Sorry but I don't know much about linux and i always developped in other environments, I made a cross-platform application with electronJS and i need to create a directory with that code
let staticPath = "/opt/pcapp/resources/monitor";
if (!fs.existsSync(staticPath)) {
fs.mkdirSync(staticPath);
}
In Windows and Mac it works like a charm but on Linux - Ubuntu I installed the app and i get this error due to the required superuser rights.
The users who are going to deal with the application will not have superuser privilege
Now i would like to know if there is a way to grant permission to create, update and delete some files and directory in the Application working directory /opt/pcapp/resources/monitor without SUDO or other stuff.
You have two options I can think of.
1) ACLs which will take a bit of a learning curve.
2) Simple permissions and groups which can be done quite easily.
I created a group mygroup and added a couple of users to it.
# groupadd mygroup
# usermod -G mygroup user1
# usermod -G mygroup user2
I then change the permissions and group on the folder you want the users to have access to:
# chmod 02770 /opt/pcapp/resourcees/monitor
# chgrp mygroup /opt/pcapp/resourcees/monitor
You should now see the following:
# ls -ld /opt/pcapp/resourcees/monitor
drwxrws---. 4 root mygroup 4096 Dec 6 17:23 /opt/pcapp/resourcees/monitor
Now any new file created in the folder will have a group mygroup. You will have to change existing files and folders.
As user2
$ touch /opt/pcapp/resourcees/monitor/testfile1
$ ls -ld /opt/pcapp/resourcees/monitor/testfile1
-rw-rw-r--. 1 user2 mygroup 0 Dec 6 17:29 /opt/pcapp/resourcees/monitor/testfile1
As user1
$ rm -v /opt/pcapp/resourcees/monitor/testfile1
removed ‘/opt/pcapp/resourcees/monitor/testfile1’
If this isn't granular enough, read about Linux ACLs.
Hope this helps.
Related
In an Amazon Linux instance, after deployment using ElasticBeanstalk, all the files are owned by root user:
drwxr-xr-x 25 root root 4096 jan 01 00:00 var
But the current user is ec2-user so I don't have permissions to create/modify inside /var folder anything. What is the best approach to make it work? chown and modify owner to ec2-user? add user to a user group if exists which I don't know... any other idea?
I don't have permissions to create/modify inside /var folder anything.
you can use following ways to achieve this.
Try sudo [your command]
sudo chown user directory
sudo bash //this will make your root directly
But beware for 2 and 3 way, it can break your system if you do something wrong.There is a famous saying hope you know what you will do
I have an ubuntu ec2 server.
I have a user, ubuntu created by aws for which I have the ssh key.
I have a team of 4 developers who have their own users and separate keys. Lets call them dev1, dev2, dev3, dev4.
Now I created a group called devs in which I added all 4 developer users. dev1 - dev4.
Problem I am facing is when dev1 upload/create a file via ftp on server machine, dev2 is not able to edit the file or upload another version of same file created by dev1, even though they are in same group, because its ownership lies with dev1.
How can I solve this problem. I want everyone in my group devs to be able to modify add or create files, in my /var/www/html/ folder, regardless of who created that file.
Can I give group ownership in linux be default? As far as I know ownership can always be with users not the group. Is there a simple and straightforward solution to this?
group structure -
You can see 4 users in group devs
The steps that you have to follow are:
Create the group:
sudo groupadd devs
Create the users:
sudo useradd dev1
sudo useradd dev2
sudo useradd dev3
sudo useradd dev4
Set a password for the users:
sudo passwd dev1
sudo passwd dev2
sudo passwd dev3
sudo passwd dev4
Insert the users in the "devs" group:
sudo usermod -a -G devs dev1
sudo usermod -a -G devs dev2
sudo usermod -a -G devs dev3
sudo usermod -a -G devs dev4
Check that the interested folder (/var/www/html) has the right permissions.
For example, I created 2 users (dev1 and dev2) for a test and inserted them in the group "devs". I created a file with the user "dev2".
These are the permissions:
rw-rw-r-- 1 dev2 devs 10 Sep 6 20:46 test.txt
The owner is "dev2" but the group is "devs". The permissions in my file for the group are "rw" (read/write) so, all the members of the group can read/write.
For more info about the linux file permissions: https://www.linux.com/learn/understanding-linux-file-permissions
I have an EC2 instance with some php scripts running on Amazon. The folder with the files has permission 755 (chmod 755 folder).
Everytime I login I have to change the folder permissions to change anything to files.
Question: Is it possible to login as root with cyberduck?
Note: I found this link How to use sudo over SFTP with CyberDuck? , but it is from 2010 and I don't know if that info is accurate or not.
If it is a folder that your user should be able to read and write. Give your user account permissions to it...
1) Create a group
sudo groupadd mygroup
2) Add your user account to that group
sudo usermod -a -G mygroup myuser
3) Change the permissions of the folder such that group has execute/modify
sudo chown -R current_owner:mygroup myfolder
sudo chmod 776 myfolder
It is odd you have to change permissions every time. If this folder is deleted and re-created by another process or user, you will need to set the environment variable umask to 776 before creating the files and folders in your script.
im really new to Linux permissions so I would appreciate help with this simple query.
Ubuntu 14.04.1
I have 2 users root and user1
I have a directory /var/www/html/gallery
The directory is empty
I would like to create a new group add root and user1 to that group and make that group have read, write and delete permissions(FULL PERMISSIONS), to the directory, /var/www/html/gallery
Can someone please help me ?
Thank you.
Root is usually not added to any group because root is allowed to do everything he or she wants.
So you have multiple options now:
1) you don't create a group and give the permissons to user1 (simplest solution)
chown -R user1:user1 /var/www/html/gallery
chmod -R 700 /var/www/html/gallery
2) you create the group anyways and just add one user. that just makes sense when you want to add some more users to the group later
you can use acl for permissions,
sudo apt-get install acl
sudo groupadd connoisseurs
sudo usermod -a -G connoisseurs Teddy
sudo setfacl -m g:connoisseurs:rwx /var/www/html/gallery
you can vary permissions with r,w,x combinations.
I want to create a file in a directory owned by the staff group which I am a member of. Why can I not do this?
bmccann#bmccann-htpc:~$ ls -l /usr/local/lib/R/
total 4
drwxrwsr-x 2 root staff 4096 2010-07-31 16:21 site-library
bmccann#bmccann-htpc:~$ id -nG bmccann
bmccann adm dialout cdrom plugdev staff lpadmin admin sambashare
bmccann#bmccann-htpc:~$ touch /usr/local/lib/R/site-library/tmp
touch: cannot touch `/usr/local/lib/R/site-library/tmp': Permission denied
Did you logout and log back in after making the group changes? See:
Super User answer involving touch permissions failure
I had the same issue, check if the folder has any more ACL rules or not!
If you can see + (plus sign) when you list folder, that means it has special access rules. For example:
[user_in_apache_group#web02 html]$ ls -l
total 16
drwxrwxr-x 16 apache apache 4096 Sep 4 13:46 ilias
drwxrwxr-x+ 15 apache apache 4096 Sep 4 13:46 ilias5
View the permission:
[user_in_apache_group#web02 html] getfacl ilias5
# file: ilias5
# owner: apache
# group: apache
user::rwx
user:user_in_apache_group:r-x
group::rwx
mask::rwx
other::r-x
So that means my user (user_in_apache_group) has no write permission for that folder.
The solution is what #techtonik said, add write permission for user:
[user_in_apache_group#web02 html]$ sudo setfacl -m u:user_in_apache_group:rwx ./ilias5
Check permission again:
[user_in_apache_group#web02 html] getfacl ilias5
...
user:user_in_apache_group:rwx
...
Hope it helps. ;)
Why can't Linux user edit files in group he is a part of?
I am using Ubuntu 12.04 and had the same problem where a user cannot write to a file to whom he is allowed group access to. For example:
whoami //I am user el
el
touch /foobar/test_file //make a new file
sudo chown root:www-data /foobar/test_file //User=root group=www-data
sudo chmod 474 /foobar/test_file //owner and others get only read,
//group gets rwx
sudo groupadd www-data //create group called www-data
groups //take a look at the groups and see
www-data //www-data exists.
groups el //see that el is part of www-data
el : www-data
Restart the terminal now to ensure the users
and groups have taken effect. Login as el.
vi /foobar/test_file //try to edit the file.
Produces the Warning:
Warning: W10: Warning: Changing a readonly file"
What? I've done everything right why doesn't it work?
Answer:
Do a full reboot of the computer. Stopping the terminal isn't enough to fix these problems.
I think what happens is apache2 also uses the www-data group, so the task was somehow preventing the users and groups from being enforced correctly. Not only do you have to logout, but you have to stop and restart any services that use your group. If a reboot doesn't get it, you've got bigger problems.
Use Linux ACL (access control lists) - it is more fine-grained version of permission system,
setfacl -R -m 'group:staff:rwx' -m 'd:group:staff:rwx' /usr/local/lib/R/
This sets both active rights for directory and default rights for anything created within.
This fails to work without relogin if you've just added yourself to the staff group, but you may set the permission only for yourself for the current session.
I had an issue when a user could not access the /foo/bar/baz directory even when he had permissions because he did not have an access to the bar directory.
Maybe your hard disk is full. use this command to check out the "/dev/..." rows.
df -h
Check if your parent directory have permission before you add content to that file
sudo chmod -R 777 /yourDir/file.log