My user cannot read files owned by himself

[UJuwMLAx]

I have no clue how I did this, but my user account cannot read the files in ~/.ssh:

bedna% id -u
1001
bedna% which ls
/bin/ls
bedna% ls -lna .ssh
ls: .: Permission denied
ls: ..: Permission denied
ls: config: Permission denied
ls: id_ed25519: Permission denied
ls: id_ed25519.pub: Permission denied
ls: known_hosts: Permission denied
total 0
bedna% su root
Password:
# id -u
0
# ls -lna .ssh
total 83
drw-------   2 1001 1001   6 Jan  4 15:28 .
drwxr-xr-x  13 1001 1001  37 Jan  4 15:59 ..
-rw-r--r--   1 1001 1001 116 Jan  4 15:13 config
-rw-------   1 1001 1001 387 Jan  3 07:03 id_ed25519
-rw-r--r--   1 1001 1001  82 Jan  3 07:03 id_ed25519.pub
-rw-r--r--   1 1001 1001 828 Jan  3 07:05 known_hosts

Any ideas what is going on here? What can I do to recover from this? All other directories in my home dir behave normally, just not in the .ssh dir.

I remember previously copying some stuff to my ~/.ssh from a backup of my .ssh directory in a different location I executed cp -r ./.ssh/* ~/.ssh), but by now those copied files I have deleted again (as root, because already then my user accound had no write permission). In my backup location my user account owns those files:

bedna% ls -lna .ssh
total 99
drwxr-xr-x  3 1001 1001   5 Jan  4 05:53 .
drwxr-xr-x  5 1001 1001  13 Jan  4 15:17 ..
-rw-r--r--  1 1001 1001 128 Jan  4 05:53 age_identity.age
-rw-r--r--  1 1001 1001 116 Jan  4 05:53 config
drwxr-xr-x  2 1001 1001   4 Jan  4 05:53 github_repositories

 

[adorno]

What does ls -lnd .ssh say?

 

[UJuwMLAx]

Thanks for your question. Both root and owner's user account see
drw------- 2 1001 1001 6 Jan 4 15:28 .ssh

Somewhere I read that ~/.ssh should have permissions 700. I remember changin that manually in chaotic acting, when I tried to make all files under .ssh private. Under root I ran chmod -R 600 .ssh. That must have changed the .ssh dir itself, too.

So now I corrected it:

bedna% ls -lnd .ssh
drwx------  2 1001 1001 6 Jan  4 15:28 .ssh

and sure enough the user account now can see all files in there as usual:

bedna% ls -lna .ssh
total 83
drwx------   2 1001 1001   6 Jan  4 15:28 .
drwxr-xr-x  13 1001 1001  37 Jan  4 17:51 ..
-rw-r--r--   1 1001 1001 116 Jan  4 15:13 config
-rw-------   1 1001 1001 387 Jan  3 07:03 id_ed25519
-rw-r--r--   1 1001 1001  82 Jan  3 07:03 id_ed25519.pub
-rw-r--r--   1 1001 1001 828 Jan  3 07:05 known_hosts

Wow, just by making the directory executable? Intuitively, this does not make sense to me. What kind of manual page or tutorial did I forget to read?

 

[adorno]

chmod(1) mentions this in the MODES section.

 

[Kai Burghardt]

[…] Intuitively, this does not make sense to me. What kind of manual page or tutorial did I forget to read?

Indeed, the double meaning is unintuitive, but then the actual unintuitive part is that ls(1), chmod(1) and other tools call it the executable bit regardless of the file type. Under the hood it may still be implemented as one and the same bit, but on the surface you ought to hide such implementation details.​

chmod(1) mentions this in the MODES section.

There are tons of resources out there, but maybe, UJuwMLAx, the the FreeBSD handbook achieves the right balance between being sufficient vs. too comprehensive for you:​

Directories are also treated as files. They have read, write, and execute permissions. The executable bit for a directory has a slightly different meaning than that of files. When a directory is marked executable, it means it is possible to change into that directory using cd(1). This also means that it is possible to access the files within that directory, subject to the permissions on the files themselves.

In order to perform a directory listing, the read permission must be set on the directory. In order to delete a file that one knows the name of, it is necessary to have write and execute permissions to the directory containing the file.​

 

[DavidMarec]

Regarding directories, the 01 or x bit stands for "search permission".
Basics/permissions

Directories are also treated as files.They have read, write, and execute permissions.The executable bit for a directory has a slightly different meaning than that of files.When a directory is marked executable, it means it is possible to change into that directory using cd(1).This also means that it is possible to access the files within that directory, subject to the permissions on the files themselves.

 

[UJuwMLAx]

I remember reading all of those linked sections in the FreeBSD Handbook some time in October, November 2023 when I first installed FreeBSD but this particular piece of information just did not stick in my mind for there were so many other new things for me. Anyways, many thanks for the help. It pleases me that FreeBSD has such nice community and, as far as I've experienced, great documentation. I'm honing my skills to eventually contribute to this wonderful ecosystem.