I'm running into a permissions problem with Cherokee+uWSGI on Ubuntu Server 13.10 intended for a Django production environment. When I start uWSGI manually as root user prior to launching cherokee, everything goes smooth:
sudo uwsgi --ini /home/instytut21/instytut21l/instytut21/uwsgi.ini
But when I try to access the site through the server (running as www-data) without that, I keep getting a 503 Service Unavailable response and the following message in the logs:
sudo cat /var/log/cherokee/instytut21.error.log
realpath() of /home/instytut21/instytut21.pl/instytut21/uwsgi.ini failed:
[core/utils.c line 3574]
I've spent a good while trying to figure out what causes the problem. I've tried giving ownership to $USER:www-data and www-data:www-data with all kinds of file permissions ranging from 600 to 777.
I don't want to run the server as root for security reasons. How can I make the ini file accessible to cherokee?
I finally found a solution to a similar problem at www-data permissions? . I slightly modified it and solved my problem by executing the following commands.
Own the whole directory by me and group www-data:
sudo chown -R $USER:www-data /home/instytut21/instytut21.pl/
Grant all permissions to the group:
sudo chmod -R g+rwx /home/instytut21/instytut21.pl/
Ensure all uploaded filed get the same permissions:
sudo chmod -R g+s /home/instytut21/instytut21.pl/
Related
I have for some time been manually switching my www/html directory user ownership on my EC2 Instance between apache and EC2-user for some time to allow me switch between installing and updating wordpress plugins or using Coda 2 to upload and update files via FTP.
I have finally reached a point of frustration and am wondering what is the best way to set up my ownership settings on the server to cater for both users having access without having to constantly change the settings.
Here are the commands I use to switch between users:
sudo chown -R apache:apache /var/www/html
sudo chown -R ec2-user /var/www/html
Can someone please advise the safest configurations to avoid constantly switching for the foreseeable future?
add your user to the same user group of apache.
sudo usermod -a -G apache ec2-user
then exit your account then change ownership that include ec2-user in the path
sudo chown -R ec2-user:apache /var/www
I have set up an Ubuntu server on Digital Ocean. Following are the config details:
Ubuntu version : Ubuntu 16.04.2 LTS
Apache version : Apache/2.4.18 (Ubuntu)
I am trying to run a php script through browser which will need to create a file in the directory . I keep getting the following permission denied message in the /var/log/apache2/error.log file fopen(<folder_to_write>): failed to open stream: Permission denied in test_write.php
I discovered that the user www-data (apache2 user) is having a permission issue. I changed the owner of the folder as follows :
chown -R www-data:www-data folder_to_write
and then
chmod 2775 folder_to_write
This did not work.
Finally, I tried the last option. I changed the directory permission to sudo chmod -R 777 folder_to_write hoping to get some lead. However, despite giving this full access permission, I got the permission denied message.
Has anyone experienced any such issue earlier? Not sure what I am doing wrong. I tried the same steps with another user and that seems to be working fine.
I appreciate your help. Thank you so much.
fopen(): failed to open stream:
It seems not able to find directory folder_to_write , Please check your absolute directory path if that's configured right for writing to a file.
I've downloaded 2.0.4... I can't get pass the "can't create cache directory" cause of permissions problem...
I've tried chmod 777 -R symfony
-- to all folders, still can't create cache dir
I've tried setfacl but it says unrecognized -m option....
My system does not support chmod +a
I've done chown -R myuser:apache symfony
-- still nothing
I've tried umask(0000) and umask(0002) in console.php/app_dev.php/app.php
-- still nothing
When I refresh the page to http://localhost/symfony/web/app_dev.php, I get a SElinux alert... is this causing something? I'm not sure... all symfony content is word writable.
I'm not sure if it's me... but it's driving me nuts, maybe I just should stop using symfony2.
I'm using Fedora 13.
It seems that you will need to switch SELinux to Permissive state. You can do so executing as root user:
setenforce 0
PHP's umask may have no effect when default apache umask is different.
Originally I used to use setfact, but this adds overhead for deployment.
What worked for me on ubuntu servers is:
Set default apache umask.
Edit /etc/apache2/envvars and add this line in the end of file:
umask 0002
Reload apache service
Add your deploy user to www-data group, add www-data to your deploy user group.
adduser www-data `whoami`
adduser `whoami` www-data
Logout or restart server for this to take effect.
Remove app/cache, app/logs dirs
Try to load page in browser, notice how app/cache dir is created by www-data user and has write group permission. Try to clear cache in console and verify that no errors occurred.
Remove app/cache, app/logs dirs
Run cache:clear, notice how app/cache dir is created by user deploy user and has write group permission. Try to load page in browser, and verify that no errors occurred.
Now you can forget about cache and logs permissions on this particular server for all subsequent projects.
Thank-you for reading this. I am stuck at step three on this tutorial pertaining to installing Cassandra: http://wiki.apache.org/cassandra/GettingStarted#Step_3:_Start_Cassandra
I can only run this software as root. (shouting this over fictional helicopter noise) This seem like a terrible way to run the software.
When starting the Cassandra server as my normal user I receive the following errors:
1.) 15:46:00,147 |-ERROR in ch.qos.logback.core.rolling.RollingFileAppender[FILE] - openFile(/var/log/cassandra/system.log,true) call failed. java.io.FileNotFoundException: /var/log/cassandra/system.log (Permission denied)
2.) ERROR 20:46:00 Doesn't have write permissions for /var/lib/cassandra/data directory
I tried changing the permissions several times and nothing has worked. I tried changing the /var/log/cassandra/system.log permissions for read/write for the cassandra group on the operating-system (OS). The command I used to do this was, sudo chmod 664 /var/log/cassandra/system.log. I found this page helpful in determining how to change the permissions:http://www.linux.org/threads/file-permissions-chmod.4094/
Then, I added my user-name to the cassandra group. From my understanding running the /usr/sbin/cassandra -f command as my user should allow me to access the /var/log/cassandra/system.log file, which would solve one of the errors, error number 1 above.
Respectfully,
user
Give the user you want permissions to the data and commitlog dirs.
sudo chown -R cassandra:cassandra /var/lib/cassandra/data
sudo chown -R cassandra:cassandra /var/lib/cassandra/commitlog
I found a solution! I ran sudo -u cassandra /usr/sbin/cassandra -f and then ran into problems with the commitlog directory Phact mentions in his answer. I then ran Phact's recursive chown command, sudo chown -R cassandra:cassandra /var/lib/cassandra/commitlog and the Cassandra server started up correctly just as it would if I was running the program as the root user. :D :D :D
I've upgraded from JBoss EAP 6.2.0GA to 6.3.0GA, and run into this problem after installing ActiveMQ as an embedded module. The same configuration is working on my Windows computer, so I believe it is some sort of CentOS permissions issue.
INFO [org.apache.activemq.store.SharedFileLocker] (Starting ActiveMQ Broker) Database activemq-data/kahadb/lock is locked... waiting 10 seconds for the database to be unlocked. Reason: java.io.IOException: Failed to create directory 'activemq-data/kahadb'
Note that it has no problem writing logs or anything. It's just this damn activemq related permission.
The issue only occurs if I run it as a service.
i.e.
service jboss-as start
If I run bin/standalone.sh & it works fine.
I've given the jboss.jboss user ownership over everything related to JBoss now, and chmod is 755 for everything. (There's a lot of confusing info about jboss:jboss or jboss.jboss to refer to the user in the jboss group. But neither works.)
chown -fR jboss.jboss /usr/share/jboss-eap-6.3/
chown jboss.jboss /usr/share/jboss-as
chown jboss.jboss /etc/init.d/jboss-as
chown jboss.jboss /etc/jboss-as/jboss-as.conf
I've done
ln -s -T /usr/share/jboss-eap-6.3 /usr/share/jboss-as
ln -s -T /usr/share/jboss-eap-6.3/bin/init.d/jboss-as-standalone.sh /etc/init.d/jboss-as
ln -s -T /usr/share/jboss-eap-6.3/bin/init.d/jboss-as.conf /etc/jboss-as/jboss-as.conf
My mgmt-groups.properties has:
jboss=jboss, admin, SuperUser
not that I know particularly how this helps.
My mgmt-users.properties has:
jboss=6ca43af9943e59f1563a1ff04472a8f9
suggesting that add-user.sh did something.
I haven't edited standalone.xml with regards to security or permissions.
grep 'jboss' /etc/group
shows:
jboss:x:502:
Anyone ?
Ok, worked it out from turning on the DEBUG logs and stepping through.
The difference is that when you do service X start, it is running it from /etc/rc.d/init.d/ directory, instead of when you do it directly, where it's running it from the /bin/ directory.
[org.apache.activemq.broker.BrokerService] (Starting ActiveMQ Broker) Using Persistence Adapter: KahaDBPersistenceAdapter[/etc/rc.d/init.d/activemq-data/kahadb]
ESC[0mESC[0m13:31:46,998 INFO [org.apache.activemq.store.SharedFileLocker] (Starting ActiveMQ Broker) Database activemq-data/kahadb/lock is locked... waiting 10 seconds for the database to be unlocked. Reason: java.io.IOException: Failed to create directory 'activemq-data/kahadb'
So this worked:
chown -R jboss.jboss /etc/rc.d/init.d/
chmod -R 755 /etc/rc.d/init.d/