Reputation: 3350
Run command without sudo
I'm trying to access a directory using ls but I can access it only using sudo ls for user hduser, whereas, for user avp, I can access it without sudo.
How can I access that directory and all its subdirectories without using sudo all the time for the user hduser?
Here are the file permissions:
avp@avp-HP-ENVY:~$ ll /media/avp/
total 24
drwxr-xr--+ 4 root root 4096 Mar 20 12:50 ./
drwxr-xr-x 3 root root 4096 Aug 5 2015 ../
drwxrwxrwx 1 root root 12288 Mar 20 11:40 study/
hduser@avp-HP-ENVY:~$ mkdir /media/avp/test
mkdir: cannot create directory ‘/media/avp/test’: Permission denied
hduser@avp-HP-ENVY:~$ sudo mkdir /media/avp/test
hduser@avp-HP-ENVY:~$ ls /media/avp/test
ls: cannot access /media/avp/test: Permission denied
hduser@avp-HP-ENVY:~$ ls /media/avp/
ls: cannot access /media/avp/study: Permission denied
ls: cannot access /media/avp/test: Permission denied
study test
hduser@avp-HP-ENVY:~$ sudo ls /media/avp/
study test
PS: I've read posts about executing sudo command without a password, but I don't want to use sudo command in the first place for file accessing commands (eg. ls, mkdir, etc.). I've been using Ubuntu for a couple of years now, but I'm missing something very basic which I want to understand clearly, so I'm asking this question here.
Upvotes: 1
Views: 10202
Answers (1)
Reputation: 2364
One of the principles of Linux is: all is a file. That means that process and directories must be treated as files and all files have a three sets of permissions: for the user, for the group and for the rest of the users.
The permissions are: 1 to execute, 4 to read, 2 to write. So when you see a file with a permission "644" that means that the user (owner) can read and write in it, meanwhile the group and the rest of the users can only read it. If you see a file con permissions "777" (the MS Windows way) that means that all people can do what they want with that file, by the contrary a file with permission "000" is "locked" even for the owner of that file. The command to change permission is "chmod", for instance, create a new file:
$ touch test.txt
$ ls -l test.txt
you will see something like:
-rw-r--r-- 1 manuel manuel 0 Mär 20 12:41 test.txt
that means: "the owner user manuel can read and write this file, the users members of the group manuel can only read this file and the rest of the users can only read it."
Where those permissions came from? Well they are defined for the "umask", by default umask is 644 for the new files that you create or copy and 755 for dirs when you create a dir with the "mkdir" command, when you type "ls -la" you can see a "d" at the beginning of some lines indicating that the "file" is directory, and needs execution permissions to be accessed for a user: in linux directories are files with execution permissions.
Every time you add a new users to the system with the command:
$sudo adduser thomas
the command automatically also creates the group "thomas" and creates a dir in the /home directory to him. When you install apache or mysql or postgresql, apt-get also creates a unique user and a group to handle those processes because is dangerous a Windows like approach, where all processes are handled for a single admin user, if someone hack that user that person would have full control of all the system. Of course in Linux the user "root" must runs the smaller number of processes as possible.
You can see the current groups in your system with:
$ cat /etc/group
Now, suppose the user "thomas" wants to edit the file test.txt that we just created, he can't because the file belongs to the user "manuel" and the group "manuel". You have several options, you could change the owner of the file with the command chown:
$ chown thomas.thomas test.txt
now the file is owned by the user "thomas" and the group "thomas", but that is a problem because maybe you want to edit the file later and now you can't. Instead to change the owner, maybe you just need to add writing permissions to the file:
$chmod 666 test.txt
Now the user thomas can write in that file and you too. But now you have the problem that any user can write in the file. The real solution is to give writing permissions to the user and the group:
$chmod 664 test.txt
and then to add the user to the group:
$sudo useradd -G manuel thomas
now "thomas" is member of the group "manuel" (a user can be member of many groups) and then he can write in the file but other users can't.
Now you understand that your dir:
drwxr-xr--+ 4 root root 4096 Mar 20 12:50 ./
is a "file" owned by the root user and the root group and hduser doesn't have permission to execute it. You can do several things, like giving recursively the whole directory to hduser :
$ sudo chown -R hduser /media/avp/
or you can add hduser to the group "root" but that would be dangerous.
Upvotes: 3
Related Questions
- Cannot connect to the Docker daemon at unix:/var/run/docker.sock. Is the docker daemon running?
- How does the Vim "write with sudo" trick work?
- How to use sudo inside a docker container?
- How to fix npm throwing error without sudo
- How to fix 'sudo: no tty present and no askpass program specified' error?
- Laravel Forge Cannot run sudo command