1

How is it possible to make a folder under $HOME accessible to other users? I thought that's the case why we have softlinks but apparently I am missing some bits here. Can someone please shed a light on that?

Details: User Hadoop runs hadoop installaion and that contain bin folder with awailable commands to execute.

[hadoop@A1n1 hadoop-1.0.4]$ ls -al total 7648 drwxr-xr-x. 14 hadoop hadoop 4096 Apr 22 2013 . drwx------. 11 hadoop hadoop 4096 Oct 30 13:51 .. drwxr-xr-x. 2 hadoop hadoop 4096 Feb 27 2013 bin [hadoop@A1n1 bin]$ ls -al total 152 drwxr-xr-x. 2 hadoop hadoop 4096 Feb 27 2013 . drwxr-xr-x. 14 hadoop hadoop 4096 Apr 22 2013 .. -rwxr-xr-x. 1 hadoop hadoop 14137 Oct 3 2012 hadoop -rwxr-xr-x. 1 hadoop hadoop 2642 Oct 3 2012 hadoop-config.sh

I created a softlink pointing to bin folder:

[root@A1n1 /usr/local]# ls -l total 44 drwxr-xr-x. 2 root root 4096 Sep 23 2011 bin lrwxrwxrwx. 1 root root 29 Nov 1 08:16 hadoop.bin -> /home/hadoop/hadoop-1.0.4/bin

However when I switch to a different user and try to execute a command I get permission denied:

[bdst@A1n1 local]$ cd /usr/local/hadoop.bin bash: cd: /usr/local/hadoop.bin: Permission denied

I am not sure what I am missing here as to me it seems that file permissions should be ok.

Improve this question

3 Answers 3

Reset to default
3

A symbolic link does not circumvent permissions of the original directory/file. As with direct access you need execute (x) permission on all directories in the path of the original and on the original directory itself. The x is missing on /home/hadoop for others.

Improve this answer
4
  • Is there any standard way how to bypass that except making home dir 755 or so? Commented Nov 1, 2013 at 14:07
  • You could use 751. That way other users can't see which files are in the home dir, but if they guess a name correctly, they can access it (so this would only be security by obscurity). The real solution would be to place the original directory in a public dir and use a symbolic link inside the home dir. Commented Nov 1, 2013 at 14:13
  • Ditto doing it the other way around (put the bin somewhere publicly accessible and symlink it into /home/hadoop). Commented Nov 1, 2013 at 14:14
  • 755 or 751 I was aware of and undersand that. I just wasn't sure that there wasn't other options (like symlinks - I misunderstood the permissions policy) Commented Nov 1, 2013 at 14:25
0

You might be thinking of windows permissions, where everybody typically has the "bypass traverse checking" right, which skips permissions checks in parent folders.

Aside from setting 755/751 or placing the files in a public directory, you could also put your user bdst in the hadoop group, and set the hadoop home directory to 750 or 710.

Improve this answer
-1 
drwx------. 11 hadoop hadoop 4096 Oct 30 13:51 ..

I suppose this is your $HOME. Then this is the cause. Anyway, learn about unix permissions and ACL, it would help you.

Improve this answer
1
  • Downvoted because this didn't really explain anything. Commented Nov 1, 2013 at 18:15

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.