users in multiple groups and file permissions

[berky]

So, to make a long story short, let's assume that I have a user's home directory /home/user1

this directory has permissions 750 and is owned by user1 and group user1

let's also say I have an admin user that is primarily a part of group admin, but also a part of group user1

what would stop admin from having read and execute permissions on this directory?


The long(er) story:

I'm running clamav and have a clamd daemon running as user admin (I could run it as any user, and I may make a special user later, but I don't want to run it as user1, user2, etc).

I have 2 (technically lots more, but let's just say 2 for now) users, user1 and user2 that have home directories /home/user1 and /home/user2. each is owned and group owned by user1:user1 and user2:user2 respectively with permissions of 750.

my admin user is part of groups admin, user1, and user2

I need this to be able to scan my user's directories using the command (is this correct?):
clamdscan --move=/files/quarantine/ --config-file=/etc/clamd.d/adm.conf /home/user1/file

doing this gives the error:
/home/user1/file: lstat() failed. ERROR

If I change the directory permissions to 755, it works fine.
Or if I leave the permissions 750 and change the directory group ownership to admin, it works fine.

So, why would this be? Obviously it is a permissions issue, but why is it not reading admin as part of the user1 group and allowing the same permissions as it does when making the directory group-owned by admin?



Anyone have any ideas?


Edit: also, this is FC 10 with SELinux set to permissive

[druidmatrix]

What are the permissions on home? I believe you have to have execute permissions on the parent directories to be able to navigate to the /home/user1 and browse contents (ls).

[berky]

/home has permissions root:root and 755

this really has me baffled.

[druidmatrix]

Can you log in as admin and read the files/browse directories of the user homes?

[berky]

Yeah, I have a file in that directory as user1:user1 with 660 perms. as admin, I can edit the file with no problems.

[druidmatrix]

Yeah, I have a file in that directory as user1:user1 with 660 perms. as admin, I can edit the file with no problems.

By admin user I hope you dont mean root - we are talking about just a regular called admin? If you can read files in that directory, and browse the directories then it is not a permissions problem.

[berky]

no, it's not root. it's a user called "admin" as you said.

maybe it's just a clamd issue? i'm not sure. clamd is running as admin though.

[druidmatrix]

I am sorry, but I dont have much experience with clamd. You may be better off posting on their forum at this point.