Page 1 of 1

Deleting directory created by other user

Posted: Thu Feb 07, 2019 11:02 am
by MattHawkinsUK
Hello,

I've got a Linux permission issue. It's causing me more hassle than anything else in my project but it a relatively minor feature.

I've got two scripts. One runs as the "pi" user. The other is a Flask app running under a NGINX/uwsgi setup. It runs as "www-data".

The first script creates a directory and fills it with images.

I want the second script to be able to delete this directory when running a particular function.

Once created the directory is owned by the "pi" user with the group "pi". The permissions for pi:pi are rwxrwxr-x.

I've added the "www-data" user to the "pi" group. So as far as I can see the "www-data" user should be able to delete anything the "pi" user creates as it is in the "pi" group. So should have rwx permission on the directory.

But when I use

Code: Select all

shutil.rmtree(path)
It fails to remove the directory.

If I run the same code as the "pi" user it removes the directory as expected.

Have I missed anything? Is there anything else I need to consider?


Matt

Re: Deleting directory created by other user

Posted: Thu Feb 07, 2019 3:45 pm
by DougieLawson
Group permisssions don't let you delete a directory owned by another user.

chmod g+r allows read
chmod g+w allow you to create/write things in there
chmod g+x allows you to cross the directory

Re: Deleting directory created by other user

Posted: Thu Feb 07, 2019 5:34 pm
by jojopi
Write permission on a file allows you to modify the file. To remove or rename the file, you need write access to the containing directory.

Similarly, write permission on a directory allows you to create and remove files inside it. To remove the directory itself you need write access to its parent.

Note that you can remove all the files in a writeable (and not sticky restricted) directory, even if you have no permission on the files themselves. If you do need to make a directory group writeable, therefore, it is good idea to use that directory only for one purpose.

Re: Deleting directory created by other user

Posted: Thu Feb 07, 2019 5:42 pm
by tpyo kingg
It's more complex than that with most GNU/Linux file systems like the EXT series. If you would like two different users to share the same directory, then you'll have to have them be in the same group and then use the SetGID bit on the directory so that new files are created under the right group. Then you'll also have to set the umask correctly or use ACLs to make sure that the group does have the correct permissions (rw) for working in the directory.

(Apropos the group, putting www-data into the pi group gives access to anything that the user pi does. I'd recommend making a new group to share.)

Edit: for example:

Code: Select all

sudo groupadd web-shared;
sudo mkdir -p /var/www/html/shared/;
sudo chown root:web-shared /var/www/html/shared/;
sudo chmod u=rwx,g=rwxs,o=rx /var/www/html/shared/;

sudo gpasswd -a pi web-shared;
sudo gpasswd -a www-data web-shared;
Then the next time pi and www-data log in, they will be able to write to the shared directory. umask for both pi and www-data would still need to be set to 0002, instead of 0022, while working with shared folders.

As an alternative, the package acl could be installed and ACLs used instead but that is less common and often considered more confusing.

Re: Deleting directory created by other user

Posted: Fri Feb 08, 2019 10:49 am
by MattHawkinsUK
Thanks for the replies. Always useful to get some feedback as it meant I could do some more focused Googling.

I managed to solve the issue.

script1.py - Flask app launched on boot and running under NGINX/uwsgi. Runs as user "www-data".
script2.py - Script run by user Pi. It creates new directories in "images" and fills with camera images.

Directory structure under /home/pi/ :

Code: Select all

animation
  images
    seq001
        frame_001.jpg
        frame_002.jpg
    seq002
        frame_001.jpg
        frame_002.jpg
All the dirs are owned by user "pi" with group "pi". User has rwx. Group has r_x and Other has r_x.

In order to allow the Flask app to delete the "seq" directories created by the "pi" script I did the following:
  • Add "www-data" user to "pi" group with "sudo useradd -G pi www-data"
  • chmod 775 "images" to give the "pi" group "w" on "images".
  • When creating new "seq" directories chmod 775 to ensure group has "w".
What I didn't realise it that the group changes I had previously made probably didn't take effect until the user logged in again. In my case a reboot.

So now the script running as "www-data" can delete JPG files in a "pi" owned "seq" directory because the "pi" group has "w" on "images". It can then delete the "seq" directory because the "pi" group can write contents of "images".

{for anyone who is curious I'm creating stop motion animation studio. The "pi" script controls the camera and has a button to take photos. The "www-data" script is a Flask app that creates a website where sequences of images can be viewed. It is the web site where I am implementing a "delete" button to delete sequences previously created).

Re: Deleting directory created by other user

Posted: Fri Feb 08, 2019 11:01 am
by tpyo kingg
MattHawkinsUK wrote:
Fri Feb 08, 2019 10:49 am
  • chmod 775 "images" to give the "pi" group "w" on "images".
  • When creating new "seq" directories chmod 775 to ensure group has "w".
You'll still probably need the set-group-ID bit, which would be mode 2775 or g=rwxs, to ensure that the right group is always used. Otherwise it will end up being the default group for the account creating the directory.

{very cool. will the film be online someday?}