This question already has answers here:
How do I change permissions for a folder and its subfolders/files? [closed]
(19 answers)
Closed 8 years ago.
In Ubuntu I want to change the file permissions of a whole folder and all its sub folders to read/write by anybody
I have tried sudo chmod 666 /var/www and sudo chmod 755 /var/www without success
update
I have since found that changing privileges can also be done in the GUI by opening nautilus as sudo.
So that you don't mess up other permissions already on the file, use the flag +, such as via
sudo chmod -R o+rw /var/www
If you just want to change file permissions, you want to be careful about using -R on chmod since it will change anything, files or folders. If you are doing a relative change (like adding write permission for everyone), you can do this:
sudo chmod -R a+w /var/www
But if you want to use the literal permissions of read/write, you may want to select files versus folders:
sudo find /var/www -type f -exec chmod 666 {} \;
(Which, by the way, for security reasons, I wouldn't recommend either of these.)
Or for folders:
sudo find /var/www -type d -exec chmod 755 {} \;
Add -R for recursive:
sudo chmod -R 666 /var/www
Related
The other day I thougt I should make my server a little more secure.
I figured I had way too many directories that are read-open to others and could potentially be a risk in case someone finds his way into the system.
I then removed read-, write- and execute-permissions for others on certain directories:
chmod -R o-rwx /home/*/
chmod -R o-rwx /etc/apache2
chmod -R o-rwx /var/www
chmod -R o-rwx /opt
chmod -R o-rwx /mnt
chmod -R o-rwx /media
Now, about two days later I wanted to access my subversion-server located at /home/svn and I got an error 500.
I guess I messed up the permissions on the subversion directory. But I don't understand why it would need 'others'-permissions. I thought it runs as root and can read/write/execute anything it needs.
EDIT: I looked into svn-error.log and saw this:
[Wed Nov 29 14:34:29 2017] [error] [client 2003:cd:dbc6:5c00:ec08:696:5b01:bf20] (13)Permission denied: Could not open password file: /etc/apache2/dav_svn.passwd, referer: http://<host>:<port>/svn/myrepo
What permissions are the correct ones to set and why?
I found the answer here: https://ubuntuforums.org/showthread.php?t=1288812
I was able to restore the correct permissions for folders and files in three commands:
find /etc/apache2/ -type f -exec sudo chmod 644 {} \;
find /etc/apache2/ -type d -exec sudo chmod 755 {} \;
sudo chown -R root:root /etc/apache2
I'm trying to figure out a way to set permissions recursively 700 for dirs and subdirs on a specific path and 600 for files. I would use these commands:
find /path -type d -print0 | xargs -0 chmod 700
find /path -type f -print0 | xargs -0 chmod 600
But the user does not have permission to run the "find" command.
As a workaround I tried to make a script that contains the above commands from the root user with setuid sticky bit set so it will run with root privileges (like passwd or sudo commands that normal users run with root privileges):
chmod 4755 script.sh
but i cannot execute the script from the limited user account, it still says that I don't have permission to run the find command.
Does anyone have any idea how i can accomplish this without having to use the find command?
Edit:
OS: Centos 6.5
Apparently this is very easy to implement. There are 2 ways: using chmod only, or setting ACL (access control list) on the desired path:
Using chmod i would run:
chmod -R 600 /path # to remove executable permissions
chmod -R u=rwX,g=,o= /path # to make directories transversable
for the user owner i'm giving capital "X", so it does apply only to directories and not files.
Using ACL:
setfacl -Rm u::rwX,g::0,o::0 /path
setfacl -Rm d:u::rwX,g::0,o::0 /path
again using capital X so it applies only to directories and not files. The first command applies the ACL, the second one makes it default policy so newly created files will inherit the desired permissions.
A junior team member did a nasty chmod -R 777 in /etc/ and cause SSH cannot login remotely in a Ubuntu server. Now I fixed this login issue by manually set the correct file permissions on /etc/ssh/*, /etc/sudoers, /etc/ssl/* by comparing other normal system. But there are so many other files which may cause future issues.
I am thinking to use rsync to do the work, but don't want it to sync file contents, just permissions, no more work.
Is that possible? I see rsync has -a option but it does too much.
If you have the "normal" content of /etc available on the same system (like mounted in some other directory, let's say /mnt/correct/etc), you could use the --reference parameter to chmod and chown commands, and combine it with find that is started from the "normal" directory:
$ cd /mnt/correct/etc
$ find . ! -type l -exec chown -v --reference='{}' /etc/'{}' \;
$ find . ! -type l -exec chmod -v --reference='{}' /etc/'{}' \;
(I'm assuming you're on a UNIX system with GNU coreutils versions of chmod and chown.)
The "! -type l" condition in find excludes symbolic links, because otherwise chmod will use the link's permissions to change the file the link points to (and same applies to chown).
Please note you can also try something that won't necessarily make you need to copy files from one place to another (depending on the filesize it may be desired)
You could use a mix of find and some grepping to generate a shell script to be executed on the host where you need to fix permissions.. you could use the same approach to generate a script for changing users/groups as well.. for example:
# find . -printf 'chmod %m %p #%M\n' | sort -k3 | grep -Pi '\s+\S*s\S*$' > /var/tmp/fix_permissions.bash
# bash /var/tmp/fix_permissions.bash
In the example above, what it does is to list all the files with their attributes in this format:
chmod 2755 ./addfs_7.1.0/bin #drwxr-sr-x
chmod 2755 ./addfs_7.1.0/config #drwxr-sr-x
chmod 2755 ./addfs_7.1.0 #drwxr-sr-x
chmod 2755 ./addfs_7.1.0/install #drwxr-sr-x
chmod 2755 ./addfs_7.1.0/library.dda #drwxr-sr-x
chmod 2755 ./addfs_7.1.0/library #drwxr-sr-x
chmod 2755 ./autosimimport #drwxr-sr-x
And in my case I only want to sync those with the 's' flag, so I filter with grep -Pi '\s+\S*s\S*$'. Sort was there as well because I had to compare the files in the other host.
TLDR
If you just want to apply all the permissions with no filtering or comparing:
Create a script with the correct permissions on the "base" host
find . -printf 'chmod %m %p\n' > /var/tmp/fix_permissions.sh
Execute the script in the other host
bash /var/tmp/fix_permissions.sh
I found many related questions and tried to solve the issue but I was not successful. Actually I created an user named "amit" and assigned the group "www-data". I gave permission to the folder using this method
sudo chown -R :www-data /var/www
sudo chmod g+w /var/www
sudo adduser amit www-data
Change folder and file permission recursively:
To change all the directories to 755 (-rwxr-xr-x):
find /var/www -type d -exec chmod 755 {} \;
To change all the files to 644 (-rw-r--r--):
find /var/www -type f -exec chmod 644 {} \;
But in joomla system info when i check i get all directories as non writable.
So I changes this command to
sudo chown -R www-data:www-data /var/www
Surprisingly this worked.
I need to know why the created user didn't work but this one worked, where did I miss something?
Applying chmod 755 (rwxr-xr-x) for directories and chmod 644 (rw-r--r--) for files just makes the writable for the owner, but not for the group. If you want to grant the group write permissions then you need 775 and 664.
I have a LAMP server where I've run the following commands to set permissions of files in /var/www:
groupadd web
usermod -a -G web my_user
chown -R root:web /var/www
chmod -R 775 /var/www
chmod -R g+s /var/www
My goal is to have all files writable by any member of the "web" group. Is there a secure way to allow file uploads (e.g. within Wordpress) without changing the file ownership? Note: this is a private server.
One way of applying permissions to just directories is to use the find command. For example:
# Set the owner and group on everything.
chown -R root:web /var/www
# Make *directories* read/write/execute and set the `sgid` bit.
find /var/www -type d -print | xargs chmod g+rwxs
You don't want to run chmod -R 775 /var/www because this will make all your files executable, which is probably not what you want.