User can’t access to group permission directory

Posted on

Problem :

I have a user jenkins in group jenkins. I want to have access to the directory /var/www/html/, so I have changed the directory group from root to jenkins.

$ ll /var/www
...
drwxrwx---. 7 root jenkins ... html
...
$ groups
jenkins
$ cd /var/www/html
-bash: cd/var/www/html: Permission denied

User from /etc/passwd:
jenkins:x:779:779::/home/usr:/bin/bash

The owner and group of /var and /var/www are root. As I understand I shouldn’t change their group as well, only the directory I want to access.

Do you have any idea why this isn’t working?

EDIT:
$ ls -l /var
total 97

drwxrwx—. 8 root root … www

Sorry for not displaying the full output, it is from an offline computer. I don’t know what is executable path but this file is the only one that looks different:

lrwxrwxrwx. 1 root root ... mail -> spool/mail

Solution :

Seems to be a problem with perms from parents folders, if you want to read and change into a directory you have to get read and execute perms on the folders and its parents folders.
Check that ownership and bits mode of the following folders:

  • / = mode: 755, user: root, group: root
  • /var = mode: 755, user: root, group: root
  • /var/www = mode: 750, user: WebSrvUsr**, group: WebSrvGrp**
  • /var/www/html = mode: 750, user: WebSrvUsr**, group: jenkins

** WebSrvUsr and WebSrvGrp depends of distro

And finally, your user have to be member of the following groups: WebSrvGrp, jenkins.

If this does not work, you could check selinux or apparmor (getenforce)

Make sure either:

  • a) /var/ has 755 permission (recommended), or
  • b) /var‘s ownership is set to root:jenkins (not recommended).

Leave a Reply

Your email address will not be published. Required fields are marked *