Group member cannot list files in directory made by group

Question

I am using Centos 6.6.

I made a group with the following call

 sudo groupadd www-OtagoHarbour
 sudo usermod -G www-OtagoHarbour apache
 sudo usermod -G www-OtagoHarbour OtagoHarbour

When I enter

more /etc/group

I see

www-OtagoHarbour:x:501:apache,OtagoHarbour

I enter

sudo chown apache /var/www/dropbox

then

 sudo chgrp -R www-OtagoHarbour /var/www/dropbox
 sudo chgrp -R www-OtagoHarbour /var/www
 sudo chmod -R g+r /var/www/dropbox
 sudo chmod -R g+r /var/www

However, when I log is as OtagoHarbour and enter

 ls /var/www/dropbox

I get

 ls: cannot open directory /var/www/dropbox: Permission denied/var/www/dropbox

EDIT:

$ ls -ld /var/www/dropbox /var/www /var
drwxr-xr-x. 22 root   root            4096 Mar 25  2014 /var
drwxr-xr-x. 17 root   www-OtagoHarbour 4096 Jan  9 22:29 /var/www
drwxrwx--x.  2 apache www-OtagoHarbour 4096 Jan 10 11:30 /var/www/dropbox

Please post output of ls -ld /var/www/dropbox /var/www /var. — Sepahrad Salour, Jan 10 '15 at 16:57
See Why do directories need the executable (X) permission to be opened? — steeldriver, Jan 10 '15 at 16:59
Steeldriver. I tried "sudo chmod g+x /var/www/dropbox" but still have the permission error. Thanks, — OtagoHarbour, Jan 10 '15 at 17:56

score 1 · Accepted Answer · answered Jan 10 '15 at 21:05

1

The normal file permissions are OK. But the trailing dot in the permission field

drwxrwx--x.  [...] /var/www/dropbox

shows that there is a SELinux security context for this directory. If SELinux is active (which can be checked by the command sestatus) then this may prevent the access.

I am not familiar with SELinux, though. Thus I cannot tell you how to change those settings. If that is the reason then you should ask a new question specificly about the necessary SELinux settings.

answered Jan 10 '15 at 21:05

Hauke Laging

90,279

Thank you for your reply and sorry about my own tardiness in replying. I was getting familiar with SELinux. I put SELinux into permissive mode but, unfortunately, that did not resolve the problem. "ls /var/www/dropbox" still results in "ls: cannot open directory /var/www/dropbox: Permission denied". Thanks, – OtagoHarbour Jan 14 '15 at 00:56
I restarted the computer and that fixed the problem. Thanks, – OtagoHarbour Jan 14 '15 at 01:49
@OtagoHarbour You mean the reboot was necessary to disable SELinux, or didn't the problem have anything to do with SELinux? – Hauke Laging Jan 14 '15 at 02:06
I suspect the latter. I switched SELinux to permissive mode using "echo 0 >/selinux/enforce" as root and sestatus returned "current mode: permissive" but my problem persisted. I logged out and logged back in again after reading this. It would appear that logging out and logging back in again is necessary for usermod to take effect. Thanks, – OtagoHarbour Jan 14 '15 at 03:58

Group member cannot list files in directory made by group

1 Answers1