`Permission Denied` to CD into a directory even though permissions are correct

linux permissions

This is so wierd. Logged in to a Linux (RHEL) box as a user 'g', doing an ls -lah shows

drwxrwxrwx 6 g    g    4.0K Jun 23 13:27 .
drwxrw-r-x 6 root root 4.0K Jun 23 13:15 ..
-rwxrw---- 1 g    g     678 Jun 23 13:26 .bash_history
-rwxrw---- 1 g    g      33 Jun 23 13:15 .bash_logout
-rwxrw---- 1 g    g     176 Jun 23 13:15 .bash_profile
-rwxrw---- 1 g    g     124 Jun 23 13:15 .bashrc
drw-r----- 2 g    g    4.0K Jun 23 13:25 .ssh

So the user 'g' in group 'g' /should/ be able to read and write to the .ssh directory but if I do ls -lah .ssh/ I get ls: .ssh/: Permission denied. I also get Permission denied if I try and cat any files in the directory

If I go in as root and change the permissions to 700, 744, 766 or anything as long as the 'user' permission is 7 it works and I can CD and LS the directory and files within.

id g returns

uid=504(g) gid=506(g) groups=506(g)

Edit:

I've copied these permissions exactly to another identical box and there is no issue. I can cd into a directory without execute permissions.


Solution 1:

The directory will require the execute bit set in order for you to enter it. I don't know what you tested, but you cannot enter a directory without the execute bit, or read files in it:

$ mkdir foo
$ echo "baz" > foo/bar
$ chmod 660 foo
$ cd foo
bash: cd: foo: Permission denied
$ cat foo/bar
cat: foo/bar: Permission denied

That is, unless your process has the CAP_DAC_OVERRIDE POSIX capability set (like root has), which allows you to enter directories without the executable bit set, iirc.

Basically, you should try to keep you .ssh directory at 700, and everything in it at 600, just to be safe. The ssh man page gives per file instructions on the required ownerships and permission modes for files in ~/.ssh.

Solution 2:

A directory requires execute permission in order to cd into it. This is the behavior that is expected.

chmod +x /path/to/dir/

Solution 3:

In order to ls or cd into a directory, you need execute permissions. While you don't have them, you can not really inspect the content and see the permissions of the files inside, so most probably the file permissions are wrong themselves, if you can not cat them.

Directory permission of 700 and file permissions 644 are perfectly OK setup for me.

Related

Is it bad practice to declare MX from differing networks?
Which anti spam DNS blacklists should used?
Who picked 127.0.0.1 to be localhost and why? What meaning does it have?
Find interface for route to specific host
Recursively copying hidden files - Linux
Why don't we study algebraic objects with more than two operations?
Integral $\int_0^\infty\frac{1}{x\,\sqrt{2}+\sqrt{2\,x^2+1}}\cdot\frac{\log x}{\sqrt{x^2+1}}\mathrm dx$
Is positive the same as non-negative?
Are the rationals on a unit circle dense?
Lost anecdote of a mathematician who gave a presentation without saying a word [closed]
Prove that the 25 people can be seated in this way
Is sin(x) necessarily irrational where x is rational?