Permission denied - Even tho in group with ownership [closed] - linux

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I've created a group "certificates" and put this group as chgrp -R to /root/ca and all it's files!
Even tho I'm member of "certificates" (relooged multiple times even restarted server) and the permissions are set on drwsrwsr-x I still get the error "Permission denied" when trying to "cd /root/ca".
I tried chaning permissions and ownership and more but somehow still can't access the folder nor get any information about the folder without using "sudo".
Anyone got an idea what could be causing the problem and how to fix it, so I can access the folder if I am member of certificates?
adm_mike#sf-svr-crt01:~$ id -NG
adm_mike adm cdrom sudo dip plugdev lxd certificates
adm_mike#sf-svr-crt01:~$ sudo ls -lh /root | grep ca
drwsrwsr-x 8 root certificates 4.0K Aug 18 06:25 ca
adm_mike#sf-svr-crt01:~$ sudo ls -lh /root/ca
drwsrwsr-x 2 root certificates 4.0K Aug 18 06:28 certs
drwsrwsr-x 2 root certificates 4.0K Aug 18 06:00 config
drwsrwsr-x 2 root certificates 4.0K Aug 13 06:36 crl
-rwxrwxr-x 1 root certificates 5 Aug 13 06:37 crlnumber
-rwxrwxr-x 1 root certificates 579 Aug 18 06:25 index.txt
-rwxrwxr-x 1 root certificates 21 Aug 18 06:25 index.txt.attr
-rwxrwxr-x 1 root certificates 21 Aug 16 15:21 index.txt.attr.old
-rwxrwxr-x 1 root certificates 423 Aug 16 15:21 index.txt.old
drwsrwsr-x 2 root certificates 4.0K Aug 18 06:25 newcerts
drwsrwsr-x 2 root certificates 4.0K Aug 17 14:16 private
drwsrwsr-x 2 root certificates 4.0K Aug 18 06:13 request
-rwxrwxr-x 1 root certificates 5 Aug 18 06:25 serial
-rwxrwxr-x 1 root certificates 5 Aug 16 15:21 serial.old
adm_mike#sf-svr-crt01:~$ cd /root/ca
-bash: cd: /root/ca: Permission denied
Linux Codes as Image

In order to change to the directory /root/ca, you also need to have execute (x) permissions on top-level directories - in this case /root. Whilst in theory the solution would be to also change the group of /root, this is not recommended, as /root, should stay only accessible by the root user in all cases.
You should make a directory in a separate location, i.e. /etc/ssl/ca, and set the respective permissions there.

Related

Logfiles ending with ".1" [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
Why my logsfiles ending with ".1" ?
Its just a new file for log ?
-rw-r----- 1 root adm 0 Mar 14 10:56 auth.log
-rw-r----- 1 root adm 8998827 Mar 14 00:00 auth.log.1
-rw-r----- 1 root adm 5241 Mar 14 10:55 daemon.log
-rw-r----- 1 root adm 97769 Mar 14 00:00 daemon.log.1
-rw-r----- 1 root adm 0 Mar 14 00:00 debug
-rw-r----- 1 root adm 16853 Mar 11 20:51 debug.1
-rw-r----- 1 root adm 0 Mar 14 00:00 kern.log
-rw-r----- 1 root adm 87015 Mar 11 20:51 kern.log.1
-rw-rw-r-- 1 root utmp 292292 Mar 14 10:39 lastlog
-rw-r----- 1 root adm 154 Mar 14 00:00 messages
-rw-r----- 1 root adm 73418 Mar 14 00:00 messages.1
-rw-r----- 1 root adm 0 Mar 14 00:00 user.log
-rw-r----- 1 root adm 2168 Mar 11 20:51 user.log.1
It looks like logrotate in action. That's how it works:
Log rotation is the process that renames a current log file (e.g.,
auth.log becomes auth.log.1) and sets up a new log file (e.g.,
auth.log) for new log entries.
Rotating log files is important for several reasons. First, you
probably don't want older log files eating up too much of your disk
space. Second, when you need to analyze log data, you probably don't
want those log files to be extremely large and cumbersome. And last,
organizing log files by date probably makes spotting and analyzing
changes quite a bit easier (e.g., comparing last week's log data to
this week's).
You didn't mention the OS in question: this article, for example, described how one can set up and configure logrotate on Ubuntu 16.04.

Touch command. permission denied

I was able to connect to my school server via SSH. I had an assignment in which I was supposed to use the touch command to create a new file. Yet it keeps returning permission denied. Others were able to do the same thing. Though why do I keep getting this error?
Below is what was the input from the terminal.
Last login: Tue Aug 23 09:16:18 on ttys000
Dominiks-Air:~ fsociety95$ ssh djaneka1#navajo.dtcc.edu
djaneka1#navajo.dtcc.edu's password:
Last login: Tue Aug 23 09:16:35 2016 from pool-72-94-210-193.phlapa.fios.verizon.net
Navajo is Linux shell server provided to staff, faculty, and students. The
operating system is RedHat Enterprise Linux 5.
Alpine, a Pine replacement, has been provided as a mail client. Run "pine"
at the command prompt.
This server also provides web space to users. Web pages can be stored in
the ~/www directory. This is also accessible by mapping a drive in Windows
to \navajo\homepage. The URL for your homepage is
http://user.dtcc.edu/~username/.
Your home directory is also accessible in Windows by mapping to
\navajo\.
If something appears broken or missing, please email path#dtcc.edu.
Could not chdir to home directory /u/d/j/djaneka1: No such file or directory
-bash-3.2$ touch today
touch: cannot touch `today': Permission denied
-bash-3.2$ pwd
/
-bash-3.2$ touch today
touch: cannot touch `today': Permission denied
-bash-3.2$
Edit: here is the result of ls -al
-bash-3.2$ ls -al
total 204
drwxr-xr-x 25 root root 4096 Aug 22 16:50 .
drwxr-xr-x 25 root root 4096 Aug 22 16:50 ..
-rw-r--r-- 1 root root 0 Aug 3 14:01 .autofsck
-rw-r--r-- 1 root root 0 Jan 30 2009 .autorelabel
-rw------- 1 root root 2050 Aug 3 14:00 .bash_history
drwxr-xr-x 2 root root 4096 May 4 04:14 bin
drwxr-xr-x 4 root root 3072 Aug 3 13:57 boot
drwxr-xr-x 11 root root 4060 Aug 3 14:02 dev
drwxr-xr-x 87 root root 12288 Aug 23 10:05 etc
drwxr-xr-x 3 root root 4096 Oct 1 2009 home
drwxr-xr-x 13 root root 12288 Jun 1 04:09 lib
drwx------ 2 root root 16384 Mar 24 2008 lost+found
drwxr-xr-x 3 root root 4096 Oct 1 2009 media
drwxr-xr-x 2 root root 0 Aug 3 14:02 misc
drwxr-xr-x 4 root root 4096 May 26 2012 mnt
drwxr-xr-x 2 root root 0 Aug 3 14:02 net
drwxr-xr-x 9 root root 4096 Jan 5 2009 nsr
drwxrwxr-x 3 root root 4096 Oct 12 2015 opt
dr-xr-xr-x 219 root root 0 Aug 3 14:01 proc
drwxr-x--- 12 root root 4096 Apr 22 10:06 root
drwxr-xr-x 2 root root 12288 Aug 4 04:02 sbin
drwxr-xr-x 2 root root 4096 Oct 1 2009 selinux
drwxr-xr-x 2 root root 4096 Oct 1 2009 srv
drwxr-xr-x 11 root root 0 Aug 3 14:01 sys
drwxrwxrwt 38 root root 4096 Aug 23 10:07 tmp
drwxr-xr-x 34 root root 4096 Jun 21 08:29 u
drwxr-xr-x 14 root root 4096 Apr 16 2010 usr
drwxr-xr-x 24 root root 4096 Apr 16 2010 var
-rw------- 1 root root 2865 Dec 16 2008 .viminfo
-bash-3.2$
EDIT:
Here is what I see after trying touch today in /home
So to try and create a new document in the root directory you need to be recognised as root. That means using the sudo command.
However for that you would need a password that you may not have. If you do perfect. But in any case I would not recommend adding files to the root directory.
Instead try the following:
cd home
touch today
This should work just fine and answer your question.
Still if you need/want to create today in your root directory try the following
sudo touch today
You will then be prompted for the root password that you can type (if you have it obviously)
In any case I suggest reading this which may be very helpful for you.
I wonder if this was ever truly answered.
If I was looking at it, I would try to see what the system thinks is the home directory of djaneka1, since it may have been setup partway and not completed, leaving stuff owned by root that should have been owned by djaneka1.
If you use the pwd command, and get back the "/" (root) directory there is something wrong with your setup.
The message: Could not chdir to home directory /u/d/j/djaneka1: No such file or directory
tells you it can't find your home directory.
-bash-3.2$ pwd
/
the command "pwd" revealing "/" is just an artifact of the system not being able to find your home directory.
To find what the system thinks is one's home directory,
one can search the file named '/etc/passwd' for one's login name.
I expect this is a possible result if you do that:
$ fgrep 'djaneka1' /etc/passwd
djaneka1:x:1505:1506::/u/d/j/djaneka1:/bin/bash
since it complained that it couldn't find that directory.
This needs to be fixed by someone who has more rights to the system, like root.
there is nothing djaneka1 can do a

What is the deference between 'ls -lh' and 'ls -si'? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I have executed both the comments but the size seems different in both output.
ls -lh
total 147M
-rw------- 1 root root 3.4K Sep 30 14:58 anaconda-ks.cfg
-rw-r--r-- 1 root root 247 Sep 30 14:58 install.post.log
-rw-r--r-- 1 root root 54 Sep 30 14:58 install.postnochroot.log
-rw-r--r-- 1 root root 147M Sep 30 14:58 jdk-7u79-linux-x64.gz
ls -l --si
total 154M
-rw------- 1 root root 3.5k Sep 30 14:58 anaconda-ks.cfg
-rw-r--r-- 1 root root 247 Sep 30 14:58 install.post.log
-rw-r--r-- 1 root root 54 Sep 30 14:58 install.postnochroot.log
-rw-r--r-- 1 root root 154M Sep 30 14:58 jdk-7u79-linux-x64.gz
If you would have checked the manpage for ls with the command man ls you would have seen the following:
-l use a long listing format
-h, --human-readable
with -l and/or -s, print human readable sizes (e.g., 1K 234M
2G)
-i, --inode
print the index number of each file
-s, --size
print the allocated size of each file, in blocks
So you see, each parameter just defines what and how information will be put to the screen. What you see (the difference in size) is the -h or --human-readable command, which will output more readable filesizes instead of printing always the bytes. Using -s will print the filesize in blocks on your HDD, which depends on the block size of your filesystem. From the information provided, i would say your filesystem has a 1kb blocksize. So the real content of the file would be 3.4kb, but must fill up the blocks, so on your disk the file requires 4kb or 4 blocks of space.

linux permissions on aws : basic [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I am new to linux and I am having a problem with permissions. Quite a long time ago I had created an AWS EC2 instance from scratch using step by step tutorials scattered over the web. I managed to upload an html website over there and linking the domain to it etc...
Now that after six months I am connecting again to the EC2 instance using MobaXTerm SSH or SFTP session, I can't get to upload new files or rename old files etc. I am using the regular ec2-user which from what I understand is quite a privileged user nearly as permissable as root.
I connect successfully with the old key that I had created and I can arrive to the desired directory. But I simply can't upload new files or replace old ones because I get a permission denied error. I don't know why and how to fix.
Last login: Fri Apr 25 13:18:26 2014 from 85.232.210.97
__| __|_ )
_| ( / Amazon Linux AMI
___|\___|___|
https://aws.amazon.com/amazon-linux-ami/2014.03-release-notes/
[ec2-user#ip-172-31-47-208 ~]$ cd ./var/www/html/
-bash: cd: ./var/www/html/: No such file or directory
[ec2-user#ip-172-31-47-208 ~]$ cd .
[ec2-user#ip-172-31-47-208 ~]$ cd ..
[ec2-user#ip-172-31-47-208 home]$ cd ..
[ec2-user#ip-172-31-47-208 /]$ cd var/www/html/
**[ec2-user#ip-172-31-47-208 html]$ mv index.html index_old.html
mv: cannot move ‘index.html’ to ‘index_old.html’: Permission denied**
[ec2-user#ip-172-31-47-208 html]$ ls -l
total 164
drwxrwxr-x 2 ec2-user ec2-user 4096 Mar 27 16:03 css
-rw-rw-r-- 1 ec2-user ec2-user 5686 Mar 25 08:34 favicon.ico
drwxrwxr-x 2 ec2-user ec2-user 4096 Mar 27 16:04 font
drwxrwxr-x 14 ec2-user ec2-user 4096 Mar 27 16:18 images
**-rwxrwxrwx 1 ec2-user ec2-user 48675 Apr 25 13:41 index.html**
drwxrwxr-x 4 ec2-user ec2-user 4096 Mar 27 16:19 js
drwxrwxr-x 3 ec2-user ec2-user 4096 Mar 27 16:20 nbproject
drwxrwxrwx 2 ec2-user ec2-user 4096 Apr 25 13:30 old
drwxrwxr-x 3 ec2-user ec2-user 4096 Mar 27 16:20 php
-rw-rw-r-- 1 ec2-user ec2-user 41041 Sep 17 2013 PIE.htc
drwxrwxr-x 24 ec2-user ec2-user 4096 Mar 27 16:22 skins
-rw-rw-r-- 1 ec2-user ec2-user 30951 Mar 26 19:07 style.css
[ec2-user#ip-172-31-47-208 html]$
Can you guide me? What to check? Where to start and continue to dig to sort the issue?
I used WinSCP and SFTP also to manage file uploads easily but the permission issue remains unchanged.
Thank you
In order to add or remove files to/from a directory, you need to have write permission on the directory in question, which is /var/www/html in your case.(I originally wrote just a comment, but thinking again there is only one reason why you see what you are seeing.)Use ls -ld /var/www/html to have a look at the permissions on the directory itself. It should probably belong to root:ec2-user, which in turn means it should likely be chmod 775 (owner and group have read/write/execute permission, others may not write).

What's the exactly differences of /etc/init.d/something and /etc/rc.local [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
When I need to create a autostartup task in Ubuntu. I always create a new file and write a bunch of commands into it. Next, I place this file in the /etc/init.d/ directory. Then, I set chmod 755 for this file. Finally, I execute the command line "update-rc.d file_name defaults" to activate it. And it works like a charm.
Recently, I found that there was another way to make it work the same to this above example. That is appending a new command line into /etc/rc.local (place it above the "exit 0" line).
So could you tell the difference between them ? Thank you very much !
To understand this problem, the first thing you should know is run level in *nix. There are total 6 run level in *nix. I won't show details of each run level, you can read more about it here.
Each run level have separate locations under /etc/:
% cuonglm at ~
% ls -l /etc/rc* -d
drwxr-xr-x 2 root root 4096 Feb 20 10:44 /etc/rc0.d
drwxr-xr-x 2 root root 4096 Feb 20 10:44 /etc/rc1.d
drwxr-xr-x 2 root root 4096 Feb 20 10:44 /etc/rc2.d
drwxr-xr-x 2 root root 4096 Feb 20 10:44 /etc/rc3.d
drwxr-xr-x 2 root root 4096 Feb 20 10:44 /etc/rc4.d
drwxr-xr-x 2 root root 4096 Feb 20 10:44 /etc/rc5.d
drwxr-xr-x 2 root root 4096 Feb 20 10:44 /etc/rc6.d
-rwxr-xr-x 1 root root 306 Feb 4 18:58 /etc/rc.local
drwxr-xr-x 2 root root 4096 Feb 4 19:01 /etc/rcS.d
Everytime your system boots, some scripts (which start with S) under the coressponding run level folder is executed. I.E if you boot in to run level 2, some scripts under /etc/rc2.d/ will executed. If you show content of these folder, you'll see that scripts is a symlink of scripts under /etc/init.d/.
% ls -l /etc/rc2.d/
total 4
-rw-r--r-- 1 root root 677 Jul 27 2012 README
lrwxrwxrwx 1 root root 20 Feb 19 11:26 S20kerneloops -> ../init.d/kerneloops
lrwxrwxrwx 1 root root 27 Feb 19 11:26 S20speech-dispatcher -> ../init.d/speech-dispatcher
lrwxrwxrwx 1 root root 20 Feb 19 11:26 S50pulseaudio -> ../init.d/pulseaudio
lrwxrwxrwx 1 root root 15 Feb 19 11:26 S50rsync -> ../init.d/rsync
lrwxrwxrwx 1 root root 15 Feb 19 11:26 S50saned -> ../init.d/saned
lrwxrwxrwx 1 root root 19 Feb 19 11:26 S70dns-clean -> ../init.d/dns-clean
lrwxrwxrwx 1 root root 18 Feb 19 11:26 S70pppd-dns -> ../init.d/pppd-dns
lrwxrwxrwx 1 root root 14 Feb 19 11:26 S75sudo -> ../init.d/sudo
lrwxrwxrwx 1 root root 17 Feb 20 10:44 S91apache2 -> ../init.d/apache2
lrwxrwxrwx 1 root root 22 Feb 19 11:26 S99acpi-support -> ../init.d/acpi-support
lrwxrwxrwx 1 root root 21 Feb 19 11:26 S99grub-common -> ../init.d/grub-common
lrwxrwxrwx 1 root root 18 Feb 19 11:26 S99ondemand -> ../init.d/ondemand
lrwxrwxrwx 1 root root 18 Feb 19 11:26 S99rc.local -> ../init.d/rc.local
This give you an ability to control your service to run under which runlevel. You can make your service run in only run level 2 and stop in others run level. But remember, Only one "runlevel" is executed on bootup, i.e. either runlevel 2 OR 3 OR 4 is executed, not 2 then 3 then 4.
So it leads you to the difference here. In each run level you boot in, after scripts of this run level is executed, the script /etc/rc.local is executed. It means that /etc/rc.local will run at the end of boot process, regardless of run level you boot in.

Resources