ACL - Write Operation Responding Permission Denied

Issues related to applications and software problems
Post Reply
davidcc
Posts: 2
Joined: 2020/03/28 01:14:43

ACL - Write Operation Responding Permission Denied

Post by davidcc » 2020/03/28 01:56:53

Wanting to have one user write a file in another user's folder. Essentially, user 'renew' attempts to cp or file_put_contents() to a folder under user 'short'. The result is always "permission denied".

The origin:
/home/renew/public_html/remittance (for cp) or,
/home/renew/public_html/scheduled/file.php (for cron or http)

The destination folder:
/home/short/public_html/admin/remittance

The ACL setup:

Code: Select all

[short@vps ~]$ getfacl /home/short/public_html/admin/remittance/
getfacl: Removing leading '/' from absolute path names
# file: home/short/public_html/admin/remittance/
# owner: short
# group: short
user::rwx
group::rwx
other::r-x
default:user::rwx
default:user:renew:rwx
default:group::rwx
default:mask::rwx
default:other::r-x
The CLI result:

Code: Select all

[renew@vps remittance]$ cp file_to_copy.html /home/short/public_html/admin/remittance/copied_file.html
cp: failed to access ‘/home/short/public_html/admin/remittance/copied_file.html’: Permission denied
Within PHP file:

Code: Select all

# user: renew
echo get_current_user() . '<br>';
$bytes = file_put_contents('/home/short/public_html/admin/remittance/copied_file.html', $data);

# outputs
get_current_user(): renew
Warning: file_put_contents(/home/short/public_html/admin/remittance/file_to_copy.html): failed to open stream: Permission denied in /home/renew/public_html/scheduled/renew.php on line 61
I have added and removed the ACL several times. One of those attempts was to add a group (instead of user), which both users belong to. Both accounts were recently copied and moved from Cpanel to DirectAdmin. ACL was subsequently attempted. Both users have a symbolic link to public_html, bypassing /domains/a_domain.com/.

The result is always "permission denied" from both the command line and from PHP script (including cron).

Is there a way to debug the access control list? Looking for ideas on how to get this working.

Thanks for looking.

David

User avatar
TrevorH
Forum Moderator
Posts: 30191
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: ACL - Write Operation Responding Permission Denied

Post by TrevorH » 2020/03/28 12:01:42

Start from the top of the directory tree. For a user to access a sub-directory they will need at least traverse (+x) access to all directories leading down to the one in question - i.e. to get to /home/renew/public_html/scheduled/ you need to be able to get into /home/renew first.
CentOS 6 died in November 2020 - migrate to a new version!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

davidcc
Posts: 2
Joined: 2020/03/28 01:14:43

Re: ACL - Write Operation Responding Permission Denied

Post by davidcc » 2020/03/28 13:17:23

Thank you Trevor!!
TrevorH wrote:
2020/03/28 12:01:42
For a user to access a sub-directory they will need at least traverse (+x) access to all directories leading down to the one in question -
This was the key piece that was missing from several of the online articles about using ACL.

It's working now.

David

Post Reply

Return to “CentOS 7 - Software Support”