I couldn’t count times when asking someone to check permissions in Linux for some file I was given answer which was something like:
[root@linux ~]# ls -l /var/log/httpd/access_log
-rw-r--r-- 1 root root 17245040 Mar 13 13:38 /var/log/httpd/access_log
[root@linux ~]#
So all looks good – file is readable. But is it really?
Checking just a final file / directory isn’t enough. If there are some parts in the path that lack permissions, you will not be able to reach the desired target, even if final permissions look good.
So here is the simple trick to check full (absolute) path and show permissions / ownership for all the directories:
[root@linux ~]# namei -mo /var/log/httpd/access_log
f: /var/log/httpd/access_log
dr-xr-xr-x root root /
drwxr-xr-x root root var
drwxr-xr-x root root log
drwx------ root root httpd
-rw-r--r-- root root access_log
[root@linux ~]#
As you can see, “httpd” part has limited permissions, which prevents anyone but root user going further. So once you have to check permissions in Linux, it should be done for full path instead of just the single file / directory itself.