Solved: Is this true? Yes it is.
Source: Dev.to
Executive Summary
TL;DR: Linux “Permission denied” errors when cd‑ing after su are usually caused by missing execute (x) permissions on a parent directory such as /home, not on the user’s home directory itself. Grant traversal permission on the parent directory to resolve the issue:
- Quick fix –
chmod 711 /home(allows traversal without listing contents). - Secure, production‑grade fix – change group ownership to a dedicated admin group and set
chmod 750 /home.
The execute (x) permission is required on all directories in a path for successful traversal, even if the target directory itself has full permissions.
The Problem
When a service user (e.g., svc_deploy) tries to cd ~ after su, the shell may return:
bash: cd: /home/svc_deploy: Permission deniedThe culprit is often the parent directory /home. If /home has permissions like 700 (drwx------) and is owned by root:root, only root can traverse it. Even though /home/svc_deploy may be 755 and owned by the service user, the user cannot reach it because it cannot pass through the locked “door” of /home.
Solutions
Quick Fix – Grant Traversal to Everyone
# Safe, fast, and respects least‑privilege better than most ad‑hoc fixes
sudo chmod 711 /home- Effect:
- Owner (
root):rwx - Group & Others:
--x(execute only)
- Owner (
Users can traverse /home to reach subdirectories they own, but cannot list /home (ls /home still fails).
Secure, Group‑Based Fix
-
Create an admin group (if needed):
sudo groupadd sysadmins -
Add your administrative user(s) to the group:
sudo usermod -aG sysadmins dvance # Log out/in or run `id` to verify group membership -
Change ownership and set restrictive permissions:
sudo chown root:sysadmins /home sudo chmod 750 /home
- Result:
rootand members ofsysadminscan traverse/home.- All other users are blocked completely.
- No directory listing is possible for non‑admin users.
Less Secure Fix – Open to All
sudo chmod 755 /home- Effect:
rwxr-xr-x– everyone can read and execute. - Drawback: Any user can run
ls -l /homeand see every home directory, leaking usernames. This is unsuitable for production or compliance‑sensitive environments.
Comparison of Methods
| Method | Command(s) | Pros | Cons |
|---|---|---|---|
| Quick Fix | chmod 711 /home | Fast, prevents directory listing, works for all non‑root users. | All non‑root users can traverse /home. |
| Permanent Fix | chown root:sysadmins /home; chmod 750 /home | Most secure, granular control, follows least‑privilege principle. | Requires group management and extra setup. |
| Nuclear Option | chmod 755 /home | Guarantees access for everyone. | Insecure; exposes all usernames via directory listing. |
Takeaway
Permissions are about intent. Ensure the execute bit (x) is set on every directory in the path you need to traverse. Choose the fix that aligns with your security posture, document the change, and you can get back to sleep.
Original article: TechResolve.blog