Permission-denied puzzle

Hi all,

I’m stuck with a permission problem that I can’t figure out. My girl and me both have a private share on the MBL, which is in the /shares directory. We both solely use SSH for remote access to the NAS, and we want write access to our own share and read access to the other. I’ve set up the file permissions as such:

ls -ldrwxrwxr-x 6 root share 65536 Oct 13 2012 Public
drwxr-xr-x 7 ana share 65536 May 20 22:52 ana
drwxr-xr-x 18 robert share 65536 May 21 14:16 robert

We are members of the same groups:

groups ana
share www-data

groups robert
share www-data

As user ‘robert’ I can read all the files in ‘ana’ and list the folder’s contents, but strangely enough also write, despite the “r-x” permission bits for groups and others. I also can write to my own folder ‘robert’ and the Public folder. However, user ‘ana’ can only read and write to her own share and the Public folder, but gets a “permission denied” error message for any file operation on folder ‘robert’:

ana@mybook> cd /shares/robert
-bash: cd: robert: Permission denied

I find that remarkable since everyone has read and execute permissions on the folder ‘robert’. Even when I change the ownership of the ‘robert’ folder to user ‘ana’ with chown, the permission is still denied.

Any other folder that I create as user ‘robert’ in the /shares folder on the other hand is accessible by user ‘ana’. Actually, even folders I create as root (via sudo) in the /shares folder, the non-privileged user ‘ana’ can delete. I also renamed the folder ‘robert’ to ‘robert2’ with the mv command (which actually made a copy of all the files) and the user ‘ana’ can access the folder ‘robert2’, including writing despite having “r-x” permission bits for group and other.

I recreated the folder ‘robert’ with the mkdir command as user ‘robert’. This brand new folder ‘robert’ again is inaccessible for ‘ana’. As ‘robert’, I removed the ‘robert’ folder. As ‘ana’, I created it again, but after creation it still is inaccessible:

mkdir robert
ana@MyBook:/shares$ ls -l
total 256
drwxrwxr-x 6 root share 65536 May 21 14:50 Public
drwxr-xr-x 7 ana share 65536 May 20 22:52 ana
drwxrwxrw- 2 ana share 65536 May 21 15:09 robert
drwxr-xr-x 18 robert share 65536 May 21 14:16 robert2
ana@MyBook:/shares$ cd robert
-bash: cd: robert: Permission denied

What is going on with file permissions on the /shares mount? Is there any additional security in place over the normal Linux file permissions? And most importantly, can I get what I need: write permission for the owner, read permission for the other user? It seems to be all or nothing at the moment.

Any help is very welcome!

Robert (you’d neve guessed, right? :wink: )

The MBL uses “trustee” permissions, not direct file permissions.

Perhaps that’s what your issue is.

Thanks for replying. That could definitely be it, is that part of SELinux? Or would you otherwise have a pointer about this system? I’m only used to old-school file permissions.

Robert

Thanks, I found what it’s about. Learned something new today. I wish I had known this yesterday night :slight_smile: