I have some file and can't delete it.
File created my user www-data:
-rw-rw-r-- 1 www-data www-data 17408 Jun 3 16:18 0.48257900 1464959885_555.png
I am trying to delete it by user lifesim:
rm -rf *
rm: cannot remove '0.48257900 1464959885_555.png': Permission denied
Why I can't delete that file?
lifesim#srvJH:~/public_html/upload/blog/posts/2016-06-03$ whoami
lifesim
lifesim#srvJH:~/public_html/upload/blog/posts/2016-06-03$ id lifesim
uid=1001(lifesim) gid=33(www-data) groups=33(www-data)
lifesim#srvJH:~/public_html/upload/blog/posts/2016-06-03$ id www-data
uid=33(www-data) gid=33(www-data) groups=33(www-data),1001(lifesim)
File created by my PHP script.
Lars Fischer is right: you need to have write permission to delete a file from a directory.
As clarified in the comments below the question: your lifesim user has no rights to change the directory containing the file.
Give lifsim or the group "w" permissions on the diretory or use the www-data user for the deletion.
Deleting (or creating) a file means we modify the directory (imagine the directory is just a database document with the file metadata) and remove (or add) the metadata of the file. Thus we must be able to change the directory.
Related
I have a folder that has permissions set to 2760. The folder seems to be owned by www-data user and group.
drwxrwS--- 2 www-data www-data 196 Dec 5 19:52 folder
I added new user to www-data group, but it still cant access the folder without modifying permissions on the folder?
How can I modify the user to allow it to read that folder?
I tried re-logging in, but it still doesn't let the user view the folder.
I just need this user to be able to read / download the files from that folder.
UPDATE:
Added out put of:
getfacl folder
Output:
# file: folder
# owner: www-data
# group: www-data
# flags: -s-
user::rwx
group::rw-
other::---
With the mode 2760, resp. drwxrwS---, the group has permission to read and write the directory, but can not access anything inside the directory (because the executable bit is missing). You likely want to use 2770, resp. drwxrws--- instead.
The setgroup-id bit is not important when reading files as (in this case, i.e., when set on a directory), it affects the default group of newly created files within the directory. Instead of using the primary group of the current user, new files will be created with the group set to the group of the parent directory (if allowed)
With that being said, if you only want the owner to add files and members of the group to read files from the directory, you can simply use mode 0750, resp. rwxr-x--- on your directory.
I have a directory at
/home/ec2-user/vertica1
and I'm trying to get user dbadmin all privilages in that folder.
I've done chown to dbadmin and chmod 777 on that folder but dbadmin still gets a permission denied error.
If I put sudo in front of the command(I put dbadmi in sudoers), then it works. Why can't I get it to work without sudo?
Can dbadmin traverse /home/ec2-user? Try doing chmod a+x /home/ec2-user
There could be more reasons for being denied, like a specific acl or a LSM but this is the most likely cause.
UNIX permissions on directories
The UNIX permissions rwx¹ work on directories as follows:
r: You can view the contents of the directory (the names of the files or folders inside)
w: You can create new files, delete or rename existing files.
x: You can traverse the folder.
The traverse permission means that you can access the folder children (assuming you know its name -which you can obtain if you also have read permission-).
In this case dbadmin could read and traverse / as well as /home, but /home/ec2-user probably had a mode like drwx------ 2 ec2-user in order to protect its contents. Thus, even if you had an important file readable by anyone deep inside your home folder, other users can't get into it, since they wouldn't be able to go pass /home/ec2-user (which is exactly what you wanted to do, in this case).
¹ Note that I am skipping over the more exotic ones.
what is the result of ls -la for this dir and also parent dir? Maybe the directory doesn't have read permissions for your user.
sudo chmod ug+r vertica1
Also ec2-user directory should be writable by the user dbadmin.
I have created a directory /var/dir as root and give permission like:
#chown -R kute:kute /var/dir
#ls-l /var/dir
#drwxrwxrwx 2 kute kute 4096 May 30 04:04 /var/dir
and then i login as kute and tried to delete the directory. but it shows like
rm: cannot remove `/var/dir': Permission denied
And I can't give write permission to parent directory to delete the file
That is because it is not a directory. Sorry, but that is a symbolic link as you can see when looking at the permissions. Whatever you did, you did not create that directory. And the permissions line you posted certainly is not complete. The inode the link points to is missing.
I'm trying to give read permissions to lighttpd access logfiles to normal users which are on the same system.
The permissions are currently:
-rw-r--r-- 1 www-data www-data 211K Feb 28 11:27 /var/log/lighttpd/access.log
So, if I understood correctly others have read permissions. Unfortunately this doesn't seem to work. If I try to read this file with an user account I get:
/var/log/lighttpd/access.log: Permission denied
I already tried to add the user to the group www-data which didn't work as well.
Any hints what I'm doing wrong here?
To access a file, the system needs the execute permission on all the directories containing the file.
In this case it was necessary to issue the chmod o+x /var/log/lighthttps command (after making sure that the user belongs to the "other" part of the permission set).
The "execute" permission for a directory allows you to enter it. The "read" permission for the directory allows you to see the names of the files inside. The interesting thing is that you can give the x permission alone, what means that anyone can access the files inside, but he needs to know its names.
You might not have execute permission for the lighthttpd so the directory does not give the permission to access its containing file.
Use the command to set the execute permission to that directory.
chmod +x /var/log/lighthttpd
I'm trying to configure my local server htdocs folder to write in it without root powers, but without the ugly way of chmod 777. I created a new group, I set it to the folder, I changed the permissions to 775 and I add my user to this new group. This is the result:
$ ls -ld .
drwxrwxr-x 4 nobody htdocs 4096 ago 27 2009 .
$ id asbel
uid=1000(asbel) gid=1000(asbel) grups=1000(asbel),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),109(lpadmin),124(sambashare),1002(htdocs)
$ touch test
touch: no s’han pogut canviar les dates de «test»: S’ha denegat el permís
The answer of the last command says that I don't have permissions to write here.
What is wrong here? Also, I want that when I create new folders they have same group permissions since I want that other users of the group could modify them. Is it correct?
For the new group to take effect, you must log out and log in again (opening a new shell is not sufficient)
#n.m. (originally a comment to this question)