LINUX: Can't access files outside of home directory
OS: Linux localhost.localdomain 3.10.0-693.11.1.el7.x86_64 #1 SMP Mon Dec 4 23:52:40 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux FireFox: 52.5.1 (64-bit)
I'm trying to access my build directory /lfsbuild/sources/gcc-7.2.0/INSTALL. The file permission permit read/write access however I get
Access to the file was denied The file at /lfsbuild/sources/gcc-7.2.0/INSTALL/build.html is not readable.
It may have been removed, moved, or file permissions may be preventing access.
The ONLY documents that I can open is when I copy them to my /home/whojr directory.
Can you please tell me how to resolve this issue.
SELinux status is enabled.
Thanks,
Bill
All Replies (8)
Not specifically firefox related, but you need execute and read permissions for the top level directories in order to access bottom directories. You should check to see if the user has those permissions on /lfsbuild, /lfsbuild/sources, /lfsbuild/sources/gcc-7.2.0, and also /lfsbuild/sources/gcc-7.2.0/INSTALL/.
An easy way to fix it is to use find and chmod: "find /lfsbuild -type d -exec chmod 755 {} \;"
Be aware this will recursively set all directories under lfsbuild to 755 permissions.
Great thanks for checking all the bases but that was the first thing I checked. The permissions for the entire directory tree permits (readable and executable) access. I can navigate to the directory containing the files through firefox. I just can't open any of the html files even though I can use nano, vi, and emacs on them.
I also can't open any file on the system that is NOT under my home directory.
You can check for sandbox security related issues.
You can set this pref to 2 or 1 on the about:config page to lower the sandbox security setting.
- security.sandbox.content.level = 1
- close and restart Firefox to make the change effective.
If '1' still doesn't have effect then try '0' to disable the sandbox.
If this didn't work then undo/reverse the change and reset the pref via the right-click context menu to the default value.
You can open the about:config page via the location/address bar. You can accept the warning and click "I accept the risk!" to continue.
So to access files on my system using FireFox requires me to lower my security settings? Regardless of the permissions set on the filesystem, as guarded by SELINUX, with no httpd process running?
According to this solution I either have to use firefox exclusively to read html files installed on my system and forgo browsing the internet or browse the internet and only access html files in my home directory.
Do I understand this correctly?
Did you check the Wiki article to see what directory you may have to add to the white list?
The sandbox is designed to restrict access between "content" and the file system. I don't think it is supposed to prevent you from launching an HTML or text file from an arbitrary location on your system in Firefox.
How are you navigating? Are you using "Open File" to call up a system file chooser, or browsing through the address bar (using Firefox as a file browser)?
On Windows, I can start at a mapped drive root --
file:///C:/
-- or file share --
file://///host/share
-- and browse anywhere on the drive/share, but I can appreciate that paths are specified differently on Windows than other OSes. I don't know if the sandbox works differently.
Well, a picture is worth a thousand words, so I added two pics to show what I'm trying to open. I have to be doing something wrong or have a bad configuration.
Thanks