I am provisioning a postgresql server on an TinyCore64 machine and there are some files and folders that cannot be accessed by the user postgres despite the fact that I have changed the permissions, ownership and group of everything. Here are the commands and the folder structure:
sudo -u postgres ls /etc/ssl/
# success
# Permissions: drwxr-xr-x 6 root root
sudo -u postgres ls /etc/ssl/private
# ls: cannot open directory /etc/ssl/private/: Permission denied
# Permissions: drwxr-xr-x 2 postgres postgres
I am stumped. What am I doing wrong?
Edit:
Posted the exact transcript.
root#121e7b1cdaa4:~# sudo -u postgres ls -al /etc/ssl
total 28
drwxr-xr-x 6 root root 4096 Jun 12 08:33 .
drwxr-xr-x 161 root root 4096 Jun 12 08:33 ..
drwxr-xr-x 2 root root 4096 Jun 12 08:33 certs
-rw-r--r-- 1 root root 10835 May 2 20:29 openssl.cnf
drwxr-xr-x 2 postgres postgres 4096 Jun 12 08:33 private
root#121e7b1cdaa4:~# sudo -u postgres ls -al /etc/ssl/private/
ls: cannot open directory /etc/ssl/private/: Permission denied
Edit:
posted the strace output:
root#121e7b1cdaa4:~# strace -f sudo -u postgres ls -al /etc/ssl/private/
....
[pid 4270] close(3) = 0
[pid 4270] openat(AT_FDCWD, "/etc/ssl/private/", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 EACCES (Permission denied)
[pid 4270] write(2, "ls: ", 4ls: ) = 4
[pid 4270] write(2, "cannot open directory /etc/ssl/p"..., 39cannot open directory /etc/ssl/private/) = 39
[pid 4270] write(2, ": Permission denied", 19: Permission denied) = 19
[pid 4270] write(2, "\n", 1
) = 1
....
Check permissions on "/etc/ssl" directory - it seems that 'postgres' user on your system does not have 'rx' rights somewhere on the full path to the target.
It should be smth like :
kaa#aknb5:~$ ls -l /etc/ |grep ssl
drwxr-xr-x 4 root root 4096 Jun 13 11:00 ssl
kaa#aknb5:~$ uname -a
Linux aknb5 3.2.0-61-generic-pae #93-Ubuntu SMP Fri May 2 21:46:08 UTC 2014 i686 i686 i386 GNU/Linux
kaa#aknb5:~$
Related
I am in the group root who owns a file and all the directories above. Why do I have no access to this file? CentOS 7
$ ls /etc/systemd/system | grep parts.service
ls: cannot access /etc/systemd/system/parts.service: Permission denied
-????????? ? ? ? ? ? parts.service
With SUDO:
$ sudo ls /etc/systemd/system | grep parts.service
-rw-rw-rw- 1 root root 563 Feb 13 09:59 parts.service
Checking for an ACL:
$ sudo getfacl /etc/systemd/system/parts.service
getfacl: Removing leading '/' from absolute path names
# file: etc/systemd/system/parts.service
# owner: root
# group: root
user::rw-
group::rw-
other::rw-
My groups:
$ groups
root wheel docker poweruser
Parent directories
drwxr-xr-x 155 root root 12288 Jul 17 09:04 etc/
drwxr-xr-x 4 root root 151 Nov 11 2019 systemd/
drw-rw-r-- 19 root root 4096 Jun 19 18:14 system/
sudo is used to verify that you are the user with which you are logged. you can access root files with your user, but you have to tell your PC that you want to acces files from the root group
I have folder in /media on ubuntu - shared from windows via fstab and cifs-utils. Can I share this folder to other user: "miki" (not root)
root#localhost:/media#
drwxr-xrwx 4 root root 4096 Nov 15 12:21 .
drwxr-xr-x 23 root root 4096 Nov 14 06:34 ..
drwxr-xr-x 2 padm root 0 Nov 15 09:34 Archive
drwxr-xrwx 2 root root 4096 Feb 25 2019 kekik
I have try with:
root#localhost:~# sudo chmod -R 757 /media/Archive/
but get:
chmod: changing permissions of '/media/Archive/': Permission denied
Find a solution:
need to modify /etc/fstab by changing:
//windowsServer/Archive /media/Archive cifs username=wundowsuser,password=somepass,uid=1000,iocharset=iso8859-1,rw,file_mode=0777,dir_mode=0777,vers=1.0 0 0
and change group of folder (must umont it first!)
sudo umount -l /media/Archive
sudo chown miki:miki /media/Archive/
Please find below set of cmds & outputs
[ec2-user#ip-172-31-38-218 opt]$ ls -al
total 9416
drwxr-xr-x 3 root root 4096 Nov 7 13:52 .
dr-xr-xr-x 25 root root 4096 Nov 7 13:16 ..
-rw-r--r-- 1 root root 9625824 Sep 4 22:52 apache-tomcat-8.5.34.tar.gz
drwxr-xr-x 5 root root 4096 Aug 11 01:26 aws
[ec2-user#ip-172-31-38-218 opt]$ sudo groupadd tomcatgrp
[ec2-user#ip-172-31-38-218 opt]$ sudo useradd -s /bin/false -g tomcatgrp -d /opt/tomcatfolder tomcatuser
[ec2-user#ip-172-31-38-218 opt]$ ls -al
total 9420
drwxr-xr-x 4 root root 4096 Nov 7 13:53 .
dr-xr-xr-x 25 root root 4096 Nov 7 13:16 ..
-rw-r--r-- 1 root root 9625824 Sep 4 22:52 apache-tomcat-8.5.34.tar.gz
drwxr-xr-x 5 root root 4096 Aug 11 01:26 aws
drwx------ 2 tomcatuser tomcatgrp 4096 Nov 7 13:53 tomcatfolder
Now, when I run the cmd I am getting Permission denied as follows
[ec2-user#ip-172-31-38-218 opt]$ cd /opt/tomcatfolder/
-bash: cd: /opt/tomcatfolder/: Permission denied
Can you please help in resolving this above issue..?
I followed instructions of installing Tomcat from this link how-to-install-apache-tomcat-8-on-centos-7
It seems you are the ec2-user, but the directory is owned by tomcatuser and the permissions on the directory do now allow other users or groups to read it.
Try sudo chmod 755 /opt/tomcatfolder/ and then cd into it.
That will add read and execute permissions to the directory.
The command mkdir creates a file rather than a directory on a mounted network drive on a windows 10 system operating under the Windows sub-system for linux, using the Ubuntu app.
After installing the ubuntu app and putting the windows machine into developer mode I successfully mounted a remote network drive using the command:
sudo mount -t drvfs '\\networkdrive\sharename' /mnt/U
which successfully mounts the network drive at the mount point. I can see the files on the remote drive. However when looking at a directory on the remote machine and issuing the command
mkdir Source
a file called Source is created on the remote drive rather than a directory.
I tried this on two completely different laptops running windows 10, which I set up in exactly the same way and the same problem happens. The windows 10 machines are in developer mode and running the latest version of the ubuntu app. This is a pretty fundamental thing to have go wrong so I'm guessing it's a bug of some sort.
The snippet below is the terminal output which illustrates the problem.
username#~$ pwd
/home/username
username#~$ sudo mount -t drvfs '\\networkdrive.host\sharename\' /mnt/U
[sudo] password for username:
username#~$ cd /mnt/U/People/username/projects/Vesiform
username#Vesiform$ ls -al
total 0
drwxrwxrwx 0 root root 512 Mar 29 2018 .
drwxrwxrwx 0 root root 512 Mar 28 12:04 ..
drwxrwxrwx 0 root root 512 Mar 28 11:12 Builder
drwxrwxrwx 0 root root 512 Mar 28 11:42 Library
drwxrwxrwx 0 root root 512 Mar 28 11:42 NPack
drwxrwxrwx 0 root root 512 Mar 28 11:42 PDBProc
drwxrwxrwx 0 root root 512 Mar 28 11:55 Projects
drwxrwxrwx 0 root root 512 Mar 28 11:55 SpacePack
drwxrwxrwx 0 root root 512 Mar 28 11:55 Utilities
username#Vesiform$ mkdir Source
username#Vesiform$ ls -al
total 0
drwxrwxrwx 0 root root 512 Mar 29 2018 .
drwxrwxrwx 0 root root 512 Mar 28 12:04 ..
drwxrwxrwx 0 root root 512 Mar 28 11:12 Builder
drwxrwxrwx 0 root root 512 Mar 28 11:42 Library
drwxrwxrwx 0 root root 512 Mar 28 11:42 NPack
drwxrwxrwx 0 root root 512 Mar 28 11:42 PDBProc
drwxrwxrwx 0 root root 512 Mar 28 11:55 Projects
-rwxrwxrwx 1 root root 0 Mar 29 2018 Source
drwxrwxrwx 0 root root 512 Mar 28 11:55 SpacePack
drwxrwxrwx 0 root root 512 Mar 28 11:55 Utilities
username#Vesiform$ cd Source
-bash: cd: Source: Not a directory
username#Vesiform$
I'm struggling to understand how to apply directory and file permissions so that files and directories created by the ftp user, via an ftp client, are browsable. In other words 755 is applied by default.
I'm running Apache 2 on Ubuntu 14.04.2 LTS, Trusty Tahr, with vsftpd server.
My directory structure is as follows.
var/www/
var/www/sites/
var/www/sites/master_demo/public_html
var/www/sites/test_site/public_html
I've run the following
usermod -aG www-data test_user
chgrp -R www-data /var/www/sites/test_site/public_html/
chown -R test_site:www-data /var/www/sites/test_site/public_html/
chmod -R 755 /var/www/sites/test_site/public_html/
Permissions on the directories are as follows:
cd var/www/sites/
ls -l
dr-xrws--- 3 master_demo www-data 4096 Jun 17 14:00 master_demo
drwxr-xr-x 3 test_site www-data 4096 Jun 16 13:32 test_site
cd var/www/sites/test_site/
ls -l
drwxr-xr-x 3 test_site www-data 4096 Jun 17 17:43 public_html
When a file is added using ftp by the test_site user these are the permissions
-rw------- 1 test_site test_site 152 Jun 18 08:27 about.html
drwx------ 2 test_site test_site 4096 Jun 18 08:27 css
-rw------- 1 test_site test_site 152 Jun 18 08:27 index.html
How do I get the file to automatically be given the correct permissions so the files are browsable (755)? I know the obvious answer might be to run a batch file, but is that necessary? I don't want to have to run the command everytime.
chmod -R 755 /var/www/sites/test_site/public_html/*
ls -l
-rwxr-xr-x 1 test_site test_site 152 Jun 18 08:27 about.html
drwxr-xr-x 2 test_site test_site 4096 Jun 18 08:27 css
-rwxr-xr-x 1 test_site test_site 152 Jun 18 08:27 index.html
I'm new to linux so please be gentle :)
I can confirm that test_site users is in the www-data group
id test_site
uid=1004(test_site) gid=1005(test_site) groups=1005(test_site),33(www-data)
I think what you are looking for is umask
umask 0022
umask -p
umask -S
You will need to modify your default /etc/profile in order to make this permanent. umask 0022will on creation give directories chmod 755 and files chmod 644 which is the recommended permissions for the www folder in apache.
Example
umask 0022
mkdir www
touch www/{index.html,style.css}
drwxr-xr-x. 2 user user 4096 Jun 18 10:53 .
drwxr-xr-x. 3 user user 4096 Jun 18 10:52 ..
-rw-r--r--. 1 user user 0 Jun 18 10:53 index.html
-rw-r--r--. 1 user user 0 Jun 18 10:53 style.css
FTP also supports setting umask before initiating a transfer. Setting it with ftp, sets if for that transfer only, so that you don't need to change it system-wide as you would with /etc/profile.