I'm using Raspbian Stretch Lite and I followed an official tutorial from RapberryPi.org to set up Pure-FTPd. So now I have a virtual user that can create files through FTP owned by ftpuser:ftpgroup.
I also add pi user in ftpgroup with following command :
usermod -a -G ftpgroup pi
But when I try to delete a file created by ftpuser it says
Operation not permitted
Here is a copy of my console :
pi#raspberry(rw):/var/ftp$ ls -la
total 4
drwxrwxrwt 2 root root 60 Jun 20 15:58 .
drwxr-xr-x 11 root root 4096 May 7 17:04 ..
-rwxrwxrwx 1 ftpuser ftpgroup 0 Jun 20 16:03 test
pi#raspberry(rw):/var/ftp$ whoami
pi
pi#raspberry(rw):/var/ftp$ grep -i --color 'ftpgroup' /etc/group
ftpgroup:x:1001:pi
pi#raspberry(rw):/var/ftp$ rm test
rm: cannot remove 'test': Operation not permitted
I don't understand why I can't remove test file if I'm in the ftpgroup and group has write permission.
You need write permissions om the directory as well. You change the TOC.
To illustrate this:
[ronald#lion tmp]$ ls -la
total 0
drwxr-xr-x. 2 root root 19 Jun 20 15:48 .
drwx------. 6 ronald ronald 195 Jun 20 15:48 ..
-rw-r--r--. 1 ronald ronald 0 Jun 20 15:48 hallo
[ronald#lion tmp]$ rm hallo
rm: cannot remove ‘hallo’: Permission denied
[ronald#lion tmp]$ id
uid=1000(ronald) gid=1000(ronald) groups=1000(ronald) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[ronald#lion tmp]$ su
Password:
[root#lion tmp]# chmod 777 .
[root#lion tmp]# exit
[ronald#lion tmp]$ ls -la
total 0
drwxrwxrwx. 2 root root 19 Jun 20 15:48 .
drwx------. 6 ronald ronald 195 Jun 20 15:48 ..
-rw-r--r--. 1 ronald ronald 0 Jun 20 15:48 hallo
[ronald#lion tmp]$ rm hallo
[ronald#lion tmp]$
You need write permissions with sudo usermod -a -G ftpgroup pi or you can can add pi user to sudo group with visudo, its work for me you please try once and let me know.
Related
Please find below set of cmds & outputs
[ec2-user#ip-172-31-38-218 opt]$ ls -al
total 9416
drwxr-xr-x 3 root root 4096 Nov 7 13:52 .
dr-xr-xr-x 25 root root 4096 Nov 7 13:16 ..
-rw-r--r-- 1 root root 9625824 Sep 4 22:52 apache-tomcat-8.5.34.tar.gz
drwxr-xr-x 5 root root 4096 Aug 11 01:26 aws
[ec2-user#ip-172-31-38-218 opt]$ sudo groupadd tomcatgrp
[ec2-user#ip-172-31-38-218 opt]$ sudo useradd -s /bin/false -g tomcatgrp -d /opt/tomcatfolder tomcatuser
[ec2-user#ip-172-31-38-218 opt]$ ls -al
total 9420
drwxr-xr-x 4 root root 4096 Nov 7 13:53 .
dr-xr-xr-x 25 root root 4096 Nov 7 13:16 ..
-rw-r--r-- 1 root root 9625824 Sep 4 22:52 apache-tomcat-8.5.34.tar.gz
drwxr-xr-x 5 root root 4096 Aug 11 01:26 aws
drwx------ 2 tomcatuser tomcatgrp 4096 Nov 7 13:53 tomcatfolder
Now, when I run the cmd I am getting Permission denied as follows
[ec2-user#ip-172-31-38-218 opt]$ cd /opt/tomcatfolder/
-bash: cd: /opt/tomcatfolder/: Permission denied
Can you please help in resolving this above issue..?
I followed instructions of installing Tomcat from this link how-to-install-apache-tomcat-8-on-centos-7
It seems you are the ec2-user, but the directory is owned by tomcatuser and the permissions on the directory do now allow other users or groups to read it.
Try sudo chmod 755 /opt/tomcatfolder/ and then cd into it.
That will add read and execute permissions to the directory.
I'm not using SELinux, and still I can't get the apache user to create files in my cache storage directory. Can this work without using chown to change the user to the actual apache user?
[root#server live_storage]# getenforce
Disabled
[root#server live_storage]# su -s /bin/bash -c 'touch /home/admin/live_storage/c50d02d942c0a3d.cache' apache
touch: cannot touch ‘/home/admin/live_storage/c50d02d942c0a3d.cache’:
Permission denied
[root#server admin]# ls -lsa
total 84
4 drwx------. 10 admin admin 4096 24 mei 10:32 .
4 drwxr-xr-x. 3 root root 4096 9 mei 11:12 ..
4 drwxrwxrwx 3 admin admin 4096 24 mei 10:33 live_storage
[admin#server live_storage]$ touch '/home/admin/live_storage/c50d02d942c0a3d.cache'
[admin#server live_storage]$ ls '/home/admin/live_storage/c50d02d942c0a3d.cache'
/home/admin/live_storage/c50d02d942c0a3d.cache
Figured it out. Apache didn't have execute rights on the /home/admin directory. chmod +x /home/admin fixed the problem
When I write ls -la o the command line, I get this output:
ls -la /var/log/nginx
d????????? ? ? ? ? ? .
d????????? ? ? ? ? ? ..
-????????? ? ? ? ? ? access.log
for all files in this folder.
When I do it for another folder:
ls -la /var/log/nginx_back/
drwxr-xr-x 2 root root 4096 Апр 25 11:06 .
drwxrwxr-x 15 root ssh 4096 Май 1 00:29 ..
-rw-r--r-- 1 root root 220793880 Апр 25 11:04 access.log-20170401.gz
Everything is ok.
Permissions on the directory above:
drw-r--r-- 2 nginx adm 69632 Май 1 00:29 nginx
drwxr-xr-x 2 root root 4096 Апр 25 11:06 nginx_back
I have these question marks only when I'm not root.
I've added my user to the group nginx, added all permissions, created another user, but the system doesn't want to show the file's attributes for non-superusers in the directory /var/log/nginx.
Why is that?
This issue is a permission problem. Specifically, it relates to execute bits on directories.
Consider the following example
$ mkdir -p remove_execute/remove_execute_test
$ touch remove_execute/remove_execute_test/test_file.txt
$ ls -la remove_execute/remove_execute_test/
total 8
drwxrwxr-x 2 zerodf zerodf 4096 Nov 21 10:51 .
drwxrwxr-x 3 zerodf zerodf 4096 Nov 21 10:51 ..
-rw-rw-r-- 1 zerodf zerodf 0 Nov 21 10:51 test_file.txt
Now, if we remove execute permission on the directory, we can't get the stats.
$ sudo chmod a-x remove_execute/remove_execute_test/
$ ls -la remove_execute/remove_execute_test/
ls: cannot access remove_execute/remove_execute_test/..: Permission denied
ls: cannot access remove_execute/remove_execute_test/test_file.txt: Permission denied
ls: cannot access remove_execute/remove_execute_test/.: Permission denied
total 0
d????????? ? ? ? ? ? .
d????????? ? ? ? ? ? ..
-????????? ? ? ? ? ? test_file.txt
Unless we have root permissions.
$ sudo ls -la remove_execute/remove_execute_test/
total 8
drw-rw-r-- 2 zerodf zerodf 4096 Nov 21 10:51 .
drwxrwxr-x 3 zerodf zerodf 4096 Nov 21 10:51 ..
-rw-rw-r-- 1 zerodf zerodf 0 Nov 21 10:51 test_file.txt
I'd like to think I'm not a linux noob but I am having an issue I can't explain. I hope it something stupid. I have an external drive that I am trying to set up on plex. It was originally formatted ntfs but I shrunk the partition and made another ext4 partition. Plex can't look into the drive and see the folders. I have been trying to change the perms but they aren't sticking. They don't stick if
myUser#mint /media/myUser $ ls -lah
total 44K
drwxr-x---+ 6 root root 4.0K Oct 24 11:21 .
drwxr-xr-x 3 root root 4.0K Oct 24 10:50 ..
drwx------ 1 myUser myUser 20K Oct 14 07:27 DataDisk
myUser#myUserMint /media/myUser $ sudo chmod -R 766 DataDisk/
[sudo] password for myUser:
myUser#mint /media/myUser $ ls -lah
total 44K
drwxr-x---+ 6 root root 4.0K Oct 24 11:21 .
drwxr-xr-x 3 root root 4.0K Oct 24 10:50 ..
drwx------ 1 myUser myUser 20K Oct 14 07:27 DataDisk
myUser#mint /media/myUser $
Am I missing something obvious or is this just weird?
I'm struggling to understand how to apply directory and file permissions so that files and directories created by the ftp user, via an ftp client, are browsable. In other words 755 is applied by default.
I'm running Apache 2 on Ubuntu 14.04.2 LTS, Trusty Tahr, with vsftpd server.
My directory structure is as follows.
var/www/
var/www/sites/
var/www/sites/master_demo/public_html
var/www/sites/test_site/public_html
I've run the following
usermod -aG www-data test_user
chgrp -R www-data /var/www/sites/test_site/public_html/
chown -R test_site:www-data /var/www/sites/test_site/public_html/
chmod -R 755 /var/www/sites/test_site/public_html/
Permissions on the directories are as follows:
cd var/www/sites/
ls -l
dr-xrws--- 3 master_demo www-data 4096 Jun 17 14:00 master_demo
drwxr-xr-x 3 test_site www-data 4096 Jun 16 13:32 test_site
cd var/www/sites/test_site/
ls -l
drwxr-xr-x 3 test_site www-data 4096 Jun 17 17:43 public_html
When a file is added using ftp by the test_site user these are the permissions
-rw------- 1 test_site test_site 152 Jun 18 08:27 about.html
drwx------ 2 test_site test_site 4096 Jun 18 08:27 css
-rw------- 1 test_site test_site 152 Jun 18 08:27 index.html
How do I get the file to automatically be given the correct permissions so the files are browsable (755)? I know the obvious answer might be to run a batch file, but is that necessary? I don't want to have to run the command everytime.
chmod -R 755 /var/www/sites/test_site/public_html/*
ls -l
-rwxr-xr-x 1 test_site test_site 152 Jun 18 08:27 about.html
drwxr-xr-x 2 test_site test_site 4096 Jun 18 08:27 css
-rwxr-xr-x 1 test_site test_site 152 Jun 18 08:27 index.html
I'm new to linux so please be gentle :)
I can confirm that test_site users is in the www-data group
id test_site
uid=1004(test_site) gid=1005(test_site) groups=1005(test_site),33(www-data)
I think what you are looking for is umask
umask 0022
umask -p
umask -S
You will need to modify your default /etc/profile in order to make this permanent. umask 0022will on creation give directories chmod 755 and files chmod 644 which is the recommended permissions for the www folder in apache.
Example
umask 0022
mkdir www
touch www/{index.html,style.css}
drwxr-xr-x. 2 user user 4096 Jun 18 10:53 .
drwxr-xr-x. 3 user user 4096 Jun 18 10:52 ..
-rw-r--r--. 1 user user 0 Jun 18 10:53 index.html
-rw-r--r--. 1 user user 0 Jun 18 10:53 style.css
FTP also supports setting umask before initiating a transfer. Setting it with ftp, sets if for that transfer only, so that you don't need to change it system-wide as you would with /etc/profile.