Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I am creating a shared folder for users in the 'development' group. I am having trouble coming up with a series of commands to use to do this I need to set the following permissions:
Only members of the development group can create files in it
Users can only delete the files and directories they create
Any new files/folders in the shared directory are associated with the group
Group owner can only read
Owner can read files, but others cannot have r/w access
What series of commands could I use to accomplish this?
I just cannot seem to get this right with chmod and , and when I login as my other users I keep on getting permission denied for viewing the folder or creating files even with sticky bit set.
Angellic Chords,
first you must state in your request if you have root privileges (login,sudo) to manipulate permissions in the filesystem.
Now you need split task into smaller blocks:
a. add users into developer group (dev_group - assumed already exists)
root# for user in (user1 user2 user3 ... usern)
do
usermod -a -G dev_group $user
done
b. create developer group directory
mkdir /some/path/to/developer/group/dir
c. assign permission on the folder: see doc
owner root.dev_group (root)
owner rwx -- can read, create, change into directory
group rwx -- can read, create, change into directory
other/world r-x -- can read, change into directory only (check if this desirable)
set SGID - newly created files/directories inherit group from directory
set 'stiky' bit - allows manipulate only own files/directories
chown root.dev_group [path to directory] # owner root.dev_group
chmod u=rwx,g=rwx,o=rx [path to directory] # user rwx; group rwx; other r-x
chmod g+s [path to directory] # SGID bit inherit group from directory for new files and directories
chmod +t [path to directory] # stiky bit manipulate own files and directories only
or
chmod 3775 [path to directory]
NOTE: execute permission on a directory allows to change into the directory
d. define umask for each user:
user rwx
group r--
other ---
(in shell initialisation scripts as .bashrc .profile ....)
umask u=rwx,g=r,o=
NOTE: if umask must be different for any valid reason, then user has to change permission at creation, copy time on new files/directories
More grained access restrictions can be achieved with access control lists acl and SELinux contexts.
Just upgrade to Ubuntu 12.XX LTS to 14.04.1 LTS.
My Samba server provides users the ability to write to their own directory by using the [homes] section. After upgrading, they no longer have write access to their home directories through Samba.
I have created a test directory with their home directory with permissions of 777 or 775 and they can create files/directories in it that are owned by them. If the permissions are 755 (which is my preference) then the user can't write to them. Since the file are being created as the proper user, I assume that writes are also being attempted by the correct user.
I am trying to write files into directory /home/morris/junk/zz1
drwxr-xr-x 5 morris morris 4096 Nov 30 00:43 zz1
Any help would be GREATLY appreciated!
The relevent segments of my smb.conf are below.
[global]
log level = 3 acls:10
server string = %h server (Samba, Ubuntu)
map to guest = Bad User
obey pam restrictions = Yes
pam password change = Yes
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
smb ports = 139 445
dns proxy = No
panic action = /usr/share/samba/panic-action %d
hosts deny = 192.168.1.4
veto files = Maildir/imap,Maildir
wide links = Yes
unix extensions = no
[homes]
hide dot files = yes
valid users = %U
read only = No
wide links = yes
writeable = yes
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 2 years ago.
Improve this question
I would like to know whether there is any simple shell command to change the user home directory in Linux/Unix (one similar to chsh which changes the default login shell of an existing valid user) without touching the /etc/passwd file. Thanks
Ibrahim's comment on the other answer is the correct way to alter an existing user's home directory.
Change the user's home directory:
usermod -d /newhome/username username
usermod is the command to edit an existing user.
-d (abbreviation for --home) will change the user's home directory.
Change the user's home directory + Move the contents of the user's current directory:
usermod -m -d /newhome/username username
-m (abbreviation for --move-home) will move the content from the user's current directory to the new directory.
From Linux Change Default User Home Directory While Adding A New User:
Simply open this file using a text editor, type:
vi /etc/default/useradd
The default home directory defined by HOME variable, find line that
read as follows:
HOME=/home
Replace with:
HOME=/iscsi/user
Save and close the file. Now you can add user using regular useradd
command:
# useradd vivek
# passwd vivek
Verify user information:
# finger vivek
The accepted answer is faulty, since the contents from the initial user folder are not moved using it. I am going to add another answer to correct it:
sudo usermod -d /newhome/username -m username
You don't need to create the folder with username and this will also move your files from the initial user folder to /newhome/username folder.
In case other readers look for information on the adduser command.
Edit /etc/adduser.conf
Set DHOME variable
You can do it with:
/etc/passwd
Edit the user home directory and then move the required files and directories to it:
cp/mv -r /home/$user/.bash* /home/newdir
.bash_profile
.ssh/
Set the correct permission
chmod -R $user:$user /home/newdir/.bash*
Found out that this breaks some applications, the better way to do it is
In addition to symlink, on more recent distros and filesystems, as root you can also use bind-mount:
mkdir /home/username
mount --bind --verbose /extra-home/username /home/username
This is useful for allowing access "through" the /home directory to subdirs via daemons that are otherwise configured to avoid pathing through symlinks (apache, ftpd, etc.).
You have to remember (or init script) to bind upon restarts, of course.
An example init script in /etc/fstab is
/extra-home/username /home/username none defaults,bind 0 0
usermod -m -d /newhome username
I have installed on my raspberry pi running debian (raspbian) samba and samba-common-bin
Then I change the config of samba and add the following at the end:
[photocam]
comment = Photo taken from camera
path = /tmp/photocam/
valid users = #users
force group = users
create mask = 0755
directory mask = 0755
read only = no
browseable=Yes
writeable=Yes
only guest=no
public=no
I have created a user for samba with sudo smbpasswd -a pi
Then when I try to access it I can only read the files, I can't delete or create new ones...
Ok, really stupid from my part, I have realised that the folder I used and created with root so I had to use chown and chgrp commands to put it to the right user.
Yes you're right use chown command to change users to pi this will change all files in the current directory to
user=pi, group=pi
sudo chown pi:pi *
You may also need to set permissions on the files with chmod command. The following command will change all files in the current directory to
775 = rwxrwxr.x
sudo chmod 775 *
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I have the following setup to periodically rsync files from server A to server B. Server B has the rsync daemon running with the following configuration:
read only = false
use chroot = false
max connections = 4
syslog facility = local5
log file = /var/adm/rsyncd.log
munge symlinks = false
secrets file = /etc/rsyncd.secrets
numeric ids = false
transfer logging = true
log format = %h %o %f %l %b
[BACKUP]
path = /path/to/archive
auth users = someuser
From server A I am issuing the following command:
rsync -adzPvO --delete --password-file=/path/to/pwd/file/pwd.dat /dir/to/be/backedup/ someuser#192.168.100.100::BACKUP
BACKUP directory is fully read/write/execute to everyone. When I run the rsync command from server A, I see:
afile.txt
989 100% 2.60kB/s 0:00:00 (xfer#78, to-check=0/79)
for each and everyfile in the directory I wish to backup. It fails when I get to writing tmp files:
rsync: mkstemp "/.afile.txt.PZQvTe" (in BACKUP) failed: Permission denied (13)
Hours of googling later and I still can't resolve what seems to be a very simple permission issue. Advice? Thanks in advance.
Additional Information
I just noticed the following occurs at the beginning of the process:
rsync: failed to set permissions on "/." (in BACKUP): Permission denied (13)
Is it trying to set permission on "/"?
Edit
I am logged in as the user - someuser. My destination directory has full read/write/execute permission for everyone, including it's contents. In addition, the destination directory is owned by someuser and in someuser's group.
Follow up
I've found using SSH solves this
Make sure the user you're rsync'd into on the remote machine has write access to the contents of the folder AND the folder itself, as rsync tried to update the modification time on the folder itself.
Even though you got this working, I recently had a similar encounter and no SO or Google searching was of any help as they all dealt with basic permission issues wheres the solution below is somewhat of an off setting that you wouldn't even think to check in most situations.
One thing to check for with permission denied that I recently found having issues with rsync myself where permissions were exactly the same on both servers including the owner and group but rsync transfers worked one way on one server but not the other way.
It turned out the server with problems that I was getting permission denied from had SELinux enabled which in turn overrides POSIX permissions on files/folders. So even though the folder in question could have been 777 with root running, the command SELinux was enabled and would in turn overwrite those permissions which produced a "permission denied"-error from rsync.
You can run the command getenforce to see if SELinux is enabled on the machine.
In my situation I ended up just disabling SELINUX completely because it wasn't needed and already disabled on the server that was working fine and just caused problems being enabled. To disable, open /etc/selinux/config and set SELINUX=disabled. To temporarily disable you can run the command setenforce 0 which will set SELinux into a permissive state rather then enforcing state which causes it to print warnings instead of enforcing.
Rsync daemon by default uses nobody/nogroup for all modules if it is running under root user. So you either need to define params uid and gid to the user you want, or set them to root/root.
I encountered the same problem and solved it by chown the user of the destination folder. The current user does not have the permission to read, write and execute the destination folder files. Try adding the permission by chmod a+rwx <folder/file name>.
This might not suit everyone since it does not preserve the original file permissions but in my case it was not important and it solved the problem for me. rsync has an option --chmod:
--chmod This option tells rsync to apply one or more comma-separated lqchmodrq strings to the permission of the files in the transfer. The
resulting value is treated as though it was the permissions that the
sending side supplied for the file, which means that this option can
seem to have no effect on existing files if --perms is not enabled.
This forces the permissions to be what you want on all files/directories. For example:
rsync -av --chmod=Du+rwx SRC DST
would add Read, Write and Execute for the user to all transferred directories.
I had a similar issue, but in my case it was because storage has only SFTP, without ssh or rsync daemons on it. I could not change anything, bcs this server was provided by my customer.
rsync could not change the date and time for the file, some other utilites (like csync) showed me other errors: "Unable to create temporary file Clock skew detected".
If you have access to the storage-server - just install openssh-server or launch rsync as a daemon here.
In my case - I could not do this and solution was: lftp.
lftp's usage for syncronization is below:
lftp -c "open -u login,password sftp://sft.domain.tld/; mirror -c --verbose=9 -e -R -L /srs/folder /rem/folder"
/src/folder - is the folder on my PC, /rem/folder - is sftp://sft.domain.tld/rem/folder.
you may find mans by the link lftp.yar.ru/lftp-man.html
Windows: Check permissions of destination folders. Take ownership if you must to give rights to the account running the rsync service.
I had the same issue in case of CentOS 7. I went through lot of articles ,forums but couldnt find out the solution.
The problem was with SElinux. Disabling SElinux at the server end worked.
Check SELinux status at the server end (from where you are pulling data using rysnc)
Commands to check SELinux status and disable it
$getenforce
Enforcing ## this means SElinux is enabled
$setenforce 0
$getenforce
Permissive
Now try running rsync command at the client end ,it worked for me.
All the best!
I have Centos 7 server with rsyncd on board:
/etc/rsyncd.conf
[files]
path = /files
By default selinux blocks access for rsyncd to /files folder
# this sets needed context to my /files folder
sudo semanage fcontext -a -t rsync_data_t '/files(/.*)?'
sudo restorecon -Rv '/files'
# sets needed booleans
sudo setsebool -P rsync_client 1
Disabling selinux is an easy but not a good solution
I had the same issue, so I first SSH into the server to confirm that I able to log in to the server by using the command:
ssh -i /Users/Desktop/mypemfile.pem user#ec2.compute-1.amazonaws.com
Then in New Terminal
I copied a small file to the server by using SCP, to make sure I am able to make a connection:
scp -i /Users/Desktop/mypemfile.pem /Users/Desktop/test.file user#ec2.compute-1.amazonaws.com:/home/user/test/
Then In the same new terminal, I tried running rsync:
rsync -avz -e "ssh -i /Users/Desktop/mypemfile.pem" /Users/Desktop/backup/image.img.gz user#ec2.compute-1.amazonaws.com:
If you're on a Raspberry pi or other Unix systems with sudo you need to tell the remote machine where rsync and sudo programs are located.
I put in the full path to be safe.
Here's my example:
rsync --stats -paogtrh --progress --omit-dir-times --delete --rsync-path='/usr/bin/sudo /usr/bin/rsync' /mnt/drive0/ pi#192.168.10.238:/mnt/drive0/
I imagine a common error not currently mentioned above is trying to write to a mount space (e.g., /media/drivename) when the partition isn't mounted. That will produce this error as well.
If it's an encrypted drive set to auto-mount but doesn't, might be an issue of auto-unlocking the encrypted partition before attempting to write to the space where it is supposed to be mounted.
I had the same error while syncing files inside of a Docker container and the destination was a mounted volume (Docker for mac), I run rsync via su-exec <user>. I was able to resolve it by running rsync as root with -og flags (keep owner and group for destination files).
I'm still not sure what caused that issue, the destination permissions were OK (I run chown -R <user> for destination dir before rsync), perhaps somehow related to Docker for Mac slow filesystem.
Take attention on -e ssh and jenkins#localhost: in next example:
rsync -r -e ssh --chown=jenkins:admin --exclude .git --exclude Jenkinsfile --delete ./ jenkins#localhost:/home/admin/web/xxx/public
That helped me
P.S. Today, i realized that when you change (add) jenkins user to some group, permission will apply after slave (agent) restart. And my solution (-e ssh and jenkins#localhost:) need only when you can't restart agent/server.
Yet still another way to get this symptom: I was rsync'ing from a remote machine over ssh to a Linux box with an NTFS-3G (FUSE) filesystem. Originally the filesystem was mounted at boot time and thus owned by root, and I was getting this error message when I did an rsync push from the remote machine. Then, as the user to which the rsync is pushed, I did:
$ sudo umount /shared
$ mount /shared
and the error messages went away.
The group user name for the destination directory and sub directories should be same as per the user.
if the user is 'abc' then the destination directory should be
lrwxrwxrwx 1 abc abc 34 Jul 18 14:05 Destination_directory
command chown abc:abc Destination_directory
Surprisingly nobody have mentioned all powerful SUDO.
Had the same problem and sudo fixed it
run in root access ssh chould solve this problem
or chmod 0777 /dir/to/be/backedup/
or chown username:user /dir/to/be/backedup/