1

I have a ssh only user account called pgbackrest with disabled password . I have created a directory /etc/pgbackrest/ as root (sudo mkdir -p /etc/pgbackrest). Then I create a config file under the above directory and changed the ownership to the account pgbackrest and sudo chmod 640 /etc/pgbackrest/pgbackrest.conf When I try to edit it with

  1. Switch to pgbackrest user sudo su - pgbackrest and vim /etc/pgbackrest/pgbackrest.conf, I get /etc/pgbackrest/pgbackrest.conf" [Permission Denied] in the vim editor.
  2. sudo -u pgbackrest vim /etc/pgbackrest/pgbackrest.conf, I get /etc/pgbackrest/pgbackrest.conf" [Permission Denied] in the vim editor.

does the permissions on the upper level directory prohibit the edit ? 640 means the owner and the group members can read, write. I am accessing the file as the owner, why am I getting access denied ?

Improve this question
5
  • What are the permissions on the directory? In order to access the file, the pgbackrest user has to be able to have at least x permissions to the directory. To get a listing then it also needs r. And to create files (eg temp files) it also needs w. So, yes, directory permissions matter. Commented Aug 11, 2021 at 1:03
  • @StephenHarris drwxr-x--- 3 root root 4096 Aug 10 22:56 pgbackrest on the file -rw-r----- 1 pgbackrest pgbackrest 0 Aug 10 01:12 pgbackrest.conf. Is it a good idea to own the /etc/pgbackrest to pgbackrest user ? considering the fact that it is under a system directory. Commented Aug 11, 2021 at 12:19
  • You could possibly just go chmod a+x /etc/pgbackrest so that anyone can see files they have permission to in that directory... if they know the name. Commented Aug 11, 2021 at 22:12
  • @StephenHarris Thank you. Commented Aug 14, 2021 at 19:07
  • I've made this into a full answer. Hopefully it makes sense to you! Commented Aug 15, 2021 at 12:40

1 Answer 1

Reset to default
0

In order for a user to be able to access a file, they also need permissions on all the directories in the path leading to the file.

At a bare minimum they need x permissions on the directory.

In your case (from comments) you have

drwxr-x---   3 root root       4096 Aug 10 22:56 pgbackrest

And the file itself:

-rw-r-----   1 pgbackrest pgbackrest    0 Aug 10 01:12 pgbackrest.conf

This means the pgbackrest user can not get to the file to read it.

A simple solution would be to add x permissions:

chmod a+x /etc/pgbackrest

Now anyone who knows the name of the file in that directory could try to access the file but the file permissions also take effect. So only the pgbackrest user or anyone in the pgbackrest group will be able to open the file; everyone else will be blocked.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.