I would like to create/ensure a directory exists and recursively copy many files to it using native Puppet methods if possible. The file modes are same for all files but differ from the directory.
I am using Puppet6 version 6.10.0 on CentOS 6.10
This code will create/ensure my directory exists and copy all the files to it but sets the access rights and ownership exactly the same.
file { "/opt/dir1":
ensure => "directory",
owner => "user1",
group => "root",
mode => "0700",
recurse => true,
source => "puppet:///modules/mymodule/dir1",
}
What I get:
ls -la /opt/dir1"
drwx------ 2 user1 root 4096 Sep 23 20:31 .
drwxr-xr-x 7 user1 root 4096 Oct 6 15:20 ..
-rwx------ 1 user1 root 72 Oct 5 17:15 file1
What I want:
ls -la /opt/dir1"
drwx------ 2 user1 root 4096 Sep 23 20:31 .
drwxr-xr-x 7 user1 root 4096 Oct 6 15:20 ..
-rw-r--r-- 1 user1 root 72 Oct 5 17:15 file1
If you are able to manage the permissions and mode in the source you can use this parameter source_permissions => use. Note, depending on your version you may get a deprecated warning:
Warning: The `source_permissions` parameter is deprecated. Explicitly set `owner`, `group`, and `mode`.
file { "/opt/dir1":
ensure => "directory",
owner => "user1",
group => "root",
source_permissions => "use",
recurse => true,
source => "puppet:///modules/mymodule/dir1",
}
This would allow you do manage the mode in the source but still override the owner and group. you could also drop the owner and group params above and manage them in the source as well. However I'm not sure how this works if you have windows clients and a linux puppet master, or a missmatch in users/groups on the master vs agent
The Puppet file resource can't set different modes for the apex directory and its files when using recurse. https://puppet.com/docs/puppet/5.5/types/file.html#file-attribute-mode
Would you be able to use an archive resource instead? With an archive resource, you can specify a tar file as the source, and the permissions will be set following those in the tar file.
Related
I want to zip a set of directories and files on my centos 8 VM.
There are 3 directories and 1 file which I want to zip in such a way that only env.conf file will move to /etc/env.txt after unzipping it and remaining directories will be unzipped at current location.
Is there any way to achieve this.
drwxr-xr-x. 9 root root 114 Feb 25 12:40 config
-rw-r--r--. 1 root root 340 Feb 25 09:01 env.conf
drwxr-xr-x. 9 root root 4096 Feb 28 05:11 platform
drwxr-xr-x. 2 root root 135 Feb 28 07:49 install
I don't think this is possible. in fact this is considered a vulnerability if you could do that.
Imagine you download a zip file from some website. and after you unzip it in a temp folder. It registers itself as a service by writing a file in /etc somewhere, and gets control over your pc.
Example: zip-slip
You could however create a one-liner that extracts and moves the file wherever you want like this:
unzip <filename> && mv env.conf /etc/env.txt
In Linux, I am the owner of a file, then I tried to change owner to another account, failed. Operation not permitted. Do you know why ? I am the user 'BBB'. Thanks
-bash-4.1$ ls -al
drwxrwxrwx 2 AAA games 4096 Nov 23 14:39 .
drwxr-xr-x 3 AAA games 4096 Nov 23 14:36 ..
-rw-r--r-- 1 BBB esmgroup 16798 Nov 23 14:38 XXX-1.0-SNAPSHOT.jar
-bash-4.1$ chown AAA:games ./*.jar
chown: changing ownership of `./XXX-1.0-SNAPSHOT.jar': Operation not permitted
Only root can change the owner on the file. That's final.
You can do that by login to root using su or use sudo before your command.
More information here: https://unix.stackexchange.com/questions/27350/why-cant-a-normal-user-chown-a-file
You can change the file's group if you're in more than one group.
You should login to root account to be granted to change ownership to any user
You can type sudo before the command and then login to your root user
I am very new to linux and am using putty and pscp to move files to a live hosted directory. I would like to rename my recently uploaded dist folder to its actual project name using mv but get a permission denied error. What is the safest and most reasonable way to arrange these files so I can rename them?
lawton#lawtonb:/var/www/html$ ls -la
total 268
drwxr-xr-x 4 root root 4096 Aug 30 16:42 .
drwxr-xr-x 3 root root 4096 Aug 18 23:05 ..
-rw-rw-r-- 1 lawton lawton 253276 Aug 27 18:06 bundle.js
drwxr-xr-x 2 root root 4096 Aug 30 16:42 dist
-rw-r--r-- 1 root root 17 Aug 18 23:24 info.php
drwxr-xr-x 2 root root 4096 Aug 27 18:59 react-youtube
lawton#lawtonb:/var/www/html$ mv dist BTC_Sorter
mv: cannot move 'dist' to 'BTC_Sorter': Permission denied
If this is a one-time rename, your best course of action would be to run mv with sudo, like this:
sudo mv dist BTC_Sorter
If, however, you'd like to have permissions for your user or group, you should do some reading about chown (The link belongs to the Arch Linux wiki, but should be useful regardless of your distro).
In your particular case, the directory dist is owned both by the user and the group root, hence why you'd need to use sudo, chown or simply the root account.
You are not the owner of the file, you need execute the command with sudo
sudo mv src dest
I have centos in VMware and hosted a web application.
This is the url I try to access my page. There is also another demo page "demo.php" that I create for test. its fine can access and prints contents: "its ok." but when I try to my app page which in same directory the browser says:
Forbidden
You don't have permission to access /WP/View/Home/localobjects.php on this server.
http://192.168.118.129/WP/View/Home/localobjects.php
How can I fix this?
Files Permissions in directory.
-rw-r--rwx. 1 root root 272 Apr 2 00:49 activedirectoryusers.php
-rw-r--rwx. 1 root root 236 Apr 17 01:22 configuration.php
-rw-r--rwx. 1 root root 324 Mar 30 00:59 dashboard.php
-rw-r--r--. 1 root root 107 Apr 15 08:28 deneme.php
drwxr-xrwx. 2 root root 4096 Apr 17 01:22 Ipageimplementations
-rw-r--rwx. 1 root root 257 Apr 17 00:52 localobjects.php
-rw-r--rwx. 1 root root 224 Mar 28 18:41 policy.php
-rw-r--rwx. 1 root root 257 Apr 13 01:58 timeintervals.php
Here is a cheatsheet…
Directories must have the permissions "drwxr-xr-x".
You set them with chmod 755 [directory name].
Files must have the permissions "-rw-r--r--".
You set them with chmod 644 *php for all the php files in a folder. If you have other files which must be seen on the web (.css, etc.) chmod them accordingly.
To get the "magic numbers" you have three digits:
the first one is for the owner
the second one is for the owner's group
the third is for the rest of the world
Numbers are the sum of:
4: readable
2: writeable
1: executable
In doubt, make a directory at a time: if you give wrong permissions (not executable, like files) to a folder you can't browse it.
We used to get directory content listed with the owner name from HP-UX system using FTP client , recently the system was migrated to Suse-Linux. Now when we FTP to this machine, directory list does not show the owner name of the files.
How would one enable listing directory with owner name in Linux ?
Well in ftp (and most shells anyway), you have the ls command. This prints the list of files.
**Example session** (cutted out some messages):
$ ftp ftp.ed.ac.uk
Connected to luther.is.ed.ac.uk.
220-
Login using the username 'anonymous' and use your email address as password.
ftp> ls
200 PORT command successful
150 Opening ASCII mode data connection for file list
lrwxrwxrwx 1 root root 8 Feb 26 2014 INSTRUCTIONS-FOR-USING-THIS-SERVICE -> .message
drwx-wx-wx 3 root root 4096 Feb 17 14:57 edupload
drwx-wx-wx 3 root root 131072 Feb 17 20:20 incoming
drwxr-xr-x 45 root root 4096 Feb 19 2014 pub
226 Transfer complete
ftp>
The table shows:
drwxdrwxdrwx: d stands for directory, and then rwx for read-write-execute for (in sequential order), the owner, the group and all people with login access;
the name of the owner (root);
the name of the group of the owner (root);
file size;
modification date; and
filename.