I have some folders on a ubuntu server running Nginx with the following permissions & groups:
drwxr-xr-x 3 www-data www-data some_folder
I am trying to delete these within a deployment script, as a user called deploy. This user is in the www-data group.
I know that to delete these folders, I need group write permissions (which I currently don't), however the deploy user doesn't have the permissions to set this. I've tried chmod 775 some_folder and also setting the deploy user as the owner with chown deploy some_folder, but I always get this error:
chown: changing ownership/permissions of 'some_folder/': Operation not permitted
How can I delete these folders without using sudo?
Thanks in advance for any help
Related
Using SSH I've granted access to my SFTP clients user "ec2-user" with the following command:
sudo chown -R ec2-user /var/www/html
However I also need to grant access to Apache which I can do with the following command:
sudo chown -R apache:apache /var/www/html
I assumed this would grant access to both, but this is not the case. How can I apply the command to both ec2-user & Apache at the same time?
When you have executed chown commands, you did next: at first you've changed the owner of /var/www/html to ec2-user, and with next command you've changed the owner and owner group to apache. You can set only one pair of owner:owner-group to file or directory or whatever.
You have at least two ways to solve your task:
usermod -a -G apache ec2-user - this will add user ec2-user to apache group, after that, make sure, that permissions allows apache group members to manipulate files and directories as you need.
Create a subdirectory in /var/www/html with owner set to ec2-user and group set to main apache group and make sure that Apache could access it. You can configure it as a VirtualHost to separate it from original DocumentRoot.
Also, you have to set ec2-user home directory to /var/www/html, because even if it's has rights to access /var/www/html, it isn't necessary that it can access /var or /var/www.
These instructions helped me to get this up and running very easily:
https://devanswers.co/configure-sftp-web-server-document-root/
Here's a cached version:
https://web.archive.org/web/20201203122712/https://devanswers.co/configure-sftp-web-server-document-root/
The idea here is to create a group like sftp_users and then set permissions to that group, adding the user to that group (the link above details all configurations and setup very well)
Im using gitlab-runner to deploy my php application to nginx web server.
To deploy im using this steps:
1. delete all files in folder /var/www/site
2. move files from gitlab repository to /var/www/site
All these actions are performed only after pushing to repository new changes.
I have a problem. Files that copied to /var/www/site owned by gitlab-runner.
After uploading file from post form, files owned by www-data (nginx user).
After next push, gitlab cant deploy because it's failed on first step. user gitlab-runner hasn't right to delete www-data files.
I cant change nginx user to gitlab-runner for a reason, and i don't know how to change gitlab-runner to another user.
Anyone can help me?
You can use the command chown to change the owner of a file.
chmod uu:gg will set the owner of the file to uu and the group to gg.
You can change permissions of a file with chmod command.
chmod g+w will give write access to file to users of the group of
With this commands you should be able to set the group of the files to a group compatible with git-lab (check initial group of files with ls -l command)
I want to setup jenkins to deploy PHP code.
Let's say we have three users in system: www-data (Apache), tomcat (jenkins) and user (me).
I have added jenkins and user to www-data group.
Existing code (that already running on server and should be overwritten by tomcat) own by user and belongs to www-data group and has 775 permission.
But when I run jenkins and doing chmod -R 775 * I get:
chmod: changing permissions of ‘LICENSE.md’: Operation not permitted
But permissions already 775 and again tomcat in www-data group.
Any thought what I am doing wrong?
I have a web application wrote in php , working with Apache in a Linux server, the problem is that this server can be access by many users, what I want to do is , restrict the htdocs folders without broke the permissions that need Apache in order to display the web application.
My idea is something like this:
User Administrator (is in the sudo group, and in administrator group) Have access to htdocs.
User Deb (is in the sudo group,and in standard group) No have access to htdocs
By access I mean, copy and modify, the php files.
In most Linux distributions Apache is run under a specific user, for example apache under Red Hat and www-data under Debian and Ubuntu. The root user and every user in the sudo have access to all files on the file system. Combining these gives you your solution: change the owner of the htdocs directory to the user under which the server is run and change the rights on the htdocs directory to 0700. So:
$ cd /[path to parent dir of htdocs]/
$ chown <apache user>:<apache group> htdocs
$ chmod 0700 htdocs
This way only the apache server user, root and users in the sudo group have access to the htdocs directory.
You can set the htdocs folders to be readable only by group www-data and add users who are allowed to do changes ther into the www-data group.
drwxrwx--- www-data www-data vhosts/
I'm trying to use Jenkins to deploy to a custom workspace but am having permissions issues. The custom workspace folder is /var/www/workspace which is owned by www-data and in the www-data group as normal. I have added my jenkins user to the www-data group and the folder has writable permissions on user and group level. When I run the Jenkins build it fails because it doesn't have permission to clone into the folder. The only thing I can think of that may be stopping this from happening is the fact that the var folder is owned by root even though www and all folder below this are owned by www-data
Any advice appreciated.
Do one thing, go to /var/www/ and type the following command and paste output:
ll
Responding to your comment, to change the owner and group of /var/www/workspace and all files under it you can use:
chown -R jenkins:www-data /var/www/workspace
In the end I changed the user that Jenkins is running as from Jenkins to www-data. Probably not the ideal way to do things but as this is on a non public facing server it suits my purpose. Now when a build has completed I get Jenkins to run a couple of chmod commands to make sure file permissions are correct and the files are already in the www-data group so all works nicely.