traverse path permissions / namei
How does one traverse a long path to quickly find out where you lack permissions?
So, I wanted to test some stuff in Debian/Buster. I already had an LXC container through LXD. I just needed to get some source files to the right place.
lxd$ sudo zfs list | grep buster
data/containers/buster-builder 692M 117G 862M
/var/snap/lxd/common/lxd/storage-pools/data/containers/buster-builder
lxd$ sudo zfs mount data/containers/buster-builder
Make sure there's somewhere where I can write:
lxd$ sudo mkdir \
/var/snap/lxd/common/lxd/storage-pools/data/containers/buster-builder/rootfs/home/osso/walter
lxd$ sudo chown walter \
/var/snap/lxd/common/lxd/storage-pools/data/containers/buster-builder/rootfs/home/osso/walter
Awesome. Time to rsync some files there.
otherhost$ rsync -va --progress FILES \
lxd:/var/snap/lxd/common/lxd/storage-pools/data/containers/buster-builder/rootfs/home/osso/walter/
rsync: [Receiver] ERROR: cannot stat destination
"/var/snap/lxd/common/lxd/storage-pools/data/containers/buster-builder/rootfs/home/osso/walter/":
Permission denied (13)
Drat! Missing perms.
Now comes the nifty part. Instead of doing an ls -ld on each
individual component, there is a simple tool which name I keep
forgetting: namei
lxd$ namei -l \
/var/snap/lxd/common/lxd/storage-pools/data/containers/buster-builder/rootfs/home/osso/walter
f: /var/snap/lxd/common/lxd/storage-pools/data/containers/buster-builder/rootfs/home/osso/walter
drwxr-xr-x root root /
drwxr-xr-x root root var
drwxr-xr-x root root snap
drwxr-xr-x root root lxd
drwxr-xr-x root root common
drwx--x--x lxd nogroup lxd
drwx--x--x root root storage-pools
drwx--x--x root root data
drwx--x--x root root containers
d--x------ 100000 root buster-builder
rootfs - Permission denied
Okay. No permissions on buster-builder then.
lxd$ sudo chmod 701 \
/var/snap/lxd/common/lxd/storage-pools/data/containers/buster-builder
Repeat the namei call, and now all is well. Time for that rsync.