I'm currently setting up a Parse Server with AWS EC2 instance, where I've been using Nginx and Elastic IP to manage SSL certificates.
Through different guides I've reached the solution of put the node app at /var/www/parse-server, but they say I should do 'npm init' in this directory, which is obviously owned by root (and fails because of permissions, of course).
My question is about the proper way of manipulate the app files in this root path, specially because 'sudo npm init' has conflicts with packages when the project keep moving on.
Should I use 'sudo su' and proceed with the install? I tried to do that, but npm init isn't recognized as a command. I haven't tried with --prefix yet, because I wanted to make sure before do that.
Should I use another directory to keep my application working? I've though that, but what about Nginx and all the related config?
Should I chown -R the folder to gain ownership of the /var/www/parse-server folder? If I do that, what about permissions later on?
I found two workarounds for this:
chown -R to change the directory owner to my own user. This works but i think is not the proper way.
Proxy reverse to the specific folder (i'm using nginx, so whoever is watching this thread should be fine with nginx docs)
Thanks to Davi Macedo for solution 1.
Related
I'm configuring software on my first web server, so I am not totally familiar with how everything works, but here is the basic problem:
I have purchased hosting on a web server that runs on CentOS. I have been able to install postgreSQL via an install process that the hoster provides, so that my database will be local only to my home folder. That is working fine.
However, I am trying to install a postgreSQL extension called PostGIS. I have tried to compile it from source on my web server, but it now requires an additional library called GEOS. I downloaded the library from http://download/osgeo.org/geos/geos-3.6.2.tar.bz2, extracted it, and used make install to run it.
Now the problem is that it fails due to this error:
/bin/mkdir: cannot create directory /usr/local/include/geos: Permission Denied
It's not really a surprise, because it is trying to make a new directory in the system root folders, rather than within my personal home folder, which is the only one I have access to. I can't think of any other way around this. Am I just unable to install this library? Or can I "trick" it somehow into installing in in my home directory, where I have full admin rights?
I think You need to execute a command with root user privileges.
Because, make install command need root user privileges.
Like,
sudo make install
or with root user. Like,
sudo su
make install
I managed to install STS 3.8.2 on Ubuntu 16.04 - with a lot of hacking experiments. I have it working, but I am not happy with my solution.
Here is what I had to do:
Extracted the tar file into /opt/sts-bundle.
If you put it anywhere else, like /opt/sts, the TC server fails to start from STS.
With files in /opt/sts-bundle, TC server still fails to start from STS - permission errors. To get it to work you need to futz around with permissions of the pivotal-c-server subdirectories, essentially you need to open it up your group (the same one running STS) (security hole ?).
A local install in your own ~/sts-bundle fails on "files not found" while attempting to backup - all the conf files. It still looks in /opt/sts-bundle for all these config files (just to copy them to /backup). You can change the top directory of the server in STS server properties - but it still looks in /opt/sts-bundle. Seems hard-coded - don't know where. So you have to create all the config files in the conf directory in the tree rooted at /opt/sts-bundle ("touch" works - creating empty files). TC Server still fails to start with a "failed to clean" error - with no clue from the detailed message what files are being "cleaned".
I tried creating a non-privileged user "tcserver" per suggestion from the Pivotal TC Server docs. I installed to /opt/sts-bundle, while logged in as tcserver (with sudo privileges). That fails when I am using STS as a regular developer that is not "tcserver". Could not figure out how to tell TC server to run under a different user than the one that started STS.
The solution I have working and I am not happy with, starts by extracting the tar.gz file into /opt/sts-bundle, as it wants. Then changing owner and group of sts-bundle to my id and my group (same ones that are used in STS UI). I am not happy with that. It seems wrong to put things in /opt that are owned by a single developer.
I am new to Linux, and I still have some Windows habits that need to be unlearned.
The question is: how do I get the clean solution (installing using a "tcserver" user in the global /opt directory) to work for developers who are not "tcserver"? How should the tcserver user be related to the developers (same group?).
Am I making this problem harder than it should be? What am I missing?
I'm not sure this what you want, but I don't install the STS bundles in some kind of shared directory as a special user at all. I just install it in my user.home dir, as myself, and launch it from there.
It is very unsophisticated. I just download the tar.gz file, unpack it in my home dir and then launch it from a trivial bash script which looks something like this:
#!/bin/bash
/home/kdvolder/Applications/sts-bundle/sts-*/STS
That script is on my PATH. So I can just type 'STS' in a terminal and STS will start.
I don't have to do anything else and it works.
If you are trying to somehow install this so that several different users can run a shared installation then this isn't a good setup. But I think for your own personal laptop or desktop which only you are using, this simple setup is perfectly fine.
For a shared-user env, unfortunately, I don't know how to help you. It could be complicated to sort out all the permissions issues etc because Eclipse is a complicated beast w.r.t to installation of plugins etc.
I'm trying to figure out how to get the permissions to work for me with my node_modules directory. Here's the problem...
user1 goes to a folder with a package.json and runs npm install resulting in a node_modules directory with the owner and group user1.
user2 then goes to that folder (it's a shared folder) and tries running something like npm install --save some_dep, but they don't have permissions on this directory so it fails.
Okay, that's fine.. so I chown -R the node_modules to be a shared group which both users are in.
Now user2 can run his command successfully resulting in a folder node_modules/some_dep. But now user1 doesn't have access to this folder.
So I try using a setgid permission on the node_modules directory. Something like chmod -R g+s node_modules. The result is exactly the same as before - when a user runs a NPM command the resulting directory gets the wrong group and permissions.
So I tried using ACLs, but the result is again the same.. the directories resulting from a user running an NPM command will not respect the permissions of the host folder.
Maybe this has something to do with how NPM dependencies are built. Maybe they are built elsewhere and then moved?
Is there any way to set permissions that are effective for that directory and all future subdirectories in such a way that I can make this work?
I could just run everything as root all the time... but this is clearly not ideal.
This appears to be due to a design flaw in npm. When creating the node_modules folder, npm (for reasons no one can explain) executes chown on the folder explicitly. Rather than relying on the OS to properly set permissions, npm mucks with problems, messes up your permissions, and makes it pretty much impossible to use it in a shared environment without periodic manual runs of chmod/chown.
This is likely the source of the endless trail of permissions-related issues people have trying to use npm.
Developers promise (for the nth time) this problem is fixed in later versions: https://github.com/npm/npm/blob/db9cde008ce855bdac801bb6649cbfb5bb7911ac/changelogs/CHANGELOG-2.md#v2120-2015-06-18
I've been looking around for the best/most appropriate way to install node.js/npm in such a way that using commands like npm install -g bower does not require sudo, as using sudo for such a command can cause issues later on. Initially I followed this answer: Installing with nvm but this installs it into the users home directory which I read may not be a good a idea in production to have node installed in your home directory so I followed an expansion on above tutorial with this: Installing with NVM (digital ocean) however this left me still requiring sudo.
On a side note - on my macbook I installed node with homebrew, is this a good idea or is there a more standard approach.
Thanks for all your help, feel free to ask for clarifications.
I forgot to say, the machine I am planning on installing this on is running XUbuntu 14.04. (also I have my macbook running mavericks - but this is just an addition)
Sudo gives you permissions to change/add/remove files not owned by your user. Those files are as a rule everything except /home/YOU (in MacOS: /Users/YOU)
Your desire is to have Node installed as appropriate (system wide, rather than your home directory), that is good. And as you guessed you need sudo to initially install it on a system path.
But then you wish to have modules installed without sudo, meaning you want modules to be located in a directory, where your user has write access to. That would be available by default if Node was installed in your home.
To enforce your wish on a system path, you will need to give write permission to the folder where modules are located, that is change write permissions or ownership of:
/usr/local/share/npm/lib/node_modules, so that modules can be saved on your disk.
/usr/local/share/npm/bin, to allow modules executables be reachable.
You might have to alter few other folders as well.
That answers your question, but I strongly recommend you not doing so. Instead I suggest you stick to default methodologies. Everyone here without doubt will say it is absolutely safe approach to use sudo when you are installing modules globally, it is even safer to not have write permissions to global infrastructure of your install without super privileges.
I just installed Symfony CMF (standard edition 1.1) on a Linux VPS running Ubuntu 13. Everything is installed without errors but I always end up with a permission problem regarding the /app/cache & /app/logs folder.
As far as I know I installed the CMF as user root and the frontend is using user www-data, The only way to get it working without problems is by using these commands;
sudo chown -R :www-data app
sudo chmod g+s app
sudo setfacl -dR -m g::rwX app
chmod -R 777 app
After that it works perfectly but I am sure that from a security point of view this is not the correct way to do this.
So, I hope that anyone who has experienced this problem can provide me with a secure and correct method of solving the /app/ permission problem.
If I need to provide more information or show some configurations, I will gladly provide it as I need to solve this minor issue that is blocking the launch of my project.
This is explained in detail in the symfony documentation. Note that for images, we use the Imagine bundle, so you also need to set permissions on web/media/cache.
Usually you do not want to do things like deployments or git checkout as root, but with a non-privileged user. It is a good idea to have the webserver run under a different user, so that it can not just edit PHP files, to limit the potential damage in case there is a security issue in the webserver or your application.