Linux (NAS) Permissions problem (Permission Denied)
- by calumbrodie
This is probably easier to show than to explain...
-bash-3.2$ id
uid=501(admin) gid=503(admin) groups=100(users),501(admins),503(admin)
-bash-3.2$ groups
admin users admins
-bash-3.2$ ls -l
total 8
drwxrwxrwx 78 admin www 4096 Dec 9 09:02 Inbox
drwxrwxrwx 21 admin www 4096 Dec 8 21:45 Movies
drwxrwx--- 3 admin www 52 Dec 9 07:57 TV
-bash-3.2$ cd Movies
-bash-3.2$ ls -l
total 20
drwxrwx--- 7 admin www 4096 Dec 8 00:04 Action
drwxrwx--- 6 admin www 4096 Dec 8 00:05 Animation
drwxrwx--- 4 admin www 4096 Dec 8 00:17 Comedy
drwxrwx--- 4 admin www 4096 Dec 8 00:14 Drama
drwxrwx--- 4 admin www 4096 Dec 8 00:14 Family
drwxrwx--- 6 admin www 58 Dec 6 19:10 Foreign Language
drwxrwx--- 2 admin www 31 Dec 7 23:58 Horror
drwxrwx--- 3 admin www 50 Dec 8 00:15 Science Fiction
drwxrwx--- 2 admin www 6 Dec 8 00:16 Thriller
-bash-3.2$ cd ../Inbox
-bash: cd: ../Inbox: Permission denied
Filesystem is XFS. Are there permissions on the directories that ls -l wouldn't show? I'm the owner of all directories and files inside them. I can sudo to modify the file permissions or view the contents of the folders but I need them to be accessible by 'admin'.
Any ideas? I'll be checking the question regularly so let me know if I need to update this with more information.
Thanks
Edit : Added strace
execve("/bin/ls", ["ls", "Inbox"], [/* 21 vars */]) = 0
brk(0) = 0x26000
uname({sys="Linux", node="axentraserver.the-brodie-stora.mystora.com", ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4001c000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=17972, ...}) = 0
mmap2(NULL, 17972, PROT_READ, MAP_PRIVATE, 3, 0) = 0x4001d000
close(3) = 0
open("/lib/librt.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0P\25\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=39776, ...}) = 0
mmap2(NULL, 57816, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x40025000
mprotect(0x4002b000, 28672, PROT_NONE) = 0
mmap2(0x40032000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5) = 0x40032000
close(3) = 0
open("/lib/libacl.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\24\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=134375, ...}) = 0
mmap2(NULL, 54368, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x40034000
mprotect(0x4003a000, 28672, PROT_NONE) = 0
mmap2(0x40041000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5) = 0x40041000
close(3) = 0
open("/lib/libselinux.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\2147\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=297439, ...}) = 0
mmap2(NULL, 117504, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x40042000
mprotect(0x40056000, 28672, PROT_NONE) = 0
mmap2(0x4005d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13) = 0x4005d000
close(3) = 0
open("/lib/libgcc_s.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\10\"\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=43164, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40022000
mmap2(NULL, 74572, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x4005f000
mprotect(0x4006a000, 28672, PROT_NONE) = 0
mmap2(0x40071000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa) = 0x40071000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0XI\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1517948, ...}) = 0
mmap2(NULL, 1245628, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x40072000
mprotect(0x40195000, 32768, PROT_NONE) = 0
mmap2(0x4019d000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x123) = 0x4019d000
mmap2(0x401a0000, 8636, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x401a0000
close(3) = 0
open("/lib/libpthread.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\230A\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=121044, ...}) = 0
mmap2(NULL, 115184, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x401a3000
mprotect(0x401b5000, 28672, PROT_NONE) = 0
mmap2(0x401bc000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11) = 0x401bc000
mmap2(0x401be000, 4592, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x401be000
close(3) = 0
open("/lib/libattr.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\364\f\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=40571, ...}) = 0
mmap2(NULL, 45512, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x401c0000
mprotect(0x401c3000, 32768, PROT_NONE) = 0
mmap2(0x401cb000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3) = 0x401cb000
close(3) = 0
open("/lib/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\254\10\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=15344, ...}) = 0
mmap2(NULL, 41116, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x401cc000
mprotect(0x401ce000, 28672, PROT_NONE) = 0
mmap2(0x401d5000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x401d5000
close(3) = 0
open("/lib/libsepol.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\330/\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=228044, ...}) = 0
mmap2(NULL, 301748, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x401d7000
mprotect(0x4020f000, 28672, PROT_NONE) = 0
mmap2(0x40216000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x37) = 0x40216000
mmap2(0x40217000, 39604, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40217000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40221000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40222000
set_tls(0x40221d00, 0x40221d00, 0x40024000, 0x402223e8, 0x41) = 0
mprotect(0x401d5000, 4096, PROT_READ) = 0
mprotect(0x401bc000, 4096, PROT_READ) = 0
mprotect(0x4019d000, 8192, PROT_READ) = 0
mprotect(0x4005d000, 4096, PROT_READ) = 0
mprotect(0x40032000, 4096, PROT_READ) = 0
mprotect(0x40023000, 4096, PROT_READ) = 0
munmap(0x4001d000, 17972) = 0
set_tid_address(0x402218a8) = 9539
set_robust_list(0x402218b0, 0xc) = 0
rt_sigaction(SIGRTMIN, {0x401a6d90, [], SA_SIGINFO|0x4000000}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0x401a6c64, [], SA_RESTART|SA_SIGINFO|0x4000000}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
brk(0) = 0x26000
brk(0x47000) = 0x47000
open("/proc/mounts", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4001d000
read(3, "rootfs / rootfs rw 0 0\nubi0:root"..., 1024) = 1024
read(3, "fs.xino,noplink,create=mfs,sum,b"..., 1024) = 428
read(3, "", 1024) = 0
close(3) = 0
munmap(0x4001d000, 4096) = 0
access("/etc/selinux/", F_OK) = 0
open("/etc/selinux/config", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0
ioctl(1, TIOCGWINSZ, {ws_row=52, ws_col=153, ws_xpixel=918, ws_ypixel=728}) = 0
stat64("Inbox", {st_mode=S_IFDIR|0777, st_size=4096, ...}) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 3
fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 3
fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
open("/etc/nsswitch.conf", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=1696, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4001d000
read(3, "#\n# /etc/nsswitch.conf\n#\n# An ex"..., 4096) = 1696
read(3, "", 4096) = 0
close(3) = 0
munmap(0x4001d000, 4096) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=17972, ...}) = 0
mmap2(NULL, 17972, PROT_READ, MAP_PRIVATE, 3, 0) = 0x4001d000
close(3) = 0
open("/lib/libnss_files.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\304\27\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=49256, ...}) = 0
mmap2(NULL, 70316, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x40223000
mprotect(0x4022c000, 28672, PROT_NONE) = 0
mmap2(0x40233000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x8) = 0x40233000
close(3) = 0
mprotect(0x40233000, 4096, PROT_READ) = 0
munmap(0x4001d000, 17972) = 0
open("/etc/passwd", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=1661, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4001d000
read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 1661
close(3) = 0
munmap(0x4001d000, 4096) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 3
fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
socket(PF_FILE, SOCK_STREAM, 0) = 3
fcntl64(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl64(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
connect(3, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory)
close(3) = 0
open("/etc/group", O_RDONLY) = 3
fcntl64(3, F_GETFD) = 0
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=700, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4001d000
read(3, "root:x:0:root\nbin:x:1:root,bin,d"..., 4096) = 700
close(3) = 0
munmap(0x4001d000, 4096) = 0
open("Inbox", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = -1 EACCES (Permission denied)
write(2, "ls: ", 4ls: ) = 4
write(2, "Inbox", 5Inbox) = 5
write(2, ": Permission denied", 19: Permission denied) = 19
write(2, "\n", 1
) = 1
close(1) = 0
exit_group(2) = ?
2nd edit: Elaboration for Mike.
The Inbox sits at the following location
/home/admin/MyLibrary/MyVideos/Inbox
/home/admin/MyLibrary/MyVideos/Movies
The system is a Netgear Stora NAS box that I have root access to. The /home/ folder is mounted as an smb share on various computers around the house. The folder /Inbox cannot be opened on any of those machines (they all connect as 'admin'). When I ssh into the box using the 'admin' credentials I am also unable to access the folder. The folder was created via a Web Admin page hosted on the NAS. The user/group for the Inbox folder was previously apache:www (expected as this folder was created by the web application), but I chmod/chowned the folder as the root user in an attempt to grant the admin user (therefore the rest of the connected machines) access to the files. Sorry for not including this earlier, I wasn't sure if it was relevant and didn't want to confuse the situation.
-Thanks
3rd Edit Sorry again - It looks like this NAS is running some custom version of Red Hat, not Debian as previously stated - I'm not sure if this makes a difference
