I’ve created a group “certificates” and put this group as chgrp -R to /root/ca and all it’s files! Even tho I’m member of “certificates” (relooged multiple times even restarted server) and the permissions are set on drwsrwsr-x I still get the error “Permission denied” when trying to “cd /root/ca”. I tried chaning permissions and ownership and more but somehow still can’t access the folder nor get any information about the folder without using “sudo”. Anyone got an idea what could be causing the problem and how to fix it, so I can access the folder if I am member of certificates?
adm_mike@sf-svr-crt01:~$ id -NG adm_mike adm cdrom sudo dip plugdev lxd certificates
adm_mike@sf-svr-crt01:~$ sudo ls -lh /root | grep ca drwsrwsr-x 8 root certificates 4.0K Aug 18 06:25 ca
adm_mike@sf-svr-crt01:~$ sudo ls -lh /root/ca drwsrwsr-x 2 root certificates 4.0K Aug 18 06:28 certs drwsrwsr-x 2 root certificates 4.0K Aug 18 06:00 config drwsrwsr-x 2 root certificates 4.0K Aug 13 06:36 crl -rwxrwxr-x 1 root certificates 5 Aug 13 06:37 crlnumber -rwxrwxr-x 1 root certificates 579 Aug 18 06:25 index.txt -rwxrwxr-x 1 root certificates 21 Aug 18 06:25 index.txt.attr -rwxrwxr-x 1 root certificates 21 Aug 16 15:21 index.txt.attr.old -rwxrwxr-x 1 root certificates 423 Aug 16 15:21 index.txt.old drwsrwsr-x 2 root certificates 4.0K Aug 18 06:25 newcerts drwsrwsr-x 2 root certificates 4.0K Aug 17 14:16 private drwsrwsr-x 2 root certificates 4.0K Aug 18 06:13 request -rwxrwxr-x 1 root certificates 5 Aug 18 06:25 serial -rwxrwxr-x 1 root certificates 5 Aug 16 15:21 serial.old
adm_mike@sf-svr-crt01:~$ cd /root/ca -bash: cd: /root/ca: Permission denied
Advertisement
Answer
In order to change to the directory /root/ca, you also need to have execute (x
) permissions on top-level directories – in this case /root
. Whilst in theory the solution would be to also change the group of /root
, this is not recommended, as /root
, should stay only accessible by the root
user in all cases.
You should make a directory in a separate location, i.e. /etc/ssl/ca, and set the respective permissions there.