# Permission Denied



## neepie (Aug 26, 2010)

Hi,

I'm having an issue where I might just be overlooking something very simple. But I've been trying to figure this out for a while now, and I can't figure this out.

On a webserver, I'm trying to execute find from a script.
The script is run by the user www and it fails with a Permission denied error
As it turns out, the user www can not execute find:


```
$> sudo -u www /usr/bin/find .
find: .: Permission denied
```
Find is executable for everyone:

```
$> ls -lrt /usr/bin/find
-r-xr-xr-x  1 root  wheel  36672 Feb 14  2007 /usr/bin/find
```

I don't really know where to start looking, any help would be greatly appreciated.

Thanks


----------



## pamdirac (Aug 26, 2010)

the . directory is not accessible from www user?

type 

```
sudo -u www /bin/pwd
```
and after 

```
ls -ld <output of previous command>
```


----------



## neepie (Aug 26, 2010)

So that partly works. And it does give me a way around the problem.

If I do it from my home dir, the permissions seem to be the problem:

```
$> sudo -u www /usr/bin/find .
find: .: Permission denied
$> sudo -u www /bin/pwd
/usr/home/rsamson
ls -ld /usr/home/rsamson
drwx------  3 rsamson  rsamson  1024 Aug 24 16:32 /usr/home/rsamson
```

When I run find from a directory that www can access, it does work:

```
$> cd /var/dat/import
$> sudo -u www /usr/bin/find .
.
./testFile
```

However when I run that same find from my homedir, I get that same Permission Denied again.

```
$> /bin/pwd
/usr/home/rsamson
$> sudo -u www /usr/bin/find /var/dat/import
find: .: Permission denied
```

I guess I could have the script cd into the /var/dat/import directory first as a workaround, but I would like to understand why I can't just run that find command from any directory.


----------



## Beastie (Aug 26, 2010)

pamdirac said:
			
		

> type
> 
> ```
> sudo -u www /bin/pwd
> ...



[cmd=""]ls -ld `sudo -u www /bin/pwd`[/cmd]

?


----------



## SirDice (Aug 27, 2010)

The /usr/home/rsamson/ directory has 700 for permissions. 
Meaning _only_ the owner of the directory (that's rsamson) has permission to read, write and execute.

Handbook: 3.3 Permissions


----------



## pamdirac (Aug 27, 2010)

neepie said:
			
		

> ... I guess I could have the script cd into the /var/dat/import directory first as a workaround, but I would like to understand why I can't just run that find command from any directory.



This is not a workaround. find command try to open . directory. 
You can see this behaviour by reading source

```
if ((dotfd = open(".", O_RDONLY, 0)) < 0)
		err(1, ".");
```
or by executing 

```
$> cd /usr/home/rsamson
$> sudo -u www truss /usr/bin/find /var/dat/import
```



			
				Beastie said:
			
		

> [cmd=""]ls -ld `sudo -u www /bin/pwd`[/cmd]
> 
> ?


I love cut and paste


----------

