I recently started using Linux, and I’ve been noticing that certain applications do not have permissions to read/write files. How is this possible? The only programs I have noticed having issues so far are Tor Browser and Lemonbar. With Tor, I cannot save downloads anywhere outside of Tor’s own directory. With Lemonbar, I can’t access my .sh file in ~/.config/lemonbar. Does anyone know what is going on and how I can fix it? Thanks!
If those are Snap or FlatPak packages, then this is normal. Those applications run in a sandbox with only limited access to storage, and they have no access outside of that sandbox. This is ─ among other things ─ for security reasons.
Whenever I try to navigate outside of the “Browser” folder to choose my desired downloads folder, the program freezes and I have to kill it via a terminal.
While the answer from @ishaanbhimwal is to configure the download directory for Tor, there may still be a permission issue that needs to be resolved.
This has something to do with the concept of “user”, “group”, and “permission” in Linux.
To simplify the concept, you can use
ls -l PATH_TO_DIRECTORY to see the permission of each file listed in that directory.
You should see the user and the group for each file.
Further simplify the concept of user and group:
- "User " means the user who owns the file. Ownership can be achieved: if a user creates the file, the file’s ownership is that user.
- “Group” means the group of the user who owns the file. Group ownership can be achieved: if a user creates the file, the file’s group ownership is the primary group of that user.
- You can change user and group ownership by
chownif you’re a superuser.
You should also see the permission of each file like “rw-rw-rw-” or other similar (further simplify the meaning of these):
- The first three is the read write execute permission for the owner of the file, the user.
- The next three is the read write execute permission for the users group of the file, the group.
- The last three is the read write execute permission for the other user (not the owner nor the users inside the group).
- r/w/x means you have read/write/execute permission, - means you don’t have the respective permission.
- There are other setuid and setguid, but this is somewhat other advanced topic
Your issue has something to do with the application running as a process on behalf of you as the user.
The user and group of the process running will be you, the user, and your primary group.
So, if you cannot read/write files to a directory path, it means that you don’t have the necessary permission to do so, which you can see by using the above
You can change permission of file by
chmod, but you need to think this carefully in terms of security.
Most file has the permission “rw-” for group, so probably the best way is to add you as the user to the group of file (directory in this case) by
usermod -a -G TARGET_GROUP YOUR_USER_NAME (you probably need to add
sudo for this acting as a superuser).
You can use append
sudo to any command to quickly solve permission issue but I never recommend this; always check permission of files and decide if you should add a user to the group of the file.
You can use append sudo to any command to quickly solve permission issue
I tried running lemonbar as root, but it still said permission denied. Obviously, I am saving files in Tor via GUI, so I can’t use sudo there.
Lemonbar was installed from AUR, and Tor was I believe installed from community repos.
When I do ls -la, it shows the permissions for .config/ as drwxr-xr-x. I don’t really know what that means, but it looks like I have the permissions I need.
Hello @lowpoly and welcome
Could it be possible that you installed firejail?
pamac list --quiet --installed | grep "firejail" && pamac info firejail pamac list --quiet --installed | grep "lemonbar" && pamac info lemonbar pamac list --quiet --installed | grep "torbrowser-launcher" && pamac info torbrowser-launcher
pamac list --quiet --installed | grep "firejail" && pamac info firejail doesn’t output anything.
pamac list --quiet --installed | grep "lemonbar" && pamac info lemonbar outputs
lemonbar-xft-git Name : lemonbar Version : 1.4-1 Description : A featherweight, lemon-scented, bar based on xcb. URL : https://github.com/LemonBoy/bar Licenses : MIT Repository : AUR Depends On : libxcb Make Dependencies : pod2man Provides : lemonbar Conflicts With : lemonbar Maintainer : wilssonmartee First Submitted : 02/07/2021 Last Modified : 02/07/2021
pamac list --quiet --installed | grep "torbrowser-launcher" && pamac info torbrowser-launcher outputs
torbrowser-launcher Name : torbrowser-launcher Version : 0.3.5-2 Description : Securely and easily download, verify, install, and launch Tor Browser in Linux URL : https://github.com/micahflee/torbrowser-launcher Licenses : MIT Repository : community Installed Size : 205.3 kB Depends On : python python-pyqt5 python-requests python-pysocks python-gpgme python-packaging gnupg tor hicolor-icon-theme dbus-glib Optional Dependencies : apparmor: support for apparmor profiles [Installed] Make Dependencies : python-setuptools python-distro Packager : kpcyrd <firstname.lastname@example.org> Build Date : 08/10/2021 Install Date : 12/15/2021 Install Reason : Explicitly installed Signatures : Yes Backup files : /etc/apparmor.d/local/torbrowser.Browser.firefox /etc/apparmor.d/local/torbrowser.Tor.tor
Looks normally… I would rather say, that there a permission problem, produced by yourself apparently…
Check your id and what id the folder has:
id stat ~/.config
Change the ownership of your home folder:
sudo chown -R $USER:$USER /home/$USER/
A while back, I changed my username without changing my groupname, could that have anything to do with this? I don’t recall messing with ID numbers or anything, but they might have changed when I changed the name? I don’t know.
No, if you change your user name, then your
UID will still remain the same. To the system, your name is only a mnemonic ─ it identifies you by your
The ID of the folder is the same as my ID. Also like I said in my post, I am only having problems in certain programs. Most programs can access the folder fine.
ls -l PATH_PROGRAM to the program that has the permission issue.
It’s likely that the program that has issue has a setuid or setguid execute permission; you can see if it is “s” symbol rather than “x” symbol.
This can cause some problem because you will run the process not as you as the user and your group as the group, but rather using the owner and group of the program.
Could you explain what you mean by PATH_PROGRAM? I’m fairly new to Linux and am still learning all of these things.
For example, say package pacman you can use one of the following…
which pacman whereis pacman
Then you should get output like
ls -l /bin/pacman
If I do
ls -l /usr/bin/lemonbar the permissions are listed as
-rwxr-xr-x, so that doesn’t appear to be the problem. I get the same results from
ls -l /usr/bin/torbrowser-launcher.