when configured through logback.xml, by default system.log was created with permission set
-rw-r----- with cassandra user having ownership. For exporting logs tried updating -rw-r--r-- to 644 permission, But on logrotation that was reverted by cassandra.
Anyway the privilege for these files can be updated through configuration?
This isn't really a Cassandra question but a filesystem security issue.
Your server has strict permissions for newly-created files. In Unix, the user file-creation mode mask (umask) determines the permissions when files get created -- Logback doesn't set the permissions so it is not configurable through logback.xml.
You need to update the default umask for the Cassandra user so permissions are not so restrictive. The default umask is usually set to 022 so the owner has read/write/execute permissions (0), and everyone else has read access (2).
The default umask is typically configured in the following locations:
/etc/profile
/etc/bash.bashrc
You can check the current setting by running:
$ umask
You can set default umask for Cassandra by adding it to ~/.bashrc or ~/.bash_profile, for example:
umask 022
If you need assistance, consult your sysadmin team. Cheers!
👉 Please support the Apache Cassandra community by hovering over the cassandra tag then click on the Watch tag button. 🙏 Thanks!
Related
I have an issue with Linux ACL. Here is my work flow:
Set ACL permissions on empty directory:
sudo setfacl -Rdm g:www-data:rw /var/www/mysite/html/vendor/
Change directory:
cd /var/www/mysite/html/
Install composer packages:
composer install
Verify installed file permissions:
ls -la vendor/
All the newly created files and folders belong to my user group instead of belonging to the www-data group like it should...
drwxrwxrwx+ 3 john john 4096
What am I missing here?
Note: If my user creates a file or a directory, the correct group permission will be applied. The problem only happens with the composer command.
I finally found what I was doing wrong. I was confusing file "ownership" and file "permissions".
setfacl is used to set default "permissions" for files created in a directory. What I actually needed was to set default "ownership". This is done by setting the "setgid flag" with the chmod command after properly setting the directory group and user ownership.
I wanted all newly created files in my project directory to belong to the user "john" and the group "www-data".
chown -R john:www-data /srv/www/myproject
Now we set the "setgid flag" on the directory and all newly created files will belong to john:www-data:
chmod +s /srv/www/myproject
That's all and there's absolutely nothing wrong with setting the www-data group on your served files if you set verything else properly. In fact, the most upvoted anwser related to Laravel file permission on Stackoverflow (800+ upvote) recommends this exact method. Those who disagree never provide a better working solution.
To conclude, Unix permissions is a complicated topic. Few people understand how to properly set permissions on a production server, many fluent programmers are newbies when it comes to Linux. Take answers you read on SO with a grain of salt.
I want to install and use prestashop but now it only works correctly when I set permissions to 777 (I can login to the server via shell with root privileges). While installing I get this error "recursive write permissions for apache user on..." and only works for permissions set to 777. I don't like this idea because after installation I can't even change back to 755 or 775. I also get problem partly solved when I change the user ownership to apache but then I can't do anything with my ftp client with that folder.
The user owner is ftp and the group owner is psacln? How should I change the membership of the folders so I can work both through ftp and allow apache to do things with presta files? (and of course have the permission set not higher then to 775). BTW, do I have to restart a server when adding or removing user's membership of the group?
This should fix your problem.
ssh root#ip_address
chown -R www-data:ftp /var/www/prestashop
You don't need to restart the server.
Optional :
service apache2 reload
I am using RStudio server (Version 0.98.994) on Ubuntu 12.04.
Our group works on a external share drive together and would like to open the same project.
When I open a project file created by other colleagues, I got an error with permission denied (Sorry I cannot show the error message as I already changed the permission manually).
After checking the file permission, I found the default permission is "-rw-r--r-x" for *.Rproj and .Rhistory, "drwxr-sr-x" for ".Rproj.user". So no write permission for group.
In the external share drive (no sure about system, should be Linux), the default permission is rw for group.
How could I change the default permission for *.Rproj, .Rhistory and .Rprojt.user?
Thanks for any advice. Please let me know if my question is not clear.
EDIT:
I created new file and folder in the external share drive from command line. The default permission is -rw-rw-r-- for file and drwxrwsr-x for folder, as I expected. It seems RStudio server created these new files with their own default permission.
Could I change the default permission of these files *.Rproj, .Rhistory and .Rprojt.user when RStudio server creates them? i.e. Add write permission to group.
The default permissions for Directories are 777 which is read/write/execute and for Files it is 666 which is read/write. But then every system has a umask value, which is normally 022.
So when you create a directory it will have permissions 777 but it will take away the umask value of 022 and leave you with your default permissions of 755 which is rwxr-xr-x
You can change the value of umask by simply entering the command
umask=055
This will set the umask value to 055 and whenever you create a new file/directory, 055 will be taken away from the permissions.
Again look at a newly created directory with permissions of 777 and the umask value is taken away so the directories permission is 722 which is rwx-w--w-
Again look at a new directory with permissions
My system will auto create an image file for captcha. I want the captcha to have a default owner of "my_username apache" when it was created.
currently it was created with owner such as this "apache apache"
I am using Fedora.
Kindly tell me what is the linux command for that.
Thanks
sudo chown apache:apache chaptcha_file
For default permissions for owner check umask here http://man7.org/linux/man-pages/man2/umask.2.html
I had downloaded the perforce client in my ubuntu 11 system a while ago. The p4v in my system is found under:
-r-xr-xr-x 1 root root 1578 2011-08-29 12:46 /usr/bin/p4v
After I read the documentation of p4v I realize it should not be owned by root.
How do I change the ownership of this and also allow my "user" all the access rights without reinstalling the p4v again?
Thanks
If you "chown" P4V without changing the permissions, your user will still be able to use it.
For example:
chown user:group /usr/bin/p4v
The permissions granted to the file allow read and execute to the owner, anyone in the group and everyone else with access to the system. Changing the user and group will not change the permissions, so your user should still be able to execute the binary.
In general, the ownership of a binary that is executable by all shouldn't matter. The danger comes if the owner of the process is root (or any other privileged user). For example, "mount" will be owned by root, and can be run by any user to show the mounted file-systems. Only when it is run by root can it change your file-system structure.