I'm trying to give read permissions to lighttpd access logfiles to normal users which are on the same system.
The permissions are currently:
-rw-r--r-- 1 www-data www-data 211K Feb 28 11:27 /var/log/lighttpd/access.log
So, if I understood correctly others have read permissions. Unfortunately this doesn't seem to work. If I try to read this file with an user account I get:
/var/log/lighttpd/access.log: Permission denied
I already tried to add the user to the group www-data which didn't work as well.
Any hints what I'm doing wrong here?
To access a file, the system needs the execute permission on all the directories containing the file.
In this case it was necessary to issue the chmod o+x /var/log/lighthttps command (after making sure that the user belongs to the "other" part of the permission set).
The "execute" permission for a directory allows you to enter it. The "read" permission for the directory allows you to see the names of the files inside. The interesting thing is that you can give the x permission alone, what means that anyone can access the files inside, but he needs to know its names.
You might not have execute permission for the lighthttpd so the directory does not give the permission to access its containing file.
Use the command to set the execute permission to that directory.
chmod +x /var/log/lighthttpd
Related
The default ownership for public_html was myusername:nobody
drwxr-xr--. 18 myusername nobody 4096 Jun 1 16:06 public_html/
I changed this to myusername:myusername since I need to access a file inside public_html using the following command
# chown myusername:myusername public_html
It worked and ownership changed.
Now I'm not able to change the ownership back to myusername:nobody. I'm using this command
chown livegiftcard:nobody public_html
and it gives me the error
chown: changing ownership of âpublic_htmlâ: Operation not permitted
I have also tested this with sudo and also chgrp but no luck.
Also I could not run my website. Browser gives me the following error.
Forbidden
You don't have permission to access / on this server. Server unable to
read htaccess file, denying access to be safe
Additionally, a 403 Forbidden error was encountered while trying to
use an ErrorDocument to handle the request
Problem:
The apache/nginx has a user, who needs to read the files in the Docroot. Default user and group is: www-data:www-data. I'm not user if this is correct in your case.
Now the files are owned by myusername:myusername and the apache/nginx user is probably not in the the group "myusername". So if you have some knowledge about the permission system of linux, the webserver user have only the rights everybody have (third column). When the group was set to nobody, the files weren't owned by any group and every user can act under the group permissions. In your case I guess the group can read all files and all other can't.
What you can do:
Give all others the right to read the files with
chmod -R o+r public_html
Now everybody, including the webserver user can read the files and you will not get the 403 error. -R is for recursive, so every file and directory under public_html will get the readable flag too.
Another thing is to add the webserver user to the group "myusername" so the webserveruser can use the group permissions too.
The third and last possibility which came to my mind is to change the group to "nogroup" instead of "nobody" because nobody is the user and nogroup the group.
I have a directory at
/home/ec2-user/vertica1
and I'm trying to get user dbadmin all privilages in that folder.
I've done chown to dbadmin and chmod 777 on that folder but dbadmin still gets a permission denied error.
If I put sudo in front of the command(I put dbadmi in sudoers), then it works. Why can't I get it to work without sudo?
Can dbadmin traverse /home/ec2-user? Try doing chmod a+x /home/ec2-user
There could be more reasons for being denied, like a specific acl or a LSM but this is the most likely cause.
UNIX permissions on directories
The UNIX permissions rwx¹ work on directories as follows:
r: You can view the contents of the directory (the names of the files or folders inside)
w: You can create new files, delete or rename existing files.
x: You can traverse the folder.
The traverse permission means that you can access the folder children (assuming you know its name -which you can obtain if you also have read permission-).
In this case dbadmin could read and traverse / as well as /home, but /home/ec2-user probably had a mode like drwx------ 2 ec2-user in order to protect its contents. Thus, even if you had an important file readable by anyone deep inside your home folder, other users can't get into it, since they wouldn't be able to go pass /home/ec2-user (which is exactly what you wanted to do, in this case).
¹ Note that I am skipping over the more exotic ones.
what is the result of ls -la for this dir and also parent dir? Maybe the directory doesn't have read permissions for your user.
sudo chmod ug+r vertica1
Also ec2-user directory should be writable by the user dbadmin.
I have a directory:
drw-rwxrw-+ 1 username Domain Users 0 Feb 11 09:32 webapp
But when I try to enter this one I get
-bash: cd: /cygdrive/c/dp-project/.../web-app Permission denied
What's wrong? I setted all permissions to all users.
No you didn't "setted all permissions to all users". Execution permission is only set for group. try to chmod a+x webapp.
One othe thing first line webapp second line web-app that is not the same.
The plus (+) sign a the end of the permissions indicates that the file or directory has access control lists set. use:
getfacl /path/to/dir
to read all those acls. Most probably your user or groups access is prevented.
After extracting and saving the ant files into an opt/ directory and setting the path variable
to $ANT_HOME/bin
I ran the following command on a CentOS 5
ant -version
and I am getting the following error
-bash:/path/opt/apache-ant-1.8.2/bin/ant: Permission denied
Is there some permission I am supposed to set or some typical source of this problem?
Thanks!
If you own the file, try
chmod u+x /path/opt/apache-ant-1.8.2/bin/ant
If someone else owns it, either sudo or become root then
chmod 755 /path/opt/apache-ant-1.8.2/bin/ant
You need to have execute permissions on the file; the first gives execute permissions to the owner only and is probably preferable if you own the file and are the only one that uses it. The second requires root privileges and gives execute and read permission to everyone, plus write permission to the owner.
You can view the current permissions and ownership of the file by running ls -l /path/opt/apache-ant-1.8.2/bin/ant.
I've run visudo and added my username to the list to be able to do whatever I need to rather than logging in as root user.
I have my svn push out file's through ftp as user www-data, and therefore when I try to cd into those directories, I get permission denied.
Any thoughts? Can I add my username to some config file somewhere to have access to all files?
When you use sudo, you are running as the root user, but only for that particular command. I think the easiest thing to do would be to ensure that you and www-data are in the same group, and set the group permissions accordingly. (e.g., chmod 775 yourdir)