I'm trying to figure out a way to set permissions recursively 700 for dirs and subdirs on a specific path and 600 for files. I would use these commands:
find /path -type d -print0 | xargs -0 chmod 700
find /path -type f -print0 | xargs -0 chmod 600
But the user does not have permission to run the "find" command.
As a workaround I tried to make a script that contains the above commands from the root user with setuid sticky bit set so it will run with root privileges (like passwd or sudo commands that normal users run with root privileges):
chmod 4755 script.sh
but i cannot execute the script from the limited user account, it still says that I don't have permission to run the find command.
Does anyone have any idea how i can accomplish this without having to use the find command?
Edit:
OS: Centos 6.5
Apparently this is very easy to implement. There are 2 ways: using chmod only, or setting ACL (access control list) on the desired path:
Using chmod i would run:
chmod -R 600 /path # to remove executable permissions
chmod -R u=rwX,g=,o= /path # to make directories transversable
for the user owner i'm giving capital "X", so it does apply only to directories and not files.
Using ACL:
setfacl -Rm u::rwX,g::0,o::0 /path
setfacl -Rm d:u::rwX,g::0,o::0 /path
again using capital X so it applies only to directories and not files. The first command applies the ACL, the second one makes it default policy so newly created files will inherit the desired permissions.
Related
If folder folder is read/write/execute accessible to me, then it should become read/write/execute to everyone.
Calling chmod -R 777 ./folder does not suit, because it makes all files executable, even those that were not executable before.
Is there an easy way?
You could do it with UNIX find combined with the exec flag to run a chmod command on every file that matches a filter, and filter on the executable bit.
e.g.
first find the non executable files recursively and change them to all RW
find ./folder -not -executable -exec chmod a=rw {} \;
then find all the executable ones recursively and change them to all RWX
find ./folder -executable -exec chmod a=rwx {} \;
You might want to add add the files in the folder to a user group like everyone or users depending on your distro.
chown -R <youruser>:everyone ./folder
You can check what available user groups you have with groups command.
A junior team member did a nasty chmod -R 777 in /etc/ and cause SSH cannot login remotely in a Ubuntu server. Now I fixed this login issue by manually set the correct file permissions on /etc/ssh/*, /etc/sudoers, /etc/ssl/* by comparing other normal system. But there are so many other files which may cause future issues.
I am thinking to use rsync to do the work, but don't want it to sync file contents, just permissions, no more work.
Is that possible? I see rsync has -a option but it does too much.
If you have the "normal" content of /etc available on the same system (like mounted in some other directory, let's say /mnt/correct/etc), you could use the --reference parameter to chmod and chown commands, and combine it with find that is started from the "normal" directory:
$ cd /mnt/correct/etc
$ find . ! -type l -exec chown -v --reference='{}' /etc/'{}' \;
$ find . ! -type l -exec chmod -v --reference='{}' /etc/'{}' \;
(I'm assuming you're on a UNIX system with GNU coreutils versions of chmod and chown.)
The "! -type l" condition in find excludes symbolic links, because otherwise chmod will use the link's permissions to change the file the link points to (and same applies to chown).
Please note you can also try something that won't necessarily make you need to copy files from one place to another (depending on the filesize it may be desired)
You could use a mix of find and some grepping to generate a shell script to be executed on the host where you need to fix permissions.. you could use the same approach to generate a script for changing users/groups as well.. for example:
# find . -printf 'chmod %m %p #%M\n' | sort -k3 | grep -Pi '\s+\S*s\S*$' > /var/tmp/fix_permissions.bash
# bash /var/tmp/fix_permissions.bash
In the example above, what it does is to list all the files with their attributes in this format:
chmod 2755 ./addfs_7.1.0/bin #drwxr-sr-x
chmod 2755 ./addfs_7.1.0/config #drwxr-sr-x
chmod 2755 ./addfs_7.1.0 #drwxr-sr-x
chmod 2755 ./addfs_7.1.0/install #drwxr-sr-x
chmod 2755 ./addfs_7.1.0/library.dda #drwxr-sr-x
chmod 2755 ./addfs_7.1.0/library #drwxr-sr-x
chmod 2755 ./autosimimport #drwxr-sr-x
And in my case I only want to sync those with the 's' flag, so I filter with grep -Pi '\s+\S*s\S*$'. Sort was there as well because I had to compare the files in the other host.
TLDR
If you just want to apply all the permissions with no filtering or comparing:
Create a script with the correct permissions on the "base" host
find . -printf 'chmod %m %p\n' > /var/tmp/fix_permissions.sh
Execute the script in the other host
bash /var/tmp/fix_permissions.sh
This question already has answers here:
How do I change permissions for a folder and its subfolders/files? [closed]
(19 answers)
Closed 8 years ago.
In Ubuntu I want to change the file permissions of a whole folder and all its sub folders to read/write by anybody
I have tried sudo chmod 666 /var/www and sudo chmod 755 /var/www without success
update
I have since found that changing privileges can also be done in the GUI by opening nautilus as sudo.
So that you don't mess up other permissions already on the file, use the flag +, such as via
sudo chmod -R o+rw /var/www
If you just want to change file permissions, you want to be careful about using -R on chmod since it will change anything, files or folders. If you are doing a relative change (like adding write permission for everyone), you can do this:
sudo chmod -R a+w /var/www
But if you want to use the literal permissions of read/write, you may want to select files versus folders:
sudo find /var/www -type f -exec chmod 666 {} \;
(Which, by the way, for security reasons, I wouldn't recommend either of these.)
Or for folders:
sudo find /var/www -type d -exec chmod 755 {} \;
Add -R for recursive:
sudo chmod -R 666 /var/www
I have a LAMP server where I've run the following commands to set permissions of files in /var/www:
groupadd web
usermod -a -G web my_user
chown -R root:web /var/www
chmod -R 775 /var/www
chmod -R g+s /var/www
My goal is to have all files writable by any member of the "web" group. Is there a secure way to allow file uploads (e.g. within Wordpress) without changing the file ownership? Note: this is a private server.
One way of applying permissions to just directories is to use the find command. For example:
# Set the owner and group on everything.
chown -R root:web /var/www
# Make *directories* read/write/execute and set the `sgid` bit.
find /var/www -type d -print | xargs chmod g+rwxs
You don't want to run chmod -R 775 /var/www because this will make all your files executable, which is probably not what you want.
I'm trying to figure out what is the best file permissions/user/groups for files under my document root?
I have the following file structure
/home/user/public_html/
under public_html are all of my php files and directories.
I have one directory /home/user/public_html/files/ where people upload images to that directory.
What is the most secure way to distribute file permissions/groups/user so that apache can properly display the php files and directories?
Should I make public_html owned by apache? What group should I use for public_html?
thanks!
My Favourite mix of permissions for apache is to give it ownership of apache:apache, all folders chmod to 550 or 555, and all files chmod to 440/444. I suggest the following:
/home/user/public_html/ owned by apache:apache with permissions 555 (read/x by everyone)
/home/user/public_html/files/ owned by apache:apache with 775 (read/write/x by root/apache, read/x by all)
First need to find which user running https / apache2 server
ps -aux | grep apache2
Most of times apache or www-data comes
We need to set this user
chown -R www-data:www-data /var/www/html
Then file permission should be 644 and folder 755
we can do that using find command
find /var/www/html -type f -not -perm 644 -exec chmod 644 {} \;
find /var/www/html -type d -not -perm 755 -exec chmod 755 {} \;