Why do I get "Permission Denied" errors even though I have group permission?

I’m trying to run a game called “Dofus”, in Manjaro Linux. I’ve installed it with packer, that put it under /opt/ankama folder. This folder ownership (and for every file inside it) is root user, and games group. As instructed by the installing package, I’ve added myself (user familia) in the games group (by not doing so, “I would have to input my password every time I tried to run the updater”).

However, when running the game, it crashes after inputting my password (which shouldn’t be required). Checking the logs, I’ve got some errors like those:

[29/08 20:44:07.114]{T001}INFO    c/net/NetworkAccessManager.cpp L87  : Starting request GET http://dl.ak.ankama.com/updates/uc1/projects/dofus2/updates/check.9554275D
[29/08 20:44:07.291]{T001}INFO    c/net/NetworkAccessManager.cpp L313 : Request GET http://dl.ak.ankama.com/updates/uc1/projects/dofus2/updates/check.9554275D Finished (status : 200)
[29/08 20:44:07.292]{T001}ERROR   n/src/update/UpdateProcess.cpp L852 : Can not cache script data

So, I suspect Permission Denied errors. An error message a moment after startingenter image description here

That translates to “An error has happened while writing to the disk – verify if you have the sufficient rights and enough disk space”.

Then, after some research, I came across “auditd” that can log file accesses in a folder. After setting it up, and seeing which file accesses were unsuccessful, this is the result.

All of those errors actually refer to a unique file, /opt/ankama/transition/transition, with a syscall to (open). This file’s permissions are rwxrwxr-x (775). So, I’ve rwx permissions to it, yet it gives me an error exit -13, which is a EACESS error (Permission Denied).

I’ve already tried to reboot the computer, to log in and log out. None of them worked.

If I set the folder permissions to familia:games, it runs with no trouble, I don’t even need to input my password. However, it doesn’t seem right this way. Any ideas of why I get Permission Denied errors even though I have read/write/execute permissions?

Mark has said that I could need +x permissions in all directories of the path prefix. The path itself is /opt/ankama/transition/transition. The permissions for the path prefixes are:

/opt – drwxr-xr-x(755), ownership root:root

/opt/ankama – drwxr-xr-x(755), ownership root:games

/opt/ankama/transition – drwxrwxr-x(775), ownership root:games

However, one thing that I’ve noticed is that all subfolders of /opt/ankama are 775, even though the folder itself is 755. I don’t think this means anything, and changing the permissions to 775 doesn’t work.

Also, Giel suggested that I could have AppArmor running on my system. However, running # cat /sys/module/apparmor/parameters/enabled gives me N.

Asked By: Ramon Dantas

||
Source

First, when you add yourself to a group, the change is not applied immediately. The easiest thing is to logout and log back in.

Then there are write permissions of data files (as mentioned already in some of the comments). However, the solutions are not good for security.

  • Add a group for the game. Do not add any user to this group.
  • Make the game executable by chmod -R ugo+rX game-directory
  • Give write permissions to group only and no-one else using chmod -R ug+w,o-w game-directory
  • Add game to group chgrp -R game-group game-directory, chmod -R g+s game-directory

or just addgroup game-group; chgrp -R game-group game-directory; chmod -R u=rwX,g=rwXs,o=rX game-directory

If game needs to change permissions then you can do the same but for user instead of group. ie.

adduser game-owner; addgroup game-group; chown -R game-owner:game-group game-directory; chmod -R u=rwXs,g=rwXs,o=rX game-directory

Answered By: ctrl-alt-delor

Directories need x bit set (for directory that bit is seen as search bit) to open. So I use tree so I can get only the folder set and avoid the nightmare of having all the files set as executables ( the option for tree is -d List directories only.):

sudo tree -faid here_goes_your_directory xargs -L1 -I{} sudo chmod 755  "{}"

Warning!!! you should have this into considerations:

  • using chmod or chown recursive on root / directory or system directories will destroy your OS (actually anything recursive on / directory or system directories is dangerous)

  • this is not a good security practice to set permission bulk like that

Answered By: Eduard Florinescu
Categories: Answers Tags: , , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.