mkdir -- permision denied

	Free Downloads, Community Forum, FAQs and Developer Resources

Make /Tools Your Home | Link to us

Today's posts | Posts since last visit | Most Active Topics

All Forums	Register	Login	Search	Subscriptions	My Profile	Inbox
Tool Warehouse	FAQs	Resources	Help	Member List	Address Book	Logout

mkdir -- permision denied

Logged in as: Guest

Users viewing this topic: none

Printable Version

All Forums >> [Windows - UNIX Interop] >> System & Network Admin Forum >> mkdir -- permision denied

Page: [1]

Message

<< Older Topic Newer Topic >>

mkdir -- permision denied - May 13, '05, 11:08:56 AM

wekempf

Posts: 8
Joined: May 12, '05,
Status: offline

I'm running on a Domain with a network share for the home directory. I'm unable to run mkdir to create directories in my home directory.

bash-3.00$ cd ~
bash-3.00$ pwd
/dev/fs/H
bash-3.00$ touch test1
bash-3.00$ ls
dev test1
bash-3.00$ mkdir test2
mkdir: test2: Permission denied
bash-3.00$ ls
dev test1
bash-3.00$ md test2
bash-3.00$ ls
dev test1 test2
bash-3.00$ ls -al .
total 18
drwx------+ 1 +Administrators Domain Admins 0 May 13 10:02 .
dr-xr-xr-x 1 0 0 0 May 13 10:03 ..
-rw-r--r-- 1 wkempf Domain Admins 72 May 12 14:12 .Xdefaults
-rw------- 1 wkempf Domain Admins 1862 May 12 14:52 .bash_history
-rw-r--r-- 1 wkempf Domain Admins 264 May 12 14:13 .inputrc
-rw------- 1 wkempf Domain Admins 64 May 12 11:35 .netrc
-rw-r--r-- 1 wkempf Domain Admins 86 May 12 14:22 .profile
-rw-r--r-- 1 wkempf Domain Admins 3610 May 12 14:22 .viminfo
-rw-r--r-- 1 wkempf Domain Admins 18 May 12 14:21 .vimrc
lr--r--r-- 1 wkempf Domain Admins 13 May 12 13:49 dev -> /dev/fs/F/dev
-rw-r--r-- 1 wkempf Domain Admins 0 May 13 10:02 test1
drwx------+ 1 wkempf Domain Users 0 May 13 10:02 test2

I'm not understanding what's going on here. Can anyone explain it?

Post #: 1

RE: mkdir -- permision denied - May 13, '05, 12:07:47 PM

Rodney
Administrator

Posts: 3696
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline

I'm not sure of a couple of things:
- who is the user? is the user a domain user? (output of id please)
- how/who mounted the file system?

The permissions of the directory show read/write access for the group "local administrators".
The "owner" of the diretory is a group, which is also not forgiving.
The directory should be owned by the user. So try do "chown <user> ~".

Rather than mounting with a drive letter you would do best to set the user's home directory
as a "/net" (aka UNC) pathname. You will get better behavior and this will also allow
more users on the same machine to be accessing their home directory without conflicts.
So in the user panel under "home directory" set the UNC path to home. This will automagically
get translated to the "/net" filesystem under Interix. It works better for Win32 too :-)

(in reply to wekempf)

Post #: 2

RE: mkdir -- permision denied - May 13, '05, 2:14:48 PM

wekempf

Posts: 8
Joined: May 12, '05,
Status: offline

bash-3.00$ id
uid=1054330(wkempf) gid=1049089(Domain Users) groups=1049089(Domain Users), 65792(+Everyone), 197611(WS-WKEMPF-01+Debugger Users), 197628(WS-WKEMPF-01+PasswordPropDeny), 131616(+Administrators), 131617(+Users), 66820(+INTERACTIVE), 66827(+Authenticated Users), 4095(CurrentSession), 66048(+LOCAL)

The drive is mounted at boot time by the PDC.

bash-3.00$ chown wkempf ~
chown: /dev/fs/H: Operation not permitted
chown: /dev/fs/H: Operation not permitted

I'm not a Domain Administrator, so I can't make the changes your suggesting. I saw the +Administrators, and it didn't make much sense to me. I'm not sure how you get "local adminsistrators" when it says "Domain Administrators". Further, I don't see that the group has any permissions?

(in reply to Rodney)

Post #: 3

RE: mkdir -- permision denied - May 13, '05, 2:48:00 PM

Rodney
Administrator

Posts: 3696
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline

> chown: /dev/fs/H: Operation not permitted
> I'm not a Domain Administrator, so I can't make the changes your suggesting.

Bummer. Until you (the user) own your directory you don't have the ability to change
the permissions. For security you need to own your directory rather than one of the
administrators (for doing things like ssh and rlogin).

> I saw the +Administrators, and it didn't make much sense to me.

This shows that the directory was created by a Win32 process that was running as
one of the users in the Administrators group. It's a weird Win32 thing that's
special for users in this group.

> I'm not sure how you get "local adminsistrators" when it says "Domain Administrators".
> Further, I don't see that the group has any permissions?

The "+Administrators" is a group. This group is listed as the owner for the directory.
"Domain Admins" is a group too and it is listed as the group for the directory.
Yes, the "group" of the file permissions has no access.
But the group "+Administrators" (listed as owner) does have file permission access.

BTW the "+" at the end of the permissions shows that there are additional ACE entries
in the ACL that are not representable by traditional Unix permissions.

You'll need to get one of your Admins to change the ownership of your home directory
to "wkempf" with a group of "Domain Users".
It is recommended and best if he/she does this from an Interix shell.

(in reply to wekempf)

Post #: 4

RE: mkdir -- permision denied - Oct. 21, '05, 4:14:14 PM

wekempf

Posts: 8
Joined: May 12, '05,
Status: offline

I know this thread is old, but I've just recently gotten the administrators to look into this issue. I'm now the owner, but still have no access.

bash-3.00$ ls -al
total 15124
drwx------+ 1 wkempf Domain Admins 0 Oct 21 15:01 .

bash-3.00$ mkdir foo
mkdir: foo: Permission denied

You mention the group being "Domain Users", but wouldn't that give all users on the domain access to the directory? How does SFU distill the many possible group permissions in Windows down to a single POSIX group here? I'm not sure I'm going to be able to get my admins to run SFU in order to chown, so if there's a way to do this via windows administration, I guess I need to know how.

Thanks.

(in reply to Rodney)

Post #: 5

RE: mkdir -- permision denied - Oct. 21, '05, 5:47:46 PM

Rodney
Administrator

Posts: 3696
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline

The "+" in the directory output shows that the ACL for the directory has more ACE's than
can be displayed in a POSIX (traditional Unix) format.

The first thing I'd do is run cacls on the directory to see what those extra ACE's are.
Then I'd try and clobber the mode of the directory ("chmod 700 ."). That often helps.

> You mention the group being "Domain Users", but wouldn't that give all users on the domain access to the directory?

Not if you set the group permissions restrictive enough. Right now the group has no access (---).
You can leave it that way without a problem.

> How does SFU distill the many possible group permissions in Windows down to a single POSIX group here?

Certain permissions map to certain behaviors. The group name remains the same.

(in reply to wekempf)

Post #: 6

RE: mkdir -- permision denied - Oct. 24, '05, 9:49:05 AM

wekempf

Posts: 8
Joined: May 12, '05,
Status: offline

$ cacls .
H:\ BUILTIN\Administrators:(OI)(CI)F
NSISW.COM\wkempf:(OI)(CI)C
NT AUTHORITY\SYSTEM:(OI)(CI)F

$ chmod 700 .
chmod: .: Operation not permitted

(in reply to Rodney)

Post #: 7

RE: mkdir -- permision denied - Oct. 24, '05, 11:35:36 AM

Rodney
Administrator

Posts: 3696
Joined: Jul. 9, '02,
From: /Tools lab
Status: offline

mmmm... this (the cacls output) seem to show that the permissions are not right.
I don't know how your Admin did the change before, but he/she didn't do it right.
The ACL has permissions for you (wkempf) restricted when it should be full.
Why SYSTEM has an ACE is a question too.

There should be an ACE with you having full control. Then an ACE for the group
and a third ACE for 'Everyone' (yes, that's a literal).

As the owner you should be able to do everything.
How was the filesystem mounted?
Have you tried accessing the fileystem by the "/net" path? (/net/MACHINE/share/...)
Try through the Win32 GUI to give you Full control, remove SYSTEM and add Everyone.

(in reply to wekempf)