I have an application. The processes for the application have cacheusr as user. When I create files in the application I get the following ownership and permission:
aless80> ls -FGlAhpa test.xml
-rwxrw-r-- 1 cacheusr 1.6K Oct 19 16:41 test.xml
My question is: how to make sure the created files have permission 777 by default? I just added aless80 to the cacheusr group, but that does not help.
aless80> groups aless80
aless80 : aless80 adm cdrom sudo dip plugdev staff lpadmin sambashare cacheusr vboxusers
aless80> id aless80
uid=1000(aless80) gid=1000(aless80) groups=1000(aless80),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),50(staff),108(lpadmin),110(sambashare),1001(cacheusr),999(vboxusers)
aless80> groups cacheusr
cacheusr : cacheusr root
aless80> id cacheusr
uid=1001(cacheusr) gid=1001(cacheusr) groups=1001(cacheusr),0(root)
you can control the permissions of newly created files with the umask command:
$ umask u+rwx,g+rwx,o+rwx
$ touch foo; mkdir bar
$ ls -ld foo bar
-rw-rw-rw- 1 user user 0 Oct 20 00:00 foo
drwxrwxrwx 2 user user 1024 Oct 20 00:00 bar
$
Related
i am currently trying to get wordpress running on Ubuntu Server 18.04 with apache. I managed to get everything to work, but for some reason i am not able to use ls -l properly anymore on the wordpress directories, in which i played around with permissions. The out-of-the-box permissions didn't allow me to update my themes from the wordpress webinterface.
I can't find a solution to this problem, because the permissions are clearly stating, that i have at least read permission.
Problem: ls -l shows question marks and sais permission denied.
Infos: permissions are rwx for owner www-data, rw for group www-data and r for other. Output of groups includes www-data, so the user should be in the www-data group.
Outputs:
$ ls -l /usr/share/wordpress/
ls: cannot access '/usr/share/wordpress/readme.html': Permission denied
...
ls: cannot access '/usr/share/wordpress/wp-comments-post.php': Permission denied
total 0
-????????? ? ? ? ? ? index.php
...
-????????? ? ? ? ? ? xmlrpc.php
$ groups
*censored user* adm cdrom sudo dip www-data plugdev lxd lpadmin
$ sudo ls -l /usr/share/wordpress/
total 172
-rwxrw-r-- 1 www-data www-data 418 Apr 6 2018 index.php
-rwxrw-r-- 1 www-data www-data 7440 Apr 8 2018 readme.html
-rwxrw-r-- 1 www-data www-data 5697 Apr 8 2018 wp-activate.php
drwxrw-r-- 9 www-data www-data 4096 Jul 20 00:53 wp-admin
...
-rwxrw-r-- 1 www-data www-data 3065 Apr 6 2018 xmlrpc.php
P.S.: Any extra tips for wordpress security are useful.
Thanks
edit forgot the permissions of the directory, still confusing.
$ sudo ls -l -a /usr/share/wordpress/
total 180
drwxrw-r-- 5 www-data www-data 4096 Jul 20 17:13 .
drwxr-xr-x 162 root root 4096 Jul 20 02:40 ..
...
set execute bit permissions for group you belong to.
I'm using Raspbian Stretch Lite and I followed an official tutorial from RapberryPi.org to set up Pure-FTPd. So now I have a virtual user that can create files through FTP owned by ftpuser:ftpgroup.
I also add pi user in ftpgroup with following command :
usermod -a -G ftpgroup pi
But when I try to delete a file created by ftpuser it says
Operation not permitted
Here is a copy of my console :
pi#raspberry(rw):/var/ftp$ ls -la
total 4
drwxrwxrwt 2 root root 60 Jun 20 15:58 .
drwxr-xr-x 11 root root 4096 May 7 17:04 ..
-rwxrwxrwx 1 ftpuser ftpgroup 0 Jun 20 16:03 test
pi#raspberry(rw):/var/ftp$ whoami
pi
pi#raspberry(rw):/var/ftp$ grep -i --color 'ftpgroup' /etc/group
ftpgroup:x:1001:pi
pi#raspberry(rw):/var/ftp$ rm test
rm: cannot remove 'test': Operation not permitted
I don't understand why I can't remove test file if I'm in the ftpgroup and group has write permission.
You need write permissions om the directory as well. You change the TOC.
To illustrate this:
[ronald#lion tmp]$ ls -la
total 0
drwxr-xr-x. 2 root root 19 Jun 20 15:48 .
drwx------. 6 ronald ronald 195 Jun 20 15:48 ..
-rw-r--r--. 1 ronald ronald 0 Jun 20 15:48 hallo
[ronald#lion tmp]$ rm hallo
rm: cannot remove ‘hallo’: Permission denied
[ronald#lion tmp]$ id
uid=1000(ronald) gid=1000(ronald) groups=1000(ronald) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[ronald#lion tmp]$ su
Password:
[root#lion tmp]# chmod 777 .
[root#lion tmp]# exit
[ronald#lion tmp]$ ls -la
total 0
drwxrwxrwx. 2 root root 19 Jun 20 15:48 .
drwx------. 6 ronald ronald 195 Jun 20 15:48 ..
-rw-r--r--. 1 ronald ronald 0 Jun 20 15:48 hallo
[ronald#lion tmp]$ rm hallo
[ronald#lion tmp]$
You need write permissions with sudo usermod -a -G ftpgroup pi or you can can add pi user to sudo group with visudo, its work for me you please try once and let me know.
I'm trying to modify this Linux directory
drwxrwx--- 2 root testGrp 4096 dec 17 16:33 test2
I'm writing groups "user" which outputs this:
user : user adm cdrom sudo dip plugdev lpadmin sambashare developer testGrp
I have group permissions rwx for users in the group testGrp, somehow I cannot read from the directory or create files.
What am I doing wrong?
I'm not using SELinux, and still I can't get the apache user to create files in my cache storage directory. Can this work without using chown to change the user to the actual apache user?
[root#server live_storage]# getenforce
Disabled
[root#server live_storage]# su -s /bin/bash -c 'touch /home/admin/live_storage/c50d02d942c0a3d.cache' apache
touch: cannot touch ‘/home/admin/live_storage/c50d02d942c0a3d.cache’:
Permission denied
[root#server admin]# ls -lsa
total 84
4 drwx------. 10 admin admin 4096 24 mei 10:32 .
4 drwxr-xr-x. 3 root root 4096 9 mei 11:12 ..
4 drwxrwxrwx 3 admin admin 4096 24 mei 10:33 live_storage
[admin#server live_storage]$ touch '/home/admin/live_storage/c50d02d942c0a3d.cache'
[admin#server live_storage]$ ls '/home/admin/live_storage/c50d02d942c0a3d.cache'
/home/admin/live_storage/c50d02d942c0a3d.cache
Figured it out. Apache didn't have execute rights on the /home/admin directory. chmod +x /home/admin fixed the problem
In Linux, I am the owner of a file, then I tried to change owner to another account, failed. Operation not permitted. Do you know why ? I am the user 'BBB'. Thanks
-bash-4.1$ ls -al
drwxrwxrwx 2 AAA games 4096 Nov 23 14:39 .
drwxr-xr-x 3 AAA games 4096 Nov 23 14:36 ..
-rw-r--r-- 1 BBB esmgroup 16798 Nov 23 14:38 XXX-1.0-SNAPSHOT.jar
-bash-4.1$ chown AAA:games ./*.jar
chown: changing ownership of `./XXX-1.0-SNAPSHOT.jar': Operation not permitted
Only root can change the owner on the file. That's final.
You can do that by login to root using su or use sudo before your command.
More information here: https://unix.stackexchange.com/questions/27350/why-cant-a-normal-user-chown-a-file
You can change the file's group if you're in more than one group.
You should login to root account to be granted to change ownership to any user
You can type sudo before the command and then login to your root user