When I list files as a root user:
root#complect-shop:~# ls -lah /www/server/php/73/var/log/
total 5.8M
drw-r----- 2 root www 4.0K Oct 8 10:00 .
drwxr-xr-x 4 root root 4.0K Dec 16 2019 ..
-rw-r----- 1 root www 1.5M Jan 7 12:48 php-fpm.log
-rw-r----- 1 root www 4.3M Jan 6 07:12 slow.log
root#complect-shop:~#
php-fpm.log file has access read an write for root user and read for www group.
Here is the error for user web which is in www group:
╭╴web#complect-shop ~/complect-import-stock-wc
╰╴16:41:03 $ tail /www/server/php/73/var/log/php-fpm.log
tail: cannot open '/www/server/php/73/var/log/php-fpm.log' for reading: Permission denied
Here is a proof user is in the www group:
╭╴web#complect-shop ~/complect-import-stock-wc
╰╴16:45:05 $ groups web
web : web www-data www
The file php-fpm.log will need write access as it is a log file and so allocate wrirte access to the www group
sudo chmod g+w /www/server/php/73/var/log/php-fpm.log
The group www doesn't have execute permissions on /www/server/php/73/var folder, so, you cannot get in. Grant that permission this way:
$ sudo chmod g+x /www/server/php/73/var/log/
Related
i am currently trying to get wordpress running on Ubuntu Server 18.04 with apache. I managed to get everything to work, but for some reason i am not able to use ls -l properly anymore on the wordpress directories, in which i played around with permissions. The out-of-the-box permissions didn't allow me to update my themes from the wordpress webinterface.
I can't find a solution to this problem, because the permissions are clearly stating, that i have at least read permission.
Problem: ls -l shows question marks and sais permission denied.
Infos: permissions are rwx for owner www-data, rw for group www-data and r for other. Output of groups includes www-data, so the user should be in the www-data group.
Outputs:
$ ls -l /usr/share/wordpress/
ls: cannot access '/usr/share/wordpress/readme.html': Permission denied
...
ls: cannot access '/usr/share/wordpress/wp-comments-post.php': Permission denied
total 0
-????????? ? ? ? ? ? index.php
...
-????????? ? ? ? ? ? xmlrpc.php
$ groups
*censored user* adm cdrom sudo dip www-data plugdev lxd lpadmin
$ sudo ls -l /usr/share/wordpress/
total 172
-rwxrw-r-- 1 www-data www-data 418 Apr 6 2018 index.php
-rwxrw-r-- 1 www-data www-data 7440 Apr 8 2018 readme.html
-rwxrw-r-- 1 www-data www-data 5697 Apr 8 2018 wp-activate.php
drwxrw-r-- 9 www-data www-data 4096 Jul 20 00:53 wp-admin
...
-rwxrw-r-- 1 www-data www-data 3065 Apr 6 2018 xmlrpc.php
P.S.: Any extra tips for wordpress security are useful.
Thanks
edit forgot the permissions of the directory, still confusing.
$ sudo ls -l -a /usr/share/wordpress/
total 180
drwxrw-r-- 5 www-data www-data 4096 Jul 20 17:13 .
drwxr-xr-x 162 root root 4096 Jul 20 02:40 ..
...
set execute bit permissions for group you belong to.
I am in the group root who owns a file and all the directories above. Why do I have no access to this file? CentOS 7
$ ls /etc/systemd/system | grep parts.service
ls: cannot access /etc/systemd/system/parts.service: Permission denied
-????????? ? ? ? ? ? parts.service
With SUDO:
$ sudo ls /etc/systemd/system | grep parts.service
-rw-rw-rw- 1 root root 563 Feb 13 09:59 parts.service
Checking for an ACL:
$ sudo getfacl /etc/systemd/system/parts.service
getfacl: Removing leading '/' from absolute path names
# file: etc/systemd/system/parts.service
# owner: root
# group: root
user::rw-
group::rw-
other::rw-
My groups:
$ groups
root wheel docker poweruser
Parent directories
drwxr-xr-x 155 root root 12288 Jul 17 09:04 etc/
drwxr-xr-x 4 root root 151 Nov 11 2019 systemd/
drw-rw-r-- 19 root root 4096 Jun 19 18:14 system/
sudo is used to verify that you are the user with which you are logged. you can access root files with your user, but you have to tell your PC that you want to acces files from the root group
Added "youri" to the www-data group
grep youri /etc/group
www-data:x:33:youri
youri:x:1004:
When i upload something with FTP, the file permission is -rw-------
ls -all
total 176
drwxr-xr-x 2 youri youri 4096 feb 25 12:38 .
dr-xr-xr-x 3 youri youri 4096 feb 25 12:08 ..
-rw-r--r-- 1 youri youri 17 feb 25 12:27 index.php
-rw------- 1 youri youri 164655 feb 25 12:24 test.pdf (uploaded with FTP)
The file index.php is created by nano and changed the permissions by sudo chown youri:youri index.php
When i access my website it shows me the index.php but /test.pdf gives me an "Permission denied" error
Your webserver has no permission to read the file.
Normally, an ftp server has a configuration value called "umask" which is a value defining what permissions NOT to grant (the binary inverse of the value you would give to chmod)
For a better security, most ftp servers like vsftp ship with a default umask of 055 or 077
As you can see, your index.php is not executable. Although it technically is just read, semantically the script is being executed by your webserver. And the webserver runs as the user www-data.
To have this work, change the following:
- Make youri's default group www-data: usermod -g www-data youri
- Change /etc/vsftpd.conf and set a umask of 022
- Restart vsftpd
- chmod 755 index.php (or delete it and upload it again)
I have a directory with full permissions with root as owner. What I want is to be able to remove it as a normal user. However, i am not allowed to do so:
radu#Workstation:/tmp$ ls -l | grep cucu
drwxrwxrwx 2 root root 4096 oct 20 10:28 cucu
radu#Workstation:/tmp$ ls -la cucu
total 52
drwxrwxrwx 2 root root 4096 oct 20 10:28 .
drwxrwxrwt 66 root root 45056 oct 20 10:28 ..
radu#Workstation:/tmp$ rm -r cucu
rm: cannot remove 'cucu': Operation not permitted
What do I not get right?
Removing a directory (or a file) consists in deleting its entry into its containing directory, so to remove cucu you need permissions on its parent; alas access rights are rwxrwxrwt, and the t means removal authorized for owner only, as the owner is root, only root can remove cucu.
Sticky bit is set , so only owner can remove the directory.
This is because only root has the permission to remove directory, as you can see
drwxrwxrwx 2 root root 4096 oct 20 10:28 cucu
From your root, change the Permission of directory using chown. For example-
chown radu cucu
Check this out for more info on chown command on linux.
http://www.thegeekstuff.com/2012/06/chown-examples
I am very new to linux and am using putty and pscp to move files to a live hosted directory. I would like to rename my recently uploaded dist folder to its actual project name using mv but get a permission denied error. What is the safest and most reasonable way to arrange these files so I can rename them?
lawton#lawtonb:/var/www/html$ ls -la
total 268
drwxr-xr-x 4 root root 4096 Aug 30 16:42 .
drwxr-xr-x 3 root root 4096 Aug 18 23:05 ..
-rw-rw-r-- 1 lawton lawton 253276 Aug 27 18:06 bundle.js
drwxr-xr-x 2 root root 4096 Aug 30 16:42 dist
-rw-r--r-- 1 root root 17 Aug 18 23:24 info.php
drwxr-xr-x 2 root root 4096 Aug 27 18:59 react-youtube
lawton#lawtonb:/var/www/html$ mv dist BTC_Sorter
mv: cannot move 'dist' to 'BTC_Sorter': Permission denied
If this is a one-time rename, your best course of action would be to run mv with sudo, like this:
sudo mv dist BTC_Sorter
If, however, you'd like to have permissions for your user or group, you should do some reading about chown (The link belongs to the Arch Linux wiki, but should be useful regardless of your distro).
In your particular case, the directory dist is owned both by the user and the group root, hence why you'd need to use sudo, chown or simply the root account.
You are not the owner of the file, you need execute the command with sudo
sudo mv src dest