I had an issue where a webserver wasn’t able to display a file due to file permissions. Once you’ve established that the file itself has correct permissions, you need to check every part of the parent path, in case there’s a directory that’s lost its read and/or execute permissions.
Until today, I’d never heard of the
namei command, which can do this for you in a single call.
If you’re on linux, you’ll should already have
namei installed (it’s in util-linux on Debian & Ubuntu), but on MacOS you’ll need to
brew install util-linux and because it installs keg-only, you’ll need to give it the full path
$ sudo -u nobody namei /path/to/problematic/file/that/wont/open.png f: /path/to/problematic/file/that/wont/open.png d / d path d to d problematic file - Permission denied
Here we’re calling
namei with the user the webserver runs as (
nobody) and checking it can read the full path to the file. If there’s an error it will show you which parts of the path have a problem.
In the example above, it’s the
problematic directory (directories are indicated with a
d, files with a
f) - there’s a permission denied error. In case later directories also have problems, I’m going to ensure all the correct permissions are present.
Again, until today, I had no idea that you could set the correct read and execute permissions; with files only having read (
644) and directories have read and execute (
755), using purely
chmod and not having to
find -type d to set the execute permissions.
Thanks to this Super User post on How to recursively chmod all directories except files? it’s a (complex) one liner:
chmod -R u-x,u+rwX,go+rX,go-w /path/to/problematic
- Support PCRE2 or PCRE in `build-nginx`
- Tracking remote branches after a `--single-branch` checkout
- TIL: How to specify a host or hosts for an ansible-playbook without an inventory file
- Automating Jekyll card generation with ruby's Ferrum gem
- Use a basic Gmail account to "Send mail as" with a domain that uses Cloudflare email routing