File is inaccessible to another user even though group permissions on it are granted

Question

I created a file /home/andrew/lolka123 and granted read permission to a group named andrew. (user andrew owns the file and also a parent directory) I also added group permission to the parent directory.

Now I want to grant access to this file to user http.

Both users andrew and http are present in group andrew. Now I'm trying to read file from http user but it gives me Permission denied, why?

getfacl /home/andrew/lol123:

# file: home/andrew/lol123
# owner: andrew
# group: andrew
user::rw-
group::r--
other::r--

getfacl ~/:

getfacl: Removing leading '/' from absolute path names
# file: home/andrew/
# owner: andrew
# group: andrew
user::rwx
user:nobody:--x
group::---
mask::rwx
other::---

EDIT 2:

sudo chmod g+rx /home/andrew/ doesn't work. getfacl /home/andrew/ still shows group::---

I'm using ArchLinux bleeding edge with 4.11.9-1 kernel. getenforce command is not available, and it's not available in any packages from Arch repository. — deathangel908, Sep 06 '17 at 13:25
The '+' at the end of the permission string indicates there are additional ACLs. What is the output of getfacl . ? — user4556274, Sep 06 '17 at 13:40
This question is not related to apache, I included getfacl . to the question. — deathangel908, Sep 06 '17 at 13:49
@Katu ls -ldz /home/andrew shows drwxrwx--x+ 141 andrew andrew ? — deathangel908, Sep 06 '17 at 14:01
check also ls -ld /home to see if the http user can get through there — Jeff Schaller, Sep 06 '17 at 14:11
group::--- perms on the directory are going to deny access to anyone in the directory's group (aside from the directory's owner). — Mark Plotnick, Sep 06 '17 at 14:22
@mark-plotnick do I grant the permissions then? chmod g+rw doesn't work — deathangel908, Sep 07 '17 at 11:55
The directory needs to have execute permission, so try chmod g+rwx, although giving write access to the http server might not be a good idea, so g=rx may be better. — Mark Plotnick, Sep 10 '17 at 01:30
If you can edit your question to show the exact access various users, groups, and others should have for each directory and file, we can help you adjust your permissions and acls appropriately. — Mark Plotnick, Sep 10 '17 at 01:36

fcbsd · Answer 1 · 2017-09-06T13:42:04.850

0

if as http user, the following command newgrp andrew allows you access the file then the reason will be that a session had not picked up the changes to groups - which usually requires a re-login to take affect.

edited Sep 06 '17 at 13:42

answered Sep 06 '17 at 13:31

fcbsd

689

File is inaccessible to another user even though group permissions on it are granted

1 Answers1

Linked