In an Amazon Linux instance, after deployment using ElasticBeanstalk, all the files are owned by root user:
drwxr-xr-x 25 root root 4096 jan 01 00:00 var
But the current user is ec2-user so I don't have permissions to create/modify inside /var folder anything. What is the best approach to make it work? chown and modify owner to ec2-user? add user to a user group if exists which I don't know... any other idea?
I don't have permissions to create/modify inside /var folder anything.
you can use following ways to achieve this.
Try sudo [your command]
sudo chown user directory
sudo bash //this will make your root directly
But beware for 2 and 3 way, it can break your system if you do something wrong.There is a famous saying hope you know what you will do
Related
Sorry but I don't know much about linux and i always developped in other environments, I made a cross-platform application with electronJS and i need to create a directory with that code
let staticPath = "/opt/pcapp/resources/monitor";
if (!fs.existsSync(staticPath)) {
fs.mkdirSync(staticPath);
}
In Windows and Mac it works like a charm but on Linux - Ubuntu I installed the app and i get this error due to the required superuser rights.
The users who are going to deal with the application will not have superuser privilege
Now i would like to know if there is a way to grant permission to create, update and delete some files and directory in the Application working directory /opt/pcapp/resources/monitor without SUDO or other stuff.
You have two options I can think of.
1) ACLs which will take a bit of a learning curve.
2) Simple permissions and groups which can be done quite easily.
I created a group mygroup and added a couple of users to it.
# groupadd mygroup
# usermod -G mygroup user1
# usermod -G mygroup user2
I then change the permissions and group on the folder you want the users to have access to:
# chmod 02770 /opt/pcapp/resourcees/monitor
# chgrp mygroup /opt/pcapp/resourcees/monitor
You should now see the following:
# ls -ld /opt/pcapp/resourcees/monitor
drwxrws---. 4 root mygroup 4096 Dec 6 17:23 /opt/pcapp/resourcees/monitor
Now any new file created in the folder will have a group mygroup. You will have to change existing files and folders.
As user2
$ touch /opt/pcapp/resourcees/monitor/testfile1
$ ls -ld /opt/pcapp/resourcees/monitor/testfile1
-rw-rw-r--. 1 user2 mygroup 0 Dec 6 17:29 /opt/pcapp/resourcees/monitor/testfile1
As user1
$ rm -v /opt/pcapp/resourcees/monitor/testfile1
removed ‘/opt/pcapp/resourcees/monitor/testfile1’
If this isn't granular enough, read about Linux ACLs.
Hope this helps.
As HDFS user (owner of a Dir), I'm unable to view all the directories
Here is a command sample:
[ec2-user#ip-172-31-33-161 ~]$ ls -ltr
drwxrwxrwx 2 hdfs hadoop 4096 Oct 7 22:39 cards2
[ec2-user#ip-172-31-33-161 ~]$ sudo su - hdfs
[hdfs#ip-172-31-33-161 ec2-user]$ ls -ltr
ls: cannot open directory .: Permission denied
The command
sudo su - hduser
will take change the user, and take you to the home folder of hduser.
The command
sudo su hduser
can be used to remain in the current working directory even after the user is switched.
Login to ec2 machine as you previously logged in with ec2-user, change the permissions of /home/ec2-user , atleast give read permissions to other users.
chmod 777 /home/ec2-user
It is not the issue with the folder you are trying to access from the HDFS user.
ls -ltr will read the current working directory and will list the files in it.
you switched the user and you are accessing the ec2-user directory (The directory path is same as we required).
After changing the permissions, you are able to see the sub folders in ec2-user aswell.
I hope it will work for you. Please let me know for additional help.
I have application running on ubuntu 12.04 and when user submit file using submit form I got permission denied error. So it seems that user don't have permission to write. when I'm logged in as root and use ls -l folder_name it write
drwxrwxr-x 2 root root 4096 Dec 5 01:17 folder1
drwxrwxr-x 2 root root 4096 Dec 5 01:17 folder2
when I use chown myuser folder_name and repeat ls -l folder_name it gives me the same output so myuser is still not owner of the folders. How can I add myuser as owner of existing folders and all newly created folders inside existing folders.
`
Several things to consider-
owner is root so either 'sudo chown' or become root to do the change
chown myuser:mygroup to change both the owner and group (or chgrp)
from your question it sounds like this is from a web page, so it will probably need to be owned by apache:apache or whatever your webserver runs as
you can't specify the owner of all newly (future) created folders inside these, just who has permissions (chmod) to create folders and then depends on what user is trying to do the creates.
the command is:
sudo chown -R apache:apache folder1
I have moved my website from Godaddy to a VPS server. I'm new to Linux so I followed some tutorials online but still confused about some problems.
I use SSH to log on my server as user adam. In order to run the PHP properly, I have to set 755 permission to /var/www and change the owner of this folder to www-data. But that means I don't have permission to write files in this folder even if add user adam to the group www-data. And I cannot upload webpages onto this folder using FTP which is very annoying. (Currently I have to type su to switch to root and then modify these files with nano)
I know setting 777 is a solution but it may cause some safety concerns so I'm looking for a better solution.
drwxr-xr-x 8 www-data www-data 4096 Jul 24 21:36 www
Every number of permisson is composed as follows
4: read
2: write
1: execute
So if you add them you get the permission. By example 7 means all the permisons and 6 means read and write.
The first number of 755 is for the owner, the second for the group's users and the third for other users.
Then 755 means rwxr-xr-x it is the owner can read wirte and execute, but the group member can't write.
If you want to solve this you can change the privileges to 775 then it will be change to rwxrwr-x
Or you can add www-data as a secondary group to adam and set a setgroupid www-data fro /var/www
I want to create a file in a directory owned by the staff group which I am a member of. Why can I not do this?
bmccann#bmccann-htpc:~$ ls -l /usr/local/lib/R/
total 4
drwxrwsr-x 2 root staff 4096 2010-07-31 16:21 site-library
bmccann#bmccann-htpc:~$ id -nG bmccann
bmccann adm dialout cdrom plugdev staff lpadmin admin sambashare
bmccann#bmccann-htpc:~$ touch /usr/local/lib/R/site-library/tmp
touch: cannot touch `/usr/local/lib/R/site-library/tmp': Permission denied
Did you logout and log back in after making the group changes? See:
Super User answer involving touch permissions failure
I had the same issue, check if the folder has any more ACL rules or not!
If you can see + (plus sign) when you list folder, that means it has special access rules. For example:
[user_in_apache_group#web02 html]$ ls -l
total 16
drwxrwxr-x 16 apache apache 4096 Sep 4 13:46 ilias
drwxrwxr-x+ 15 apache apache 4096 Sep 4 13:46 ilias5
View the permission:
[user_in_apache_group#web02 html] getfacl ilias5
# file: ilias5
# owner: apache
# group: apache
user::rwx
user:user_in_apache_group:r-x
group::rwx
mask::rwx
other::r-x
So that means my user (user_in_apache_group) has no write permission for that folder.
The solution is what #techtonik said, add write permission for user:
[user_in_apache_group#web02 html]$ sudo setfacl -m u:user_in_apache_group:rwx ./ilias5
Check permission again:
[user_in_apache_group#web02 html] getfacl ilias5
...
user:user_in_apache_group:rwx
...
Hope it helps. ;)
Why can't Linux user edit files in group he is a part of?
I am using Ubuntu 12.04 and had the same problem where a user cannot write to a file to whom he is allowed group access to. For example:
whoami //I am user el
el
touch /foobar/test_file //make a new file
sudo chown root:www-data /foobar/test_file //User=root group=www-data
sudo chmod 474 /foobar/test_file //owner and others get only read,
//group gets rwx
sudo groupadd www-data //create group called www-data
groups //take a look at the groups and see
www-data //www-data exists.
groups el //see that el is part of www-data
el : www-data
Restart the terminal now to ensure the users
and groups have taken effect. Login as el.
vi /foobar/test_file //try to edit the file.
Produces the Warning:
Warning: W10: Warning: Changing a readonly file"
What? I've done everything right why doesn't it work?
Answer:
Do a full reboot of the computer. Stopping the terminal isn't enough to fix these problems.
I think what happens is apache2 also uses the www-data group, so the task was somehow preventing the users and groups from being enforced correctly. Not only do you have to logout, but you have to stop and restart any services that use your group. If a reboot doesn't get it, you've got bigger problems.
Use Linux ACL (access control lists) - it is more fine-grained version of permission system,
setfacl -R -m 'group:staff:rwx' -m 'd:group:staff:rwx' /usr/local/lib/R/
This sets both active rights for directory and default rights for anything created within.
This fails to work without relogin if you've just added yourself to the staff group, but you may set the permission only for yourself for the current session.
I had an issue when a user could not access the /foo/bar/baz directory even when he had permissions because he did not have an access to the bar directory.
Maybe your hard disk is full. use this command to check out the "/dev/..." rows.
df -h
Check if your parent directory have permission before you add content to that file
sudo chmod -R 777 /yourDir/file.log