In my root folder, I have a folder called app (e.g. /root/myapp
). This /root/app
folder is owned by the user root, and the group team
. I have this applied to the entire directory by using chown -R root:team /root/myapp
; however I have a user who is a part of the team
group and they are unable to access this folder.
⚡ root@dev ~/myapp dev ● ls -la
total 10568
drwxrwxr-x 18 root team 4096 Aug 11 21:44 .
drwx------ 9 root root 4096 Aug 11 21:47 ..
-rw-rw-r-- 1 root team 341 Jun 17 02:17 .env
drwxrw-r-x 8 root team 4096 Aug 11 21:47 .git
-rw-rw-r-- 1 root team 1573 Aug 11 15:53 .gitignore
-rw-rw-r-- 1 root team 4405 Jul 30 15:11 Gemfile
-rw-rw-r-- 1 root team 13315 Aug 3 17:18 Gemfile.lock
-rw-rw-r-- 1 root team 384 Jun 17 02:11 README.md
-rw-rw-r-- 1 root team 227 Jun 17 02:11 Rakefile
drwxrw-r-x 13 root team 4096 Aug 11 20:23 app
drwxrw-r-x 2 root team 4096 Jun 17 02:11 bin
drwxrw-r-x 3 root team 4096 Jun 17 02:11 cfn-templates
drwxrw-r-x 5 root team 4096 Aug 11 15:54 config
-rw-rw-r-- 1 root team 130 Jun 17 02:11 config.ru
drwxrw-r-x 3 root team 4096 Aug 11 16:08 db
drwxrw-r-x 2 root team 4096 Aug 11 16:49 doc
drwxrw-r-x 6 root team 4096 Aug 11 20:23 lib
drwxrw-r-x 2 root team 4096 Jun 17 02:27 log
-rw-rw-r-- 1 root team 34733 Aug 11 16:50 models.dot
-rw-rw-r-- 1 root team 4439122 Aug 11 16:50 models.png
drwxrw-r-x 2 root team 4096 Jun 17 02:11 nginx
drwxrw-r-x 51 root team 4096 Jun 17 02:27 node_modules
-rw-rw-r-- 1 root team 14122 Jun 17 02:27 package-lock.json
-rw-rw-r-- 1 root team 706 Jun 17 02:11 package.json
drwxrw-r-x 2 root team 4096 Aug 3 18:38 public
drwxrw-r-x 2 root team 4096 Jun 17 02:11 storage
drwxrw-r-x 10 root team 4096 Jun 17 02:11 test
drwxrw-r-x 5 root team 4096 Jun 17 02:25 tmp
drwxrw-r-x 2 root team 4096 Jun 17 02:11 vendor
When I run groups user1
, I can see that user1
is in the team
group:
⚡ root@dev ~/myapp dev ● groups user1
user1 : user1 team
In that user's home directory, I have created a symlink in the following manner: ln -s /root/myapp /home/user1/myapp
; however, if I try to cd into that directory under that user, I get permission denied
.
Any idea what could be causing this? From what I can understand, anyone on the team group should be able to read, write, or execute to the entire directory.
Here's an ls from user's home directory as the
user` user:
│user1@dev ~ % ls -la
│total 84
│drwxr-xr-x 3 user1 user1 4096 Aug 11 21:55 .
│drwxr-xr-x 3 root root 4096 Aug 11 21:17 ..
│-rw------- 1 user1 user1 29 Aug 11 21:19 .bash_history
│-rw-r--r-- 1 user1 user1 220 Apr 4 2018 .bash_logout
│-rw-r--r-- 1 user1 user1 3771 Apr 4 2018 .bashrc
│-rw-r--r-- 1 user1 user1 0 Jun 23 04:40 .cloud-locale-test.skip
│-rw-r--r-- 1 user1 user1 807 Apr 4 2018 .profile
│drwxr-xr-x 2 root root 4096 Aug 11 21:17 .ssh
│-rw------- 1 user1 user1 695 Aug 11 21:32 .viminfo
│-rw-rw-r-- 1 user1 user1 42357 Aug 11 21:19 .zcompdump
│-rw------- 1 user1 user1 673 Aug 11 21:55 .zsh_history
│-rw-r--r-- 1 user1 user1 1295 Aug 11 21:21 .zshrc
│lrwxrwxrwx 1 user1 user1 10 Aug 11 21:18 myapp -> /root/myapp
Changing the rights of the "/root 'folder is an important security flaw, and should never be changed and should never be done!
Your "myapp" folder should not be found here, but either in a "/home" or in /opt or in a /usr/local/share
At your own risk ...
for your question, the creation of files/folders to be read/write/created by a "group" you need:
an "umask 0002" in the ".bashrc" file(s) of the user(s)
that the "parent" folder (root of the tree) be with the following rights:
chmod g=rwxs FolderName
that each user concerned are in the same "group" as the group 0 of the parent folder
the s
options create new file/folder with the groupe of the parent folders
Таким образом, пользователи, принадлежащие к группе, смогут использовать эту папку, и каждая папка / создание будет иметь права для общей "группы"
. Использование Linux, как linux, должно использоваться, обратите внимание, как windows или что-то еще, под страхом наказания в результате получилась нестабильная система и настоящее хакерское гнездо