Resolving permission is not denied for server files - linux

I believe this will assist more in debugging; I have a script in python that's supposed to delete a file, if I run it I get permission denied error
os.remove('/home/sammy/revamp/revamp/media/new_colour/' + image_name)
the result of ll on said image
-rwxr-xr-x 1 www-data www-data 130404 Jul 19 06:49 f6bf0e0ffbe86c2c67421c5aaa695b8e.jpg*
and the username while logged in is sammy

In order to remove a file, you need write access on the directory which contains it. Check that your user id has that.
You mention that you are not allowed to download the file, that also looks like a problem with the directory permissions, the current file permissions should not block you from reading it.

Related

Centos 7 - I can't read /var/run/docker.sock even though the permission is 666

I am trying to setup Docker with Jenkins and I need to read /var/run/docker.sock.
I tried temporarily to set permission 666 on file /var/run/docker.sock but when I try to read it as jenkins user it says permission denied.
As far as I know if file permission is 666 any user can read it.
srw-rw-rw- 1 root docker 0 Oct 17 17:05 docker.sock
drwxr-xr-x 31 root root 1100 Oct 17 17:05 run
Directory permission is not issue, /run directory has permission 755. Selinux is disabled. Jenkins user is part of docker gorup.
I do not know what is the problem.
Kind regards,
Ivan
create jenkins user on your host
get this user id
change ownership of /var/jenkins_home to fetched id.
I found the problem, I was mounting /etc/passwd and /etc/groups to docker container but for some reason docker didn't correctly added jenkins user to docker group inside container.
I had to add group_add: - <docker_group_id> inside docker-compose file. Now everything is working as expected.
I thought that there was some problem with Centos OS but I found out that someone already had this problem documented at this link: Linux user groups missing when user mounted to container
I hope this information will help someone.

Linux: Apache can not delete file despite of sufficient permissions

PHP script uploads archives on the web server and unzip them. Under some conditions I need to delete previously unzipped files. But apache can not delete the files because it get "Access denied" error despite of it has all the necessary permissions. I tried to delete them as 'apache' user manually and got the same error.
For example:
# ls -l
....
-rw-r--r--. 1 apache apache 46 янв 26 11:11 desktop.ini
# sudo -u apache rm desktop.ini
rm: невозможно удалить «desktop.ini»: Отказано в доступе
^^^ It means Access Denied
I can delete the files as 'root' user.
I thought that it can be by selinux restrictions. But selinux works in permissive mode:
# getenforce
Permissive
make sure that the apache service is indeed running as username 'apache' as it is typically running as username 'www-data' however I am sure you most likely have checked this already.
the user 'apache' only has write/read permissions in your above post
however to delete a file you need write/execute permissions
give the user execute permissions

Can't change to home directory

When logging into my virtual server as a non-root user, I suddenly get the following error:
"Could not chdir to home directory
/var/www/vhosts/prosodylab.org/web_users/username: Permission denied
-bash: /var/www/vhosts/prosodylab.org/web_users/username/.bash_profile:
Permission denied"
I checked the permissions in the user directory (they're set to 700, and I also changed to 777 to check, with now effect).
This affects all users (including if I create a new user), but as root user I can still change into the relevant directories without problem.
echo $HOME returns the right directory.
Here is the directory entry of the home directory of the user (when set to 700):
drwx------ 20 username psaserv 4096 Jun 5 16:56 username
grep username /etc/passwd returns the following output, so the directory seems to be set correctly:
username:x: [...] ::/var/www/vhosts/prosodylab.org/web_users/username:/bin/bash
The server is a 1&1 dedicated virtual linux server, and it's worked fine for many years. I might have inadvertently changed something, but if so the I don't know what.
Does anyone know what might be the problem?
Gain more access login as root and check the permissions on the parent folder

Permission about apache files

I have a really strange problem about the permission of Apache. When I copy a directory or file to /var/www/html and visit it from my browser, it says I don't have permission. But when I make a new directory or file with the exactly same name, path, owner, group and permission, I can visit it from my browser.
The owner of the file is root and the permission of it is -rw-r--r--. I used to try some more open permission but is doesn't work, too.
By the way, my system is centos 6.0.
Check for directory settings in apache config files. You can look for details here; http://httpd.apache.org/docs/current/mod/core.html#directory

Newly created folder permission rights issue

Hope you are good. I have Xammp on fedora and changed owner of opp/lampp/htdoc to root. Why I did so because whenever someone creates new folder through sharing, they don't have permission to dynamically create folder or files or to write images. Then I run command
chmod -R 777 /opt/lampp/htdocs
But when system goes to restart then I again need to run this command. So avoid again and again run this command I changed the owner on "opt/lampp/htdocs" and run
chmod -R 777 /opt/lampp/htdocs
Now, whenever server restarts, assigned permissions don't need to be set again and again. That is resolved.
I have an issue, that old directories can be used to write something. But if any network user creates new directory under htdocs, that new directory needs to be changed the permission for it.
previously created, and can use this one directory to run script to create files
drwxrwxrwx 2 root root 4096 2011-06-15 14:09 aaa
Newly created, cannot be used to run a script to create image or to write anything
drwxr-xr-x 2 root root 4096 2011-06-17 15:17 aaaa
drwxr-xr-x this one is really annoying to me for each newly created folder in htdocs :(
Just to let you know that my htdocs user and rights are:
drwxrwxrwx 101 root root 4096 2011-06-17 15:17 htdocs
Why is it so? Can anybody please help me to figure this problem out? I am waiting for quick response anxiously.
First off, you should investigate what permissions you really need - chmodding everything to 777 is a security risk as it will allow any user to write inside of your web root.
However, to address your actual question of the default permissions when a new folder is created by a user, you want to adjust the default "umask" which determines such things.
This question has some information for changing it for the Apache user (if a "network user" is a user creating new files and directories through the httpd process):
Setting the umask of the Apache user
If you need to adjust it for other users or processes, the solution will be similar.
Good luck!
Edit
Since you're on Fedora, try this: (from the question I linked above)
[root ~]$ echo "umask 002" >> /etc/sysconfig/httpd
[root ~]$ service httpd restart
The first command will add that line to the /etc/sysconfig/httpd which is a permanent configuration file, and the second command will make it active.
You are tackling the problem from the wrong side. Restore your apache configuration to use apache.apache as default user/group, and set your samba server to use those credentials when someone write to your document root.
If you are using nfs or another posix compatible filesystem, use chmod g+s to keep all files readable from your apache server.
Try it:
#umask 000
have a good time!!

Resources