Skip to content
Advertisement

Permission denied – Even tho in group with ownership [closed]

I’ve created a group “certificates” and put this group as chgrp -R to /root/ca and all it’s files! Even tho I’m member of “certificates” (relooged multiple times even restarted server) and the permissions are set on drwsrwsr-x I still get the error “Permission denied” when trying to “cd /root/ca”. I tried chaning permissions and ownership and more but somehow still can’t access the folder nor get any information about the folder without using “sudo”. Anyone got an idea what could be causing the problem and how to fix it, so I can access the folder if I am member of certificates?

adm_mike@sf-svr-crt01:~$ id -NG
adm_mike adm cdrom sudo dip plugdev lxd certificates
adm_mike@sf-svr-crt01:~$ sudo ls -lh /root | grep ca
drwsrwsr-x 8 root certificates 4.0K Aug 18 06:25 ca
adm_mike@sf-svr-crt01:~$ sudo ls -lh /root/ca
drwsrwsr-x 2 root certificates 4.0K Aug 18 06:28 certs
drwsrwsr-x 2 root certificates 4.0K Aug 18 06:00 config
drwsrwsr-x 2 root certificates 4.0K Aug 13 06:36 crl
-rwxrwxr-x 1 root certificates    5 Aug 13 06:37 crlnumber
-rwxrwxr-x 1 root certificates  579 Aug 18 06:25 index.txt
-rwxrwxr-x 1 root certificates   21 Aug 18 06:25 index.txt.attr
-rwxrwxr-x 1 root certificates   21 Aug 16 15:21 index.txt.attr.old
-rwxrwxr-x 1 root certificates  423 Aug 16 15:21 index.txt.old
drwsrwsr-x 2 root certificates 4.0K Aug 18 06:25 newcerts
drwsrwsr-x 2 root certificates 4.0K Aug 17 14:16 private
drwsrwsr-x 2 root certificates 4.0K Aug 18 06:13 request
-rwxrwxr-x 1 root certificates    5 Aug 18 06:25 serial
-rwxrwxr-x 1 root certificates    5 Aug 16 15:21 serial.old
adm_mike@sf-svr-crt01:~$ cd /root/ca
-bash: cd: /root/ca: Permission denied

Linux Codes as Image

Advertisement

Answer

In order to change to the directory /root/ca, you also need to have execute (x) permissions on top-level directories – in this case /root. Whilst in theory the solution would be to also change the group of /root, this is not recommended, as /root, should stay only accessible by the root user in all cases.

You should make a directory in a separate location, i.e. /etc/ssl/ca, and set the respective permissions there.

User contributions licensed under: CC BY-SA
8 People found this is helpful
Advertisement