in a "/home" or in /opt or in a /usr/local/share

At your own risk ...

for your question, the creation of files/folders to be read/write/created by a "group" you need:

an "umask 0002" in the ".bashrc" file(s) of the user(s)
that the "parent" folder (root of the tree) be with the following rights:

chmod g=rwxs FolderName
that each user concerned are in the same "group" as the group 0 of the parent folder

the s options create new file/folder with the groupe of the parent folders Таким образом, пользователи, принадлежащие к группе, смогут использовать эту папку, и каждая папка / создание будет иметь права для общей "группы"

. Использование Linux, как linux, должно использоваться, обратите внимание, как windows или что-то еще, под страхом наказания в результате получилась нестабильная система и настоящее хакерское гнездо

score 2 · Accepted Answer · 21 August 2020 в 08:03