/etc/apache2/sites-available/000-default.conf Permission Denied - ubuntu-14.04

/etc/apache2/sites-available/000-default.conf
What should I do to access this file
I want to change DocumentRoot From /var/www/html To /var/www

First check to see who owns the file:
ls -l /etc/apache2/sites-available/000-default.conf
It should probably be something like www-data. For the rest of this answer I assume the user is www-data, replace it with the correct user on your system.
Verify you have permissions to act as that user, e.g.:
sudo -u www-data id
This command just runs the id command as the www-data user, you may have to enter a password.
Edit the file as the owner of the file:
sudo -u www-data vi /etc/apache2/sites-available/000-default.conf
(or emacs or nano or whatever your favorite editor is).
If none of that works, the file permissions might be messed up, for example maybe the user of the file is not allowed to write to it. In that case posting the output of:
ls -l /etc/apache2/sites-available/000-default.conf
may be helpful in resolving your issue, but you probably can't go wrong by doing a:
sudo -u www-data chmod o+rw /etc/apache2/sites-available/000-default.conf
This grants the owner read and write permissions on the file, then try the edit again.
If none of that works please post the exact command you are running, and the exact error message.

You need to access this file as a root user. Issue the command
sudo -s
to get a root shell, then edit that file with the editor of your choice.

Just run this command and you can edit that file
gedit admin:///etc/apache2/sites-available/000-default.conf

Related

How to chmod without root account?

I don't have root account.
I made mistake with my /etc/sudoers files.
I changed mode my /etc/sudoers files to 777
and then, my 'sudo' command has not started work..
sudo: /etc/sudoers is world writable
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
someone said try to use pkexec chmod 0440 /etc/sudoers,
but it ask me root Password..
and I can't reboot my server..
what can I do. help me please.

How to set specific user can run certain root command in redhat

i want to ask for a specific user to use certain root commands in redhat?
my server run redhat OS 7.6. i dont have any idea how to set a user that can run certain commands from root.
let say i have one user id name MY_CIT, so MY_CIT can run certain commands for example to create print queue #lpadmin -p printer -v socket://printer:9100 -E
so MY_CIT no need root access to trigger the command.
Anyone experience on this? kindly help. thanks
You'll be able to use file ACLs. As a test I removed execute permissions from the nano command, just to show how this will work.
You won't need to do this, however, you will need root permissions to the machine. Instead of nano, use 'lpadmin' as per your requirements
[root#server bin]# chmod o-x /bin/nano
[root#server bin]# ls -lah /bin/nano
-rwxr-xr-- 1 root root 202K Jun 10 2014 nano
To test, we change to user1 and try use nano to edit a file:
[user1#server ~]$ nano file1
-bash: /bin/nano: Permission denied
Now, as root again, we add an ACL to the nano program. This allows only user1 to execute the program.
[root#server bin]# setfacl -m u:user1:x /bin/nano
Display ACL with getfacl:
[root#server bin]# getfacl /bin/nano
getfacl: Removing leading '/' from absolute path names
# file: bin/nano
# owner: root
# group: root
user::rwx
user:user1:--x <<-- Note this
group::r-x
mask::r-x
other::r--
As user1, we are able to use the nano program, but not as user2:
[user1#server ~]$ nano file1
[user1#server ~]$ ls
file1
[user1#server ~]$ exit
logout
[root#server bin]# su - user2
[user2#server ~]$ nano file1
-bash: /bin/nano: Permission denied
ACLs allow admins to extend permissions past just user/group/other. You're able to set permissions for specific users on the system.
Run command with a root privilege:
sudo visudo
It opens file /etc/sudoers for edit.
Add this line at the end of the file (and after keep one blank line):
MY_CIT ALL = NOPASSWD: /usr/sbin/lpadmin
where:
MY_CIT - name of your user
/usr/sbin/lpadmin - path to executible file. Note please that in your distro path can be different. You can check this with command whereis lpadmin.
After user can run command lpadmin with arguments with sudo without password:
sudo lpadmin ...

Add permission to two users (my apache server and myself)

I want my php script to be able to create file, edit, and delete it, so I need to give it permissions to do so in Linux.
I've done this with one of the stackoverflow answers with this code:
sudo chown -R www-data:www-data .
But when I do so, I lose my user access to files - so I can't open them with gedit for example until I change permissions back like so:
sudo chown -R igor /var/www/html/demo/myDir
I think I need to give permission to Apache, but leave my access as well. I feel there is some easy answer to make it work, but I can't find one. Any suggestions?
You are changing the owner of the files, if you want to change the permission of the files without changing the owner you need to use : chmod.
For example if you want to read write and execute on the current folder you can use: chmod 777 .
If what you want is the two users have the same permissions over the folder you could add your user to the group www-data (assuming that you are in the files folder):
sudo usermod -a -G www-data youruser
sudo chgrp -R www-data .
sudo chmod -R 770 .

How to give a directory back its sudo admissions/permissions?

I recently installed LAMP on my Ubuntu 14.04 laptop. But I didn't have full/root access to the files var/www and etc/apache2/sites-enabled/000-default.conf so I did some research to change permissions and admissions to the directory, using this command in the terminal:
sudo chown -R username:group directory
It worked perfectly. But now I can't do any sudo commands in the terminal. I wanted to restart the apache server but here is what it showed me:
sudo: /etc/sudoers is owned by uid 1000, should be 0
sudo: no valid sudoers sources found, quitting
sudo: impossible d'initialiser le greffon de règles
(my computer is in french btw).
What I want to know is how to set it back to sudo. I hope I explained myself good enough. If you need additional info that I didn't state please tell me. I will add it. Thnx.
Seems like you chown'd /etc/sudoers.
Try:
sudo chown root:root /etc/sudoers
Then if you want read/write privileges, see which group the folder /var/www belongs to (probably www-data)
To add yourself to the www-data group, try:
sudo useradd -a -G www-data yourUserName
Also, as a side note; be careful of recursive commands!!! If you're not sure what a command does, test it on a single file before making it recursive. For example:
DO NOT RUN THIS CODE, I DON'T INCLUDE SUDO ON PURPOSE SO YOU DONT HOSE EVERYTHING
rm -r /
Will delete everything inside / (a lot of stuff!)

how to run svn update via svn post-commit hook

Goal: update /var/www with latest on svn commit.
ubuntu server 10.10, latest apache2, latest svn, location: /var/svn/[projectname]
To do this I created a simple post-commit script:
#!/bin/bash
#tests if www-data user runs this script on commit (which it does)
touch /tmp/test.log
#works when run from the command line (sudo ./post-commit) but not when run by www-data
sudo /usr/bin/svn update /var/www
To fix the issue of the second command not working as www-data I tried...
Editing: sudo visudo and added (at the end): www-data ALL=(ALL) NOPASSWD:ALL
Chowning: /var/www to www-data:www-data
Chmoding: all of /var/www to 777
Still no luck... any ideas?
What if you run this:
su - www-data -c '/usr/bin/svn update /var/www'
(The sudo is not needed if /var/www/ is 777 and owned by www-data..)
As the root user? (then it suid()s as www-data and run the command).
It should give more information on what does actually fail.
Or, you could try logging the svn update output from your post-commit hook:
/usr/bin/svn update /var/www &> /tmp/my-svn-update.log
I think that these two tests should give you more informations on what happened.
SIDE NOTE: I'm not sure you really want to take the risk of having www-data able to run any command as the root user.. If you absolutely need to have it run svn as root (I don't see the point there, but it could be), just use this in your /etc/sudoers:
www-data ALL=NOPASSWD: /usr/bin/svn
I went first with the logging mechanism you suggested and that helped fix it! Thank you!
The outputted error had something to do with an filename in the repro which couldn't be converted to UTF-8. I deleted the file and it worked. But why it worked when calling post-commit directly... I've no clue.
BTW, I was mistaken about it being bash (it was sh) so I had to change &> to 2>
Also, I deleted the checked out files, reset the permissions and owner back to normal on /var/www and then checked them out again.
my final sudoers line:
www-data ALL=NOPASSWD:/usr/bin/svn update /var/www
Thanks so much for the help!

Resources