Permissions are denied for some programs

I recently started using Linux, and I’ve been noticing that certain applications do not have permissions to read/write files. How is this possible? The only programs I have noticed having issues so far are Tor Browser and Lemonbar. With Tor, I cannot save downloads anywhere outside of Tor’s own directory. With Lemonbar, I can’t access my .sh file in ~/.config/lemonbar. Does anyone know what is going on and how I can fix it? Thanks!

go to settings > search download > save file to

If those are Snap or FlatPak packages, then this is normal. Those applications run in a sandbox with only limited access to storage, and they have no access outside of that sandbox. This is ─ among other things ─ for security reasons.

Whenever I try to navigate outside of the “Browser” folder to choose my desired downloads folder, the program freezes and I have to kill it via a terminal.

While the answer from @ishaanbhimwal is to configure the download directory for Tor, there may still be a permission issue that needs to be resolved.

This has something to do with the concept of “user”, “group”, and “permission” in Linux.

To simplify the concept, you can use ls -l PATH_TO_DIRECTORY to see the permission of each file listed in that directory.

You should see the user and the group for each file.

Further simplify the concept of user and group:

  • "User " means the user who owns the file. Ownership can be achieved: if a user creates the file, the file’s ownership is that user.
  • “Group” means the group of the user who owns the file. Group ownership can be achieved: if a user creates the file, the file’s group ownership is the primary group of that user.
  • You can change user and group ownership by chown if you’re a superuser.

You should also see the permission of each file like “rw-rw-rw-” or other similar (further simplify the meaning of these):

  • The first three is the read write execute permission for the owner of the file, the user.
  • The next three is the read write execute permission for the users group of the file, the group.
  • The last three is the read write execute permission for the other user (not the owner nor the users inside the group).
  • r/w/x means you have read/write/execute permission, - means you don’t have the respective permission.
  • There are other setuid and setguid, but this is somewhat other advanced topic

Your issue has something to do with the application running as a process on behalf of you as the user.

The user and group of the process running will be you, the user, and your primary group.

So, if you cannot read/write files to a directory path, it means that you don’t have the necessary permission to do so, which you can see by using the above ls command.

You can change permission of file by chmod, but you need to think this carefully in terms of security.

Most file has the permission “rw-” for group, so probably the best way is to add you as the user to the group of file (directory in this case) by usermod -a -G TARGET_GROUP YOUR_USER_NAME (you probably need to add sudo for this acting as a superuser).

You can use append sudo to any command to quickly solve permission issue but I never recommend this; always check permission of files and decide if you should add a user to the group of the file.

1 Like
You can use append sudo to any command to quickly solve permission issue

I tried running lemonbar as root, but it still said permission denied. Obviously, I am saving files in Tor via GUI, so I can’t use sudo there.

Lemonbar was installed from AUR, and Tor was I believe installed from community repos.

When I do ls -la, it shows the permissions for .config/ as drwxr-xr-x. I don’t really know what that means, but it looks like I have the permissions I need.

Hello @lowpoly and welcome :wink:

Could it be possible that you installed firejail?

pamac list --quiet --installed  | grep "firejail" && pamac info firejail
pamac list --quiet --installed  | grep "lemonbar" && pamac info lemonbar
pamac list --quiet --installed  | grep "torbrowser-launcher" && pamac info torbrowser-launcher
1 Like

:arrow_down:

1 Like

pamac list --quiet --installed | grep "firejail" && pamac info firejail doesn’t output anything.

pamac list --quiet --installed | grep "lemonbar" && pamac info lemonbar outputs

lemonbar-xft-git
Name                  : lemonbar
Version               : 1.4-1
Description           : A featherweight, lemon-scented, bar based on xcb.
URL                   : https://github.com/LemonBoy/bar
Licenses              : MIT
Repository            : AUR
Depends On            : libxcb
Make Dependencies     : pod2man
Provides              : lemonbar
Conflicts With        : lemonbar
Maintainer            : wilssonmartee
First Submitted       : 02/07/2021
Last Modified         : 02/07/2021

and pamac list --quiet --installed | grep "torbrowser-launcher" && pamac info torbrowser-launcher outputs

torbrowser-launcher
Name                  : torbrowser-launcher
Version               : 0.3.5-2
Description           : Securely and easily download, verify, install, and launch Tor
                        Browser in Linux
URL                   : https://github.com/micahflee/torbrowser-launcher
Licenses              : MIT
Repository            : community
Installed Size        : 205.3 kB
Depends On            : python python-pyqt5 python-requests python-pysocks python-gpgme
                        python-packaging gnupg tor hicolor-icon-theme dbus-glib
Optional Dependencies : apparmor: support for apparmor profiles [Installed]
Make Dependencies     : python-setuptools python-distro
Packager              : kpcyrd <kpcyrd@archlinux.org>
Build Date            : 08/10/2021
Install Date          : 12/15/2021
Install Reason        : Explicitly installed
Signatures            : Yes
Backup files          : /etc/apparmor.d/local/torbrowser.Browser.firefox
                        /etc/apparmor.d/local/torbrowser.Tor.tor

Looks normally… I would rather say, that there a permission problem, produced by yourself apparently… :man_shrugging:

Check your id and what id the folder has:

id
stat ~/.config

Change the ownership of your home folder:

sudo chown -R $USER:$USER /home/$USER/

@megavolt @Aragorn
A while back, I changed my username without changing my groupname, could that have anything to do with this? I don’t recall messing with ID numbers or anything, but they might have changed when I changed the name? I don’t know.

1 Like

No, if you change your user name, then your UID will still remain the same. To the system, your name is only a mnemonic ─ it identifies you by your UID.

The ID of the folder is the same as my ID. Also like I said in my post, I am only having problems in certain programs. Most programs can access the folder fine.

Try ls -l PATH_PROGRAM to the program that has the permission issue.

It’s likely that the program that has issue has a setuid or setguid execute permission; you can see if it is “s” symbol rather than “x” symbol.

This can cause some problem because you will run the process not as you as the user and your group as the group, but rather using the owner and group of the program.

1 Like

Could you explain what you mean by PATH_PROGRAM? I’m fairly new to Linux and am still learning all of these things.

For example, say package pacman you can use one of the following…

which pacman
whereis pacman

Then you should get output like /bin/pacman, so

ls -l /bin/pacman
1 Like

If I do ls -l /usr/bin/lemonbar the permissions are listed as -rwxr-xr-x, so that doesn’t appear to be the problem. I get the same results from ls -l /usr/bin/torbrowser-launcher.