I'm not using SELinux, and still I can't get the apache user to create files in my cache storage directory. Can this work without using chown to change the user to the actual apache user?
[root#server live_storage]# getenforce
Disabled
[root#server live_storage]# su -s /bin/bash -c 'touch /home/admin/live_storage/c50d02d942c0a3d.cache' apache
touch: cannot touch ‘/home/admin/live_storage/c50d02d942c0a3d.cache’:
Permission denied
[root#server admin]# ls -lsa
total 84
4 drwx------. 10 admin admin 4096 24 mei 10:32 .
4 drwxr-xr-x. 3 root root 4096 9 mei 11:12 ..
4 drwxrwxrwx 3 admin admin 4096 24 mei 10:33 live_storage
[admin#server live_storage]$ touch '/home/admin/live_storage/c50d02d942c0a3d.cache'
[admin#server live_storage]$ ls '/home/admin/live_storage/c50d02d942c0a3d.cache'
/home/admin/live_storage/c50d02d942c0a3d.cache
Figured it out. Apache didn't have execute rights on the /home/admin directory. chmod +x /home/admin fixed the problem
Related
i am currently trying to get wordpress running on Ubuntu Server 18.04 with apache. I managed to get everything to work, but for some reason i am not able to use ls -l properly anymore on the wordpress directories, in which i played around with permissions. The out-of-the-box permissions didn't allow me to update my themes from the wordpress webinterface.
I can't find a solution to this problem, because the permissions are clearly stating, that i have at least read permission.
Problem: ls -l shows question marks and sais permission denied.
Infos: permissions are rwx for owner www-data, rw for group www-data and r for other. Output of groups includes www-data, so the user should be in the www-data group.
Outputs:
$ ls -l /usr/share/wordpress/
ls: cannot access '/usr/share/wordpress/readme.html': Permission denied
...
ls: cannot access '/usr/share/wordpress/wp-comments-post.php': Permission denied
total 0
-????????? ? ? ? ? ? index.php
...
-????????? ? ? ? ? ? xmlrpc.php
$ groups
*censored user* adm cdrom sudo dip www-data plugdev lxd lpadmin
$ sudo ls -l /usr/share/wordpress/
total 172
-rwxrw-r-- 1 www-data www-data 418 Apr 6 2018 index.php
-rwxrw-r-- 1 www-data www-data 7440 Apr 8 2018 readme.html
-rwxrw-r-- 1 www-data www-data 5697 Apr 8 2018 wp-activate.php
drwxrw-r-- 9 www-data www-data 4096 Jul 20 00:53 wp-admin
...
-rwxrw-r-- 1 www-data www-data 3065 Apr 6 2018 xmlrpc.php
P.S.: Any extra tips for wordpress security are useful.
Thanks
edit forgot the permissions of the directory, still confusing.
$ sudo ls -l -a /usr/share/wordpress/
total 180
drwxrw-r-- 5 www-data www-data 4096 Jul 20 17:13 .
drwxr-xr-x 162 root root 4096 Jul 20 02:40 ..
...
set execute bit permissions for group you belong to.
I have folder in /media on ubuntu - shared from windows via fstab and cifs-utils. Can I share this folder to other user: "miki" (not root)
root#localhost:/media#
drwxr-xrwx 4 root root 4096 Nov 15 12:21 .
drwxr-xr-x 23 root root 4096 Nov 14 06:34 ..
drwxr-xr-x 2 padm root 0 Nov 15 09:34 Archive
drwxr-xrwx 2 root root 4096 Feb 25 2019 kekik
I have try with:
root#localhost:~# sudo chmod -R 757 /media/Archive/
but get:
chmod: changing permissions of '/media/Archive/': Permission denied
Find a solution:
need to modify /etc/fstab by changing:
//windowsServer/Archive /media/Archive cifs username=wundowsuser,password=somepass,uid=1000,iocharset=iso8859-1,rw,file_mode=0777,dir_mode=0777,vers=1.0 0 0
and change group of folder (must umont it first!)
sudo umount -l /media/Archive
sudo chown miki:miki /media/Archive/
Added "youri" to the www-data group
grep youri /etc/group
www-data:x:33:youri
youri:x:1004:
When i upload something with FTP, the file permission is -rw-------
ls -all
total 176
drwxr-xr-x 2 youri youri 4096 feb 25 12:38 .
dr-xr-xr-x 3 youri youri 4096 feb 25 12:08 ..
-rw-r--r-- 1 youri youri 17 feb 25 12:27 index.php
-rw------- 1 youri youri 164655 feb 25 12:24 test.pdf (uploaded with FTP)
The file index.php is created by nano and changed the permissions by sudo chown youri:youri index.php
When i access my website it shows me the index.php but /test.pdf gives me an "Permission denied" error
Your webserver has no permission to read the file.
Normally, an ftp server has a configuration value called "umask" which is a value defining what permissions NOT to grant (the binary inverse of the value you would give to chmod)
For a better security, most ftp servers like vsftp ship with a default umask of 055 or 077
As you can see, your index.php is not executable. Although it technically is just read, semantically the script is being executed by your webserver. And the webserver runs as the user www-data.
To have this work, change the following:
- Make youri's default group www-data: usermod -g www-data youri
- Change /etc/vsftpd.conf and set a umask of 022
- Restart vsftpd
- chmod 755 index.php (or delete it and upload it again)
I'm struggling to understand how to apply directory and file permissions so that files and directories created by the ftp user, via an ftp client, are browsable. In other words 755 is applied by default.
I'm running Apache 2 on Ubuntu 14.04.2 LTS, Trusty Tahr, with vsftpd server.
My directory structure is as follows.
var/www/
var/www/sites/
var/www/sites/master_demo/public_html
var/www/sites/test_site/public_html
I've run the following
usermod -aG www-data test_user
chgrp -R www-data /var/www/sites/test_site/public_html/
chown -R test_site:www-data /var/www/sites/test_site/public_html/
chmod -R 755 /var/www/sites/test_site/public_html/
Permissions on the directories are as follows:
cd var/www/sites/
ls -l
dr-xrws--- 3 master_demo www-data 4096 Jun 17 14:00 master_demo
drwxr-xr-x 3 test_site www-data 4096 Jun 16 13:32 test_site
cd var/www/sites/test_site/
ls -l
drwxr-xr-x 3 test_site www-data 4096 Jun 17 17:43 public_html
When a file is added using ftp by the test_site user these are the permissions
-rw------- 1 test_site test_site 152 Jun 18 08:27 about.html
drwx------ 2 test_site test_site 4096 Jun 18 08:27 css
-rw------- 1 test_site test_site 152 Jun 18 08:27 index.html
How do I get the file to automatically be given the correct permissions so the files are browsable (755)? I know the obvious answer might be to run a batch file, but is that necessary? I don't want to have to run the command everytime.
chmod -R 755 /var/www/sites/test_site/public_html/*
ls -l
-rwxr-xr-x 1 test_site test_site 152 Jun 18 08:27 about.html
drwxr-xr-x 2 test_site test_site 4096 Jun 18 08:27 css
-rwxr-xr-x 1 test_site test_site 152 Jun 18 08:27 index.html
I'm new to linux so please be gentle :)
I can confirm that test_site users is in the www-data group
id test_site
uid=1004(test_site) gid=1005(test_site) groups=1005(test_site),33(www-data)
I think what you are looking for is umask
umask 0022
umask -p
umask -S
You will need to modify your default /etc/profile in order to make this permanent. umask 0022will on creation give directories chmod 755 and files chmod 644 which is the recommended permissions for the www folder in apache.
Example
umask 0022
mkdir www
touch www/{index.html,style.css}
drwxr-xr-x. 2 user user 4096 Jun 18 10:53 .
drwxr-xr-x. 3 user user 4096 Jun 18 10:52 ..
-rw-r--r--. 1 user user 0 Jun 18 10:53 index.html
-rw-r--r--. 1 user user 0 Jun 18 10:53 style.css
FTP also supports setting umask before initiating a transfer. Setting it with ftp, sets if for that transfer only, so that you don't need to change it system-wide as you would with /etc/profile.
I am configuring hadoop on Ubuntu os. I need to create RSA key pair to allow hadoop to interact with its nodes, so i running this command:
hadoop#ubuntu:~$ ssh-keygen -t rsa -P ""
then I get this:
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa):
Could not create directory '/home/hadoop/.ssh': permission denied.
Enter passphrase (empty for no passphrase ):
Enter same passphrase again:
open /home/hadoop/.ssh/id_rsa failed: No such file or directory.
Saving the key failed: /home/hadoop/.ssh/id_rsa.
Forgot to create .ssh dir in your home?
Try that:
mkdir -p ~/.ssh
then re-run ssh-keygen.
Also possibly you doing ssh-keys creation from wrong user.. You started that shell using sudo?
Try to set HOME dir manually or enter right path in prompt.
check your home directory name and permissions
echo $HOME
cd ~ ; ls -l
ls -l .ssh
ls -lR .ssh
if above output is OK and you have correct permissions, perhaps your quota is full
try with "sudo" and see what happens...
Seems like current user doesn't own the contents under home directory.
Gain the ownership as shown as below:
admin#mydb22-02:~$ sudo chown admin.admin /home/admin/
admin#mydb22-02:~$ ls -la
total 32
drwxr-xr-x 2 admin admin 4096 Nov 3 23:29 .
drwxr-xr-x 3 admin admin 4096 Dec 23 2012 ..
-rw------- 1 admin admin 191 Feb 13 2013 .bash_history
-rw-r--r-- 1 admin admin 220 Apr 3 2012 .bash_logout
-rw-r--r-- 1 admin admin 3486 Apr 3 2012 .bashrc
-rw-r--r-- 1 admin admin 675 Apr 3 2012 .profile
-rw-r--r-- 1 admin admin 0 Nov 3 23:29 .sudo_as_admin_successful
-rw------- 1 admin admin 4221 Nov 3 20:31 .viminfo
generating keys would work now as .ssh directory will now be created and owned by current user after generating the assymetric keys
I have spent arround 1 hr on this and finally got the solution. It is due to permission problem. You have to use chown for your 'hadoop user'.
1. First make hadoop directory.
cd /home
mkdir hadoop
then check 'ls -l'. it gives result like :
drwxr-xr-x 2 hadoop hadoop 4096 Aug 22 22:17 hadoop
2. sudo chown hadoop.hadoop /home/hadoop/
3. Then run remaining command for key generater.