Why are directories I create owned by root:myNonPrimaryUserGroup? - linux

My Ubuntu (WSL) user foo used to have primary group foo but I changed this to root. Still, when I sudo mkdir /bar the directory is owned by root:foo and not by root:root. Why?
[foo#mymachine]$ groups
root adm dialout cdrom floppy sudo audio dip video plugdev netdev lxd
[foo#mymachine]sudo mkdir /bar
[foo#mymachine]$ ls / | grep bar
drwxrwxr-x 1 root foo 512 Jun 14 17:40 bar/
UPDATE - This is a WSL/Ubunto Issue
I have just tried to reproduce the issue in CentOS and I can't.
I created b directly as myself (it's correctly owned by foo:root) and when I did sudo mkdir c this was also correctly owned by root:root.
drwxr-xr-x 2 foo root 6 Jun 15 14:30 b/
drwxr-xr-x 2 root root 6 Jun 15 14:31 c/
However, in WSL Ubuntu 16 the problem is definitely there:
drwxrwxrwx 1 foo root 512 Jun 15 14:34 b/
drwxr-xr-x 1 root foo 512 Jun 15 14:34 c/

sudo -g root mkdir bar
-g allows to choose the group in sudo command.

Related

add write access to user ubuntu - shared folder cifs-utils

I have folder in /media on ubuntu - shared from windows via fstab and cifs-utils. Can I share this folder to other user: "miki" (not root)
root#localhost:/media#
drwxr-xrwx 4 root root 4096 Nov 15 12:21 .
drwxr-xr-x 23 root root 4096 Nov 14 06:34 ..
drwxr-xr-x 2 padm root 0 Nov 15 09:34 Archive
drwxr-xrwx 2 root root 4096 Feb 25 2019 kekik
I have try with:
root#localhost:~# sudo chmod -R 757 /media/Archive/
but get:
chmod: changing permissions of '/media/Archive/': Permission denied
Find a solution:
need to modify /etc/fstab by changing:
//windowsServer/Archive /media/Archive cifs username=wundowsuser,password=somepass,uid=1000,iocharset=iso8859-1,rw,file_mode=0777,dir_mode=0777,vers=1.0 0 0
and change group of folder (must umont it first!)
sudo umount -l /media/Archive
sudo chown miki:miki /media/Archive/

Remove file with write group permission

I'm using Raspbian Stretch Lite and I followed an official tutorial from RapberryPi.org to set up Pure-FTPd. So now I have a virtual user that can create files through FTP owned by ftpuser:ftpgroup.
I also add pi user in ftpgroup with following command :
usermod -a -G ftpgroup pi
But when I try to delete a file created by ftpuser it says
Operation not permitted
Here is a copy of my console :
pi#raspberry(rw):/var/ftp$ ls -la
total 4
drwxrwxrwt 2 root root 60 Jun 20 15:58 .
drwxr-xr-x 11 root root 4096 May 7 17:04 ..
-rwxrwxrwx 1 ftpuser ftpgroup 0 Jun 20 16:03 test
pi#raspberry(rw):/var/ftp$ whoami
pi
pi#raspberry(rw):/var/ftp$ grep -i --color 'ftpgroup' /etc/group
ftpgroup:x:1001:pi
pi#raspberry(rw):/var/ftp$ rm test
rm: cannot remove 'test': Operation not permitted
I don't understand why I can't remove test file if I'm in the ftpgroup and group has write permission.
You need write permissions om the directory as well. You change the TOC.
To illustrate this:
[ronald#lion tmp]$ ls -la
total 0
drwxr-xr-x. 2 root root 19 Jun 20 15:48 .
drwx------. 6 ronald ronald 195 Jun 20 15:48 ..
-rw-r--r--. 1 ronald ronald 0 Jun 20 15:48 hallo
[ronald#lion tmp]$ rm hallo
rm: cannot remove ‘hallo’: Permission denied
[ronald#lion tmp]$ id
uid=1000(ronald) gid=1000(ronald) groups=1000(ronald) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[ronald#lion tmp]$ su
Password:
[root#lion tmp]# chmod 777 .
[root#lion tmp]# exit
[ronald#lion tmp]$ ls -la
total 0
drwxrwxrwx. 2 root root 19 Jun 20 15:48 .
drwx------. 6 ronald ronald 195 Jun 20 15:48 ..
-rw-r--r--. 1 ronald ronald 0 Jun 20 15:48 hallo
[ronald#lion tmp]$ rm hallo
[ronald#lion tmp]$
You need write permissions with sudo usermod -a -G ftpgroup pi or you can can add pi user to sudo group with visudo, its work for me you please try once and let me know.

permission denied when renaming file in linux at /var/www/html

I am very new to linux and am using putty and pscp to move files to a live hosted directory. I would like to rename my recently uploaded dist folder to its actual project name using mv but get a permission denied error. What is the safest and most reasonable way to arrange these files so I can rename them?
lawton#lawtonb:/var/www/html$ ls -la
total 268
drwxr-xr-x 4 root root 4096 Aug 30 16:42 .
drwxr-xr-x 3 root root 4096 Aug 18 23:05 ..
-rw-rw-r-- 1 lawton lawton 253276 Aug 27 18:06 bundle.js
drwxr-xr-x 2 root root 4096 Aug 30 16:42 dist
-rw-r--r-- 1 root root 17 Aug 18 23:24 info.php
drwxr-xr-x 2 root root 4096 Aug 27 18:59 react-youtube
lawton#lawtonb:/var/www/html$ mv dist BTC_Sorter
mv: cannot move 'dist' to 'BTC_Sorter': Permission denied
If this is a one-time rename, your best course of action would be to run mv with sudo, like this:
sudo mv dist BTC_Sorter
If, however, you'd like to have permissions for your user or group, you should do some reading about chown (The link belongs to the Arch Linux wiki, but should be useful regardless of your distro).
In your particular case, the directory dist is owned both by the user and the group root, hence why you'd need to use sudo, chown or simply the root account.
You are not the owner of the file, you need execute the command with sudo
sudo mv src dest

Applying chmod 755 (or other) when ftping to apache var/www/ virtual host directories?

I'm struggling to understand how to apply directory and file permissions so that files and directories created by the ftp user, via an ftp client, are browsable. In other words 755 is applied by default.
I'm running Apache 2 on Ubuntu 14.04.2 LTS, Trusty Tahr, with vsftpd server.
My directory structure is as follows.
var/www/
var/www/sites/
var/www/sites/master_demo/public_html
var/www/sites/test_site/public_html
I've run the following
usermod -aG www-data test_user
chgrp -R www-data /var/www/sites/test_site/public_html/
chown -R test_site:www-data /var/www/sites/test_site/public_html/
chmod -R 755 /var/www/sites/test_site/public_html/
Permissions on the directories are as follows:
cd var/www/sites/
ls -l
dr-xrws--- 3 master_demo www-data 4096 Jun 17 14:00 master_demo
drwxr-xr-x 3 test_site www-data 4096 Jun 16 13:32 test_site
cd var/www/sites/test_site/
ls -l
drwxr-xr-x 3 test_site www-data 4096 Jun 17 17:43 public_html
When a file is added using ftp by the test_site user these are the permissions
-rw------- 1 test_site test_site 152 Jun 18 08:27 about.html
drwx------ 2 test_site test_site 4096 Jun 18 08:27 css
-rw------- 1 test_site test_site 152 Jun 18 08:27 index.html
How do I get the file to automatically be given the correct permissions so the files are browsable (755)? I know the obvious answer might be to run a batch file, but is that necessary? I don't want to have to run the command everytime.
chmod -R 755 /var/www/sites/test_site/public_html/*
ls -l
-rwxr-xr-x 1 test_site test_site 152 Jun 18 08:27 about.html
drwxr-xr-x 2 test_site test_site 4096 Jun 18 08:27 css
-rwxr-xr-x 1 test_site test_site 152 Jun 18 08:27 index.html
I'm new to linux so please be gentle :)
I can confirm that test_site users is in the www-data group
id test_site
uid=1004(test_site) gid=1005(test_site) groups=1005(test_site),33(www-data)
I think what you are looking for is umask
umask 0022
umask -p
umask -S
You will need to modify your default /etc/profile in order to make this permanent. umask 0022will on creation give directories chmod 755 and files chmod 644 which is the recommended permissions for the www folder in apache.
Example
umask 0022
mkdir www
touch www/{index.html,style.css}
drwxr-xr-x. 2 user user 4096 Jun 18 10:53 .
drwxr-xr-x. 3 user user 4096 Jun 18 10:52 ..
-rw-r--r--. 1 user user 0 Jun 18 10:53 index.html
-rw-r--r--. 1 user user 0 Jun 18 10:53 style.css
FTP also supports setting umask before initiating a transfer. Setting it with ftp, sets if for that transfer only, so that you don't need to change it system-wide as you would with /etc/profile.

Can't CD to directory inside of root

I am currently creating an application that requires separate users running duplicate programs. They cannot run under root because of security reasons, so they are initiated by a Java app that I am working on, and I am starting them with runuser -l. However, I cannot cd into a directory, even though it is owned by the user, and the user has 770 permissions in the folder.
Here's what I'm running:
runuser -l lp1 -c 'java \-jar /root/Desktop/workspace/LitePanel/servers/server1/server.jar \-Xms1024M nogui'
And the output of this is:
runuser: warning: cannot change directory to /root/Desktop/workspace/LitePanel/bin/servers/server1/: Permission denied
Here's an ls -all:
drwxr-xr-x. 3 root root 4096 Jan 30 14:03 .
drwxr-xr-x. 7 root root 4096 Jan 30 14:02 ..
drwxrwx---. 2 lp1 lp1 4096 Jan 31 03:07 server1
Inside the directory:
drwxrwx---. 2 lp1 lp1 4096 Jan 31 03:07 .
drwxr-xr-x. 3 root root 4096 Jan 30 14:03 ..
-rwxrwx---. 1 lp1 lp1 9170551 Jan 31 03:07 server.jar
And here's /etc/passwd:
lp1:x:501:501::/root/Desktop/workspace/LitePanel/bin/servers/server1/:/bin/false
Anyone know why this is happening? It looks like the user has the necessary permissions to do this.
You have said that the directory itself has permissions 770 and is owned by the user, but what about its parents? I believe the cd command will need at least read access (and possibly execute) on the parent directories.

Resources