I have added the following to the file /etc/sudoers using the visudo command:
nick ALL=(ALL:ALL) ALL
But when I log in as nick and attempt something like mkdir .ssh I get:
mkdir: cannot create directory ‘.ssh’: Permission denied
Likewise, I cannot save files I have edited.
Running ls -la from the home directory gives me:
drwxr-xr-x 5 nick nick 4096 Apr 7 19:07 .
drwxr-xr-x 3 root root 4096 Apr 7 17:32 ..
-rw-r--r-- 1 nick nick 220 Aug 31 2015 .bash_logout
-rw-r--r-- 1 nick nick 3771 Aug 31 2015 .bashrc
drwx------ 2 nick nick 4096 Apr 7 18:29 .cache
drwxr-xr-x 2 root root 4096 Apr 7 19:07 .nano
-rw-r--r-- 1 nick nick 675 Aug 31 2015 .profile
Which if I'm not mistaken is showing that I have no write access to anything. (Correct me if I'm wrong. I'm only passingly familiar with UNIX permissions.)
Why can't this user do anything despite being given full permissions in sudoers?
UPDATE:
This problem fixed itself. I do not know what the problem was but it was no longer a problem when I logged on a couple days later.
For the record, I was attempting to configure a fresh DigitalOcean server running Ubuntu 15.10 x64. My local computer is a MacBook running El Capitan.
My guess is that the remote server restarted or somehow otherwise incorporated the change automatically in the interim. I had already tried running sudo reboot producing no results, so I'm still not sure how this could be.
I was also experiencing some local WiFi connection dropping at the time but as my SSH connection seemed to be operational I'm not sure if this could be related.
I'm also not an expert to Linux, but to me it seems like you have to use sudo mkdir .ssh instead of mkdir .ssh. You allowed your user to behave like root(who has rights to write to directory), but for doing that you have to use sudo command.
Here is the simple explanation of how it works(with pictures): https://www.garron.me/en/linux/visudo-command-sudoers-file-sudo-default-editor.html
Here is the serious documentation: https://help.ubuntu.com/community/Sudoers
Related
In my open vpn server, i am ensuring cron file permission to be only accessable from root user.
I have removed the at.deny and cron.deny files and have created at.allow and cron.allow and 0600 permissions are applied for files, both files are empty and file permissions are as below, which clearly says root has read and write access.
-rw------- 1 root root 0 Jul 21 08:40 cron.allow
-rw------- 1 root root 0 Jul 21 08:40 at.allow
however this change allows my openvpnas user to still list the crontab and even allows to edit cron.
openvpnas#openvpnas2:~$ crontab -l
no crontab for openvpnas
Where as when the file permissions are as below,
-rw-r--r-- 1 root root 0 Jul 21 08:41 cron.allow
-rw-r--r-- 1 root root 0 Jul 21 08:41 at.allow
It restricts my non root users to access or edit cron files! This issue is only with one of my server, where as other server permissions and behaviours are as expected,
openvpnas#openvpnas2:~$ crontab -l
You (openvpnas) are not allowed to use this program (crontab)
See crontab(1) for more information
Please provide your inputs on this, this has kept me blocked from continuing my work.
This issue i faced was in Ubuntu 18.04 instance,
Current /usr/bin/crontab permission was as below,
-rwxr-sr-x 1 root crontab 39352 Nov 16 2017 /usr/bin/crontab
Had to change the group user from crontab to root and file permission to as below,
sudo chmod 4755 /usr/bin/crontab
sudo chown root:root /usr/bin/crontab
-rwsr-xr-x 1 root root 39352 Nov 16 2017 /usr/bin/crontab
This permission restricts the non-root user to schedule cronjobs. The access can be allowed to non-root users by adding the user names in cron.allow file.
openvpnas#openvpnas2:~$ crontab -l
You (openvpnas) are not allowed to use this program (crontab)
See crontab(1) for more information
In Linux, I am the owner of a file, then I tried to change owner to another account, failed. Operation not permitted. Do you know why ? I am the user 'BBB'. Thanks
-bash-4.1$ ls -al
drwxrwxrwx 2 AAA games 4096 Nov 23 14:39 .
drwxr-xr-x 3 AAA games 4096 Nov 23 14:36 ..
-rw-r--r-- 1 BBB esmgroup 16798 Nov 23 14:38 XXX-1.0-SNAPSHOT.jar
-bash-4.1$ chown AAA:games ./*.jar
chown: changing ownership of `./XXX-1.0-SNAPSHOT.jar': Operation not permitted
Only root can change the owner on the file. That's final.
You can do that by login to root using su or use sudo before your command.
More information here: https://unix.stackexchange.com/questions/27350/why-cant-a-normal-user-chown-a-file
You can change the file's group if you're in more than one group.
You should login to root account to be granted to change ownership to any user
You can type sudo before the command and then login to your root user
I can see my below folders having dot at the end of permissions
drwxr-xr-x. 2 root root 4096 May 26 2010 java-1.7.0
drwxr-xr-x. 2 root root 4096 May 26 2010 java-1.6.0
drwxr-xr-x. 2 root root 4096 May 26 2010 java-1.5.0
How can I create a new folder with similar permissions ?
I found a way to do it, in case anyone needs it.... posting answer :
[root#XXXXX share]# chcon -h system_u:object_r:usr_t:s0 java-1.8.0
[root#XXXXXXshare]# ls -dZ java-1.8.0
drwxr-xr-x. root root system_u:object_r:usr_t:s0 java-1.8.0
A good read: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html
you are using a Redhat based distro, that means selinux permissions, you can use:
ls -lZ
From man page
man ls
-Z, --context
print any SELinux security context of each file
If you want to use Selinux, you can start from here
Selinux permissions are a big topic.
I am new to linux. when i list the files under folder 1, i see below result
-rwxrwxrwx 1 root root 920 Jun 3 10:36 file1.xsd
-rwxrwxrwx 1 root root 920 Jun 3 10:36 file2.xsd
drwxrwxrwx 2 ubuntu ubuntu 4096 Jun 12 11:10 temp
-rwxrwxrwx 1 ubuntu ubuntu 1853 Jun 19 11:07 file3.xsd
for some files(file1 and file2) root root is written after permisionsbut for file3 ubuntu ubuntu is displayed.
what is difference b/w ubuntu ubuntu and root root ?
How can i change ubuntu ubuntu for file 3 to root root ?
The first "root" stands for user name and second "root" stands for the group name. By design, Ubuntu uses "sudo" command to run other commands "as root", and the actual root user is not used.
So what that means, every time you use the command sudo to run a command, it is actually being done as root. That's most likely the reason for the two of your files being owned by root (and the group root).
You can change the ownership of the file with command chown:
chown root:root file3.xsd
I am configuring hadoop on Ubuntu os. I need to create RSA key pair to allow hadoop to interact with its nodes, so i running this command:
hadoop#ubuntu:~$ ssh-keygen -t rsa -P ""
then I get this:
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa):
Could not create directory '/home/hadoop/.ssh': permission denied.
Enter passphrase (empty for no passphrase ):
Enter same passphrase again:
open /home/hadoop/.ssh/id_rsa failed: No such file or directory.
Saving the key failed: /home/hadoop/.ssh/id_rsa.
Forgot to create .ssh dir in your home?
Try that:
mkdir -p ~/.ssh
then re-run ssh-keygen.
Also possibly you doing ssh-keys creation from wrong user.. You started that shell using sudo?
Try to set HOME dir manually or enter right path in prompt.
check your home directory name and permissions
echo $HOME
cd ~ ; ls -l
ls -l .ssh
ls -lR .ssh
if above output is OK and you have correct permissions, perhaps your quota is full
try with "sudo" and see what happens...
Seems like current user doesn't own the contents under home directory.
Gain the ownership as shown as below:
admin#mydb22-02:~$ sudo chown admin.admin /home/admin/
admin#mydb22-02:~$ ls -la
total 32
drwxr-xr-x 2 admin admin 4096 Nov 3 23:29 .
drwxr-xr-x 3 admin admin 4096 Dec 23 2012 ..
-rw------- 1 admin admin 191 Feb 13 2013 .bash_history
-rw-r--r-- 1 admin admin 220 Apr 3 2012 .bash_logout
-rw-r--r-- 1 admin admin 3486 Apr 3 2012 .bashrc
-rw-r--r-- 1 admin admin 675 Apr 3 2012 .profile
-rw-r--r-- 1 admin admin 0 Nov 3 23:29 .sudo_as_admin_successful
-rw------- 1 admin admin 4221 Nov 3 20:31 .viminfo
generating keys would work now as .ssh directory will now be created and owned by current user after generating the assymetric keys
I have spent arround 1 hr on this and finally got the solution. It is due to permission problem. You have to use chown for your 'hadoop user'.
1. First make hadoop directory.
cd /home
mkdir hadoop
then check 'ls -l'. it gives result like :
drwxr-xr-x 2 hadoop hadoop 4096 Aug 22 22:17 hadoop
2. sudo chown hadoop.hadoop /home/hadoop/
3. Then run remaining command for key generater.