Hello. I have a directory /home/family whose Linux group is “family” and the members of this Linux group are the different Linux users of the family. The group has read and write permissions on the directory, its subdirectories and files (and “x” permission on the directories). But Fedora keeps asking the password again and again for many actions: “Files” (Nautilus) asks the password to open the directory, the password is asked to open a file in LibreOffice, Gimp or “Document viewer”, then asked each time the modified file is saved by LibreOffice; sometimes, but not always, “Files” doesn’t display the thumbnails of pictures even if, according to the Linux user rights and “Files”’ preferences, it should do so, etc… Moreover, when opening a document in LibreOffice, it’s opened as “remote” and saved with ownership “root” and group “root” even if it was not the case before. I guess, but I’m not sure, that this is due to SELinux. What to do to improve the experience, so that these files be treated as, or nearly as if they were in the user’s own directory?
Who is the owner of /home/family.?
For my user on my system I see the default as
$ ls -l /home total 0 drwx------. 1 user user 262 Aug 4 14:34 user
If you have created a separate shared directory then it probably should belong to you or one of the other family members, and group family as noted, and have permissions 775.
Each family member using that directory must also be a member of the family group. Then you should not ever be needing a password or saving things as root. That only happens if you are running a program such as libreoffice as root or with sudo.
For this arrangement sudo is not needed and is actually detrimental. In fact it is not necessary and is actually detrimental if all the family members are part of the wheel group since that gives them full admin control of the machine and probably led to the issue you are seeing now.
Go back to the basics.
sudo chmod 775 /home/family and
sudo chown -R /home/family user:family for whichever user you named as the owner of that directory and from that point on things should work properly.
To answer the question about selinux context,
sudo restorecon -r /home will restore the proper context to /home and everything below it.
Thank you for your help. Eureka! I think I’ve just understood at last (after more than 2 years of that recurring difficulty). I usually open my files with “Files” (Nautilus), by double-clicking, and I use Files’ bookmarks (on the left). Since I’m an admin on the computer, if I don’t have the access rights somewhere, Files asks me my password then opens the folder (probably using sudo, but this is transparent to me) or file. But if it’s a folder, the address in Files, instead of being “/home/family” is admin:///home/family . The owner of that folder is my wife. I had surely bookmarked it a day I had not enough access rights, so the bookmark was “admin:///home/family”. The access rights was then corrected, long ago, but this didn’t change the bookmark. So each time I would use the bookmark, all the files and subdirectories in the hierarchy of “/home/family” would open through that address admin:///home/family, i.e. with superuser rights, so the thumbnails wouldn’t be displayed and files modified by LibreOffice would be attributed to the superuser, “root”. It seems that LibreOffice creates a new file instead of modifying the old one and doesn’t try to copy the ownership of the old one. Moreover the “recent files” of LibreOffice seem to behave the same way, instead of displaying foo.ods, it displays “: foo.ods” which seems to mean “to open using sudo”. So even when, not using Files, I would open such a file directly with that “recent Documents” list, the same effect would follow. It’s also true in the “Open recents” list of Gimp, where the address “admin:///home/family/foo.xcf” appears in a bubble. But each time I would open a file through Files without using the bookmark, the problem wouldn’t appear. By changing the ownership of /home/family, bookmarking it, then changing its ownership back and bookmarking it again, I’ve just managed to get 2 different bookmarks of the same directory, behaving differently for all its hierarchy.
It can be useful to know that if you set the sgid bit on a directory then new created files will inherit the group id of this directory.
chmod g+s /home/family
The ls -l listing will then show
I got the same problem. I have a file disk that was created under username guest from an older ubuntu version. When I bought a new disk, I decided to install the latest ubuntu version 20.04 on that new disk. I ended up with a similar problem - PDF file cannot be opened even though I made all the files readable by chmod ugo+wrx.
Based on this post, I just applied the following:
sudo chown -R user-name:user-name /media/file-directory
I used user-name:user-name because the default group name is the user name when I created the users.
Immediately after this, I am able to open the file.
Exactly what the permissions are supposed to do.
The only issue is that
chmod ugo+wrx really is not the way you should do it.
On a file the execute bit should only be set if it is actually an executable (script or binary). The write bit should only be set for other when you actually want to allow anyone and everyone to write to that file.
Most systems set the umask as 022 which creates files as rw-r–r-- and directories as rwxr-xr-x. Most file should only be writable by the user and directories the same.