Does ‘du’ command count the size of unaccessible folders

disk-usagepermissions

I am trying to get the size of an user's folder named allysek and I am using this command du -hLlxcs allysek. I know I don't have permissions to some of the locations.

In the end, I get an output as follows,

du: cannot access ‘/export/mite-09/bc/users/allysek/charlet/PS-tools-mjyger/PS-NOVA/IMR90.NOMe-seq.bam’
du: cannot access ‘/export/mite-09/bc/users/allysek/charlet/PS-tools-mfter/PS-NOVA/IMR90.NOMe-seq.bam.bai’
du: cannot access ‘/export/mite-09/bc/users/allysek/charlet/PS-tools-iuhgi/PS-NOVA/colon.WGBS.bam’
du: cannot access ‘/export/mite-09/bc/users/allysek/charlet/PS-tools-kh/PS-NOVA/colon.WGBS.bam.bai’
du: cannot access ‘/export/mite-09/bc/users/allysek/charlet/PS-tools-h/PS-NOVA/dbNOVA_135.hg19.sort.vcf’
du: cannot access ‘/export/mite-09/bc/users/allysek/charlet/PS-tools-master/PS-NOVA/hg19_rCRSchrm.fa’
du: cannot access ‘/export/mite-09/bc/users/allysek/charlet/PS-tools-master/PS-plot/DKO1.NOMe-seq.bam’
du: cannot access ‘/export/mite-09/bc/users/allysek/charlet/PS-tools-master/PS-plot/DKO1.NOMe-seq.bam.bai’
896M    /export/mite-09/bc/users/allysek
896M    total

So my question is, does the 896M total include sizes of items which I wasn't able to access as well?

Best Answer

Simply not. Look this example

du -shc *
4,0K    AUDIO_TS
4,4G    VIDEO_TS
4,4G    total
chmod 000 * #don't use this in wrong dir!
du -shc *
du: cannot read directory 'VIDEO_TS': Permission denied
du: cannot read directory 'AUDIO_TS': Permission denied
4,0K    AUDIO_TS
4,0K    VIDEO_TS
8,0K    total

Related Solutions

Granting write permissions to a group to a folder

Granting 775 permissions on a directory doesn't automatically mean that all users in a certain group will gain rwx access to it. They need to either be the owner of the directory or to belong to the directory's group:

$ ls -ld some_dir
drwxrwxr-x 2 alex consult 4096 Feb 20 10:10 some_dir/
              ^     ^
              |     |_____ directory's group
              |___________ directory's owner

So, in order to allow both alex and ben to have write access to some_dir, the some_dir directory itself must belong to the consult group. If that's not the case, the directory's owner (alex in your example), should issue the following command:

$ chgrp consult some_dir/

or to change group ownership of everything inside the directory:

$ chgrp -R consult some_dir/

This will only work if alex is a member of the consult group, which seems to be the case in your example.

This will not allow ben to access all of alex's directories for two reasons:

Not all of alex's directories will belong to the consult group
Some of alex's directories may belong to the consult group but alex may not have chosen to allow rwx group access to them.

In short, the answer depends both on group ownership and on the group permission bits set for the directory.

All of this is provided you don't use any additional mandatory access control measures on your system.

Centos – Apache, Group Permissions and User Uploads

There are 2 solutions using 2 different ftp servers

1 - Use proftpd with the VirtualServer feature and with a local user force. Snippet of a config file of mine:

ServerType standalone
DefaultServer on
AccessGrantMsg "User %u logged in."
DeferWelcome off

# Use pam to authenticate (default) and be authoritative
AuthPAMConfig proftpd
AuthOrder mod_auth_pam.c* mod_auth_unix.c


<VirtualHost xxx.xxx.xxx.xxx>
ServerAdmin nwildner@xxx.xxx.xxx.xxx
ServerName  "FTP"
TransferLog /var/log/proftpd/transfer.log
ExtendedLog /var/log/proftpd/full.log ALL
DefaultRoot /var/www/digitalgoods
User                    apache
Group                   apache
AllowOverwrite          yes
MaxLoginAttempts        3
RequireValidShell       no
</VirtualHost>

Create the 3 users, and let them use the ftp. They will be "chrooted" to /var/www/digitalgoods and any file uploaded will have the permissions set to apache:apache

2 - Use vsftpd chroot, and create 3 users with the same userid than apache AND same home dir that will be chrooted(yeah, that´s a kludge but it shall work):

Contents of /etc/vsftpd/vsftpd.conf

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
anon_upload_enable=NO
anon_mkdir_write_enable=NO
dirmessage_enable=YES
check_shell=NO
syslog_enable=YES
connect_from_port_20=YES
xferlog_std_format=NO
idle_session_timeout=3600
ftpd_banner=FTP XXX
chroot_local_user=YES
ls_recurse_enable=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=NO
userlist_deny=NO
tcp_wrappers=YES

Since we are using least privilege, we will have to declare the logins that will access this ftp at /etc/vsftpd/user_list

# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
#
devel
manuals

Create 2 users (/etc/passwd) and use the same userid of the apache user(again, its a damn kludge but at least you will have 2 users uploading to their chrooted homes with the same permission). With the check_shell=NO you don´t need to give a valid shell to those users

[root@]# grep 'apache\|desenv\|man\|' /etc/passwd
apache:x:48:48:Apache:/var/www:/sbin/nologin
devel:x:48:48::/var/www/digitalgoods:/sbin/nologin
manuals:x:48:48::/var/www/digitalgoods:/sbin/nologin

Best Answer

Related Solutions

Granting write permissions to a group to a folder

Centos – Apache, Group Permissions and User Uploads

Related Question