Results 1 to 4 of 4

Thread: Permissions Appear Correct, but Fail

  1. #1
    Join Date
    Apr 2017
    Beans
    6

    Question Permissions Appear Correct, but Fail

    I'm running a dockerized Minecraft server (itzg/minecraft) in a fairly straightforward Ubuntu 18.04 server. The Minecraft directory is under /srv. If I sudo chmod 777 -R /srv, everything works great. So I know my issue is permissions related. However, I am not able to get it to work correctly otherwise, unless I make a specific account (not group) the owner of the server's file store.

    I've done this:
    Code:
    sudo groupadd gameadmin
    sudo usermod -a -G gameadmin myUsername
    sudo chown -R root:gameadmin /srv
    If I then do sudo chmod 775 -R /srv, minecraft fails to save user progress. However, if I sudo chown -R myUsername:gameadmin /srv, it works. I've also confirmed that the gameadmin group has myUsername in it with getent group gameadmin.

    How can it be that with 775 permissions, the account owner and group owner do not have the same ability to write/modify files and directories?

    Thanks in advance.

  2. #2
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Permissions Appear Correct, but Fail

    Are permissions, users, and groups inside the container the same as outside the container? Just asking. Only you would know.

  3. #3
    Join Date
    Jan 2010
    Location
    Wheeling WV USA
    Beans
    2,021
    Distro
    Xubuntu 20.04 Focal Fossa

    Re: Permissions Appear Correct, but Fail

    are you doing the chown commands inside the container or outside?
    Mask wearer, Social distancer, System Administrator, Programmer, Linux advocate, Command Line user, Ham radio operator (KA9WGN/8, tech), Photographer (hobby), occasional tweetXer

  4. #4
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: Permissions Appear Correct, but Fail

    Quote Originally Posted by Skaperen View Post
    are you doing the chown commands inside the container or outside?
    Hopefully, there isn't any way to get "inside" a running container. That would be bad, against container best practices, and defeat the purpose. Containers should only have enough OS to do the 1-thing they are supposed to do. No shell. No ssh. Just 1 running program, hopefully, just a single network service.

    Don't leave any tools helpful to an attacker inside the container. It should only be able to run the single program, nothing else.

    At least that's what the training I've had beat into our heads.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •