1

I have just created a new directory called sync in the location /home/sync. I created the directory as user liam, I then done a chown -R rslsync:rslsync /home/sync. This changed the owner to user rslsync no problem. I added myself, liam, to the rslsync group.

I then created another folder in the directory named test so the directory is now /home/sync/test. When I try to point my rslsync folder location to be /home/sync/test it tells me rslsync doesn't have write permissions to the folder. I run an ls -l and it shows root root.

How does an owner of the top directory folder rslsync not have access to one of its sub folders thats created by another user that is even in the same group as itself? Am I missing something here?

EDIT

drwxr-xr-x. 3 rslsync rslsync 18 Aug 26 17:09 /home/sync

drwxr-xr-x. 2 root    root     6 Aug 26 17:09 /home/sync/test

When I created the folder test I used sudo as it wouldn't let me create it otherwise.

Group liam shows as this

liam : liam wheel rslsync
Kusalananda
  • 333,661
rufus
  • 119

5 Answers5

4

New directories and files created by default inherit the creating process' user and group. The process may explicitly set it to some other group (the process is member of) or should the directory have setuid/setgid bit set, the owner/group are set to match the directory's.

Default file permissions are determined by process' umask. Usual umask values (022 and 027) do not set files and directories world writable.

Since your directory's owner and group are root:root you cannot write to it. Also by your description it seems like you did create the file as root (using sudo?) instead of user liam.

Also note that file permissions checks in Linux are done for full path starting from current directory. If a directory within the path doesn't have at execute (+x) permission for the process' user/group, access is denied.

Another way to set file permissions is by POSIX Access Control Lists, for which semantics are explained in man 5 acl. ACL support depends on filesystem you are using and might require a mount flag to enable.

sebasth
  • 14,872
1

  1. On Linux ownership and permissions for each file or folder are handled separately from all other folders and files - independently from the parent directories state. When you create a new folder (at any location) then it gets the ownership of the user who created it. That is a good thing and is essential for the Linux security model.

  2. When the ls command gives you "root:root" then root created the file/folder (or sombody did chown root:root. But apparently user rslsync (or liam) do not (and should not) belong to the group "root". This is why they don't get the permissions that are in the "group" field of the permission flags. Instead they get the permissions that are noted in the "others" field. And the standard permissions for these fields are no permissions at all...

Thomas
  • 6,362
fragwürdig
  • 532
0

you already answered your question...

ls -l shows root:root and you wrote chown -R rslsync:rslsync.

This means that at least if your rslsync user is not part from the root group you can't write in that directory.

What I'm not following here is why your user liam creates folders as root:root, but that is a different problem.

could you please show the output from groups from your user?

Christopher Díaz Riveros
  • 1,610
0

That is what it is supposed to do: new files (and directories) are created with uid, and gid of creator.

But the real questions is “what can you do about it?”

  • Use an access control list (ACL) with a default group: this will cause this group and permissions, to be inherited by all directories and files, that are added. (see also What are the different ways to set file permissions etc on gnu/linux)

  • If you can not have ACLs, then ensure that you have a private group as your primary group, and set umask to rwxr-x--- (0027). Then set the sgid bit for the directory. (this is much harder to get right compared to the ACL method.)

Note: don't try to use suid bit, it won't work.

ctrl-alt-delor
  • 27,993
-1

I found a solution:

Go to .service file
sudo vi /usr/lib/systemd/system/resilio-sync.service

Change this lines with your current user name:

User=aurelien.izoulet
Group=aurelien.izoulet
Environment="SYNC_USER=aurelien.izoulet"
Environment="SYNC_GROUP=aurelien.izoulet"

Restart systemctl :
sudo systemctl daemon-reload

Then restart rslsync service and this should works!

Aurélien Izoulet
  • 1