I am currently creating an application that requires separate users running duplicate programs. They cannot run under root because of security reasons, so they are initiated by a Java app that I am working on, and I am starting them with runuser -l. However, I cannot cd into a directory, even though it is owned by the user, and the user has 770 permissions in the folder.
Here's what I'm running:
runuser -l lp1 -c 'java \-jar /root/Desktop/workspace/LitePanel/servers/server1/server.jar \-Xms1024M nogui'
And the output of this is:
runuser: warning: cannot change directory to /root/Desktop/workspace/LitePanel/bin/servers/server1/: Permission denied
Here's an ls -all:
drwxr-xr-x. 3 root root 4096 Jan 30 14:03 .
drwxr-xr-x. 7 root root 4096 Jan 30 14:02 ..
drwxrwx---. 2 lp1 lp1 4096 Jan 31 03:07 server1
Inside the directory:
drwxrwx---. 2 lp1 lp1 4096 Jan 31 03:07 .
drwxr-xr-x. 3 root root 4096 Jan 30 14:03 ..
-rwxrwx---. 1 lp1 lp1 9170551 Jan 31 03:07 server.jar
And here's /etc/passwd:
lp1:x:501:501::/root/Desktop/workspace/LitePanel/bin/servers/server1/:/bin/false
Anyone know why this is happening? It looks like the user has the necessary permissions to do this.
You have said that the directory itself has permissions 770 and is owned by the user, but what about its parents? I believe the cd command will need at least read access (and possibly execute) on the parent directories.
Related
Please find below set of cmds & outputs
[ec2-user#ip-172-31-38-218 opt]$ ls -al
total 9416
drwxr-xr-x 3 root root 4096 Nov 7 13:52 .
dr-xr-xr-x 25 root root 4096 Nov 7 13:16 ..
-rw-r--r-- 1 root root 9625824 Sep 4 22:52 apache-tomcat-8.5.34.tar.gz
drwxr-xr-x 5 root root 4096 Aug 11 01:26 aws
[ec2-user#ip-172-31-38-218 opt]$ sudo groupadd tomcatgrp
[ec2-user#ip-172-31-38-218 opt]$ sudo useradd -s /bin/false -g tomcatgrp -d /opt/tomcatfolder tomcatuser
[ec2-user#ip-172-31-38-218 opt]$ ls -al
total 9420
drwxr-xr-x 4 root root 4096 Nov 7 13:53 .
dr-xr-xr-x 25 root root 4096 Nov 7 13:16 ..
-rw-r--r-- 1 root root 9625824 Sep 4 22:52 apache-tomcat-8.5.34.tar.gz
drwxr-xr-x 5 root root 4096 Aug 11 01:26 aws
drwx------ 2 tomcatuser tomcatgrp 4096 Nov 7 13:53 tomcatfolder
Now, when I run the cmd I am getting Permission denied as follows
[ec2-user#ip-172-31-38-218 opt]$ cd /opt/tomcatfolder/
-bash: cd: /opt/tomcatfolder/: Permission denied
Can you please help in resolving this above issue..?
I followed instructions of installing Tomcat from this link how-to-install-apache-tomcat-8-on-centos-7
It seems you are the ec2-user, but the directory is owned by tomcatuser and the permissions on the directory do now allow other users or groups to read it.
Try sudo chmod 755 /opt/tomcatfolder/ and then cd into it.
That will add read and execute permissions to the directory.
I am very new to linux and am using putty and pscp to move files to a live hosted directory. I would like to rename my recently uploaded dist folder to its actual project name using mv but get a permission denied error. What is the safest and most reasonable way to arrange these files so I can rename them?
lawton#lawtonb:/var/www/html$ ls -la
total 268
drwxr-xr-x 4 root root 4096 Aug 30 16:42 .
drwxr-xr-x 3 root root 4096 Aug 18 23:05 ..
-rw-rw-r-- 1 lawton lawton 253276 Aug 27 18:06 bundle.js
drwxr-xr-x 2 root root 4096 Aug 30 16:42 dist
-rw-r--r-- 1 root root 17 Aug 18 23:24 info.php
drwxr-xr-x 2 root root 4096 Aug 27 18:59 react-youtube
lawton#lawtonb:/var/www/html$ mv dist BTC_Sorter
mv: cannot move 'dist' to 'BTC_Sorter': Permission denied
If this is a one-time rename, your best course of action would be to run mv with sudo, like this:
sudo mv dist BTC_Sorter
If, however, you'd like to have permissions for your user or group, you should do some reading about chown (The link belongs to the Arch Linux wiki, but should be useful regardless of your distro).
In your particular case, the directory dist is owned both by the user and the group root, hence why you'd need to use sudo, chown or simply the root account.
You are not the owner of the file, you need execute the command with sudo
sudo mv src dest
I was able to connect to my school server via SSH. I had an assignment in which I was supposed to use the touch command to create a new file. Yet it keeps returning permission denied. Others were able to do the same thing. Though why do I keep getting this error?
Below is what was the input from the terminal.
Last login: Tue Aug 23 09:16:18 on ttys000
Dominiks-Air:~ fsociety95$ ssh djaneka1#navajo.dtcc.edu
djaneka1#navajo.dtcc.edu's password:
Last login: Tue Aug 23 09:16:35 2016 from pool-72-94-210-193.phlapa.fios.verizon.net
Navajo is Linux shell server provided to staff, faculty, and students. The
operating system is RedHat Enterprise Linux 5.
Alpine, a Pine replacement, has been provided as a mail client. Run "pine"
at the command prompt.
This server also provides web space to users. Web pages can be stored in
the ~/www directory. This is also accessible by mapping a drive in Windows
to \navajo\homepage. The URL for your homepage is
http://user.dtcc.edu/~username/.
Your home directory is also accessible in Windows by mapping to
\navajo\.
If something appears broken or missing, please email path#dtcc.edu.
Could not chdir to home directory /u/d/j/djaneka1: No such file or directory
-bash-3.2$ touch today
touch: cannot touch `today': Permission denied
-bash-3.2$ pwd
/
-bash-3.2$ touch today
touch: cannot touch `today': Permission denied
-bash-3.2$
Edit: here is the result of ls -al
-bash-3.2$ ls -al
total 204
drwxr-xr-x 25 root root 4096 Aug 22 16:50 .
drwxr-xr-x 25 root root 4096 Aug 22 16:50 ..
-rw-r--r-- 1 root root 0 Aug 3 14:01 .autofsck
-rw-r--r-- 1 root root 0 Jan 30 2009 .autorelabel
-rw------- 1 root root 2050 Aug 3 14:00 .bash_history
drwxr-xr-x 2 root root 4096 May 4 04:14 bin
drwxr-xr-x 4 root root 3072 Aug 3 13:57 boot
drwxr-xr-x 11 root root 4060 Aug 3 14:02 dev
drwxr-xr-x 87 root root 12288 Aug 23 10:05 etc
drwxr-xr-x 3 root root 4096 Oct 1 2009 home
drwxr-xr-x 13 root root 12288 Jun 1 04:09 lib
drwx------ 2 root root 16384 Mar 24 2008 lost+found
drwxr-xr-x 3 root root 4096 Oct 1 2009 media
drwxr-xr-x 2 root root 0 Aug 3 14:02 misc
drwxr-xr-x 4 root root 4096 May 26 2012 mnt
drwxr-xr-x 2 root root 0 Aug 3 14:02 net
drwxr-xr-x 9 root root 4096 Jan 5 2009 nsr
drwxrwxr-x 3 root root 4096 Oct 12 2015 opt
dr-xr-xr-x 219 root root 0 Aug 3 14:01 proc
drwxr-x--- 12 root root 4096 Apr 22 10:06 root
drwxr-xr-x 2 root root 12288 Aug 4 04:02 sbin
drwxr-xr-x 2 root root 4096 Oct 1 2009 selinux
drwxr-xr-x 2 root root 4096 Oct 1 2009 srv
drwxr-xr-x 11 root root 0 Aug 3 14:01 sys
drwxrwxrwt 38 root root 4096 Aug 23 10:07 tmp
drwxr-xr-x 34 root root 4096 Jun 21 08:29 u
drwxr-xr-x 14 root root 4096 Apr 16 2010 usr
drwxr-xr-x 24 root root 4096 Apr 16 2010 var
-rw------- 1 root root 2865 Dec 16 2008 .viminfo
-bash-3.2$
EDIT:
Here is what I see after trying touch today in /home
So to try and create a new document in the root directory you need to be recognised as root. That means using the sudo command.
However for that you would need a password that you may not have. If you do perfect. But in any case I would not recommend adding files to the root directory.
Instead try the following:
cd home
touch today
This should work just fine and answer your question.
Still if you need/want to create today in your root directory try the following
sudo touch today
You will then be prompted for the root password that you can type (if you have it obviously)
In any case I suggest reading this which may be very helpful for you.
I wonder if this was ever truly answered.
If I was looking at it, I would try to see what the system thinks is the home directory of djaneka1, since it may have been setup partway and not completed, leaving stuff owned by root that should have been owned by djaneka1.
If you use the pwd command, and get back the "/" (root) directory there is something wrong with your setup.
The message: Could not chdir to home directory /u/d/j/djaneka1: No such file or directory
tells you it can't find your home directory.
-bash-3.2$ pwd
/
the command "pwd" revealing "/" is just an artifact of the system not being able to find your home directory.
To find what the system thinks is one's home directory,
one can search the file named '/etc/passwd' for one's login name.
I expect this is a possible result if you do that:
$ fgrep 'djaneka1' /etc/passwd
djaneka1:x:1505:1506::/u/d/j/djaneka1:/bin/bash
since it complained that it couldn't find that directory.
This needs to be fixed by someone who has more rights to the system, like root.
there is nothing djaneka1 can do a
I'm struggling to understand how to apply directory and file permissions so that files and directories created by the ftp user, via an ftp client, are browsable. In other words 755 is applied by default.
I'm running Apache 2 on Ubuntu 14.04.2 LTS, Trusty Tahr, with vsftpd server.
My directory structure is as follows.
var/www/
var/www/sites/
var/www/sites/master_demo/public_html
var/www/sites/test_site/public_html
I've run the following
usermod -aG www-data test_user
chgrp -R www-data /var/www/sites/test_site/public_html/
chown -R test_site:www-data /var/www/sites/test_site/public_html/
chmod -R 755 /var/www/sites/test_site/public_html/
Permissions on the directories are as follows:
cd var/www/sites/
ls -l
dr-xrws--- 3 master_demo www-data 4096 Jun 17 14:00 master_demo
drwxr-xr-x 3 test_site www-data 4096 Jun 16 13:32 test_site
cd var/www/sites/test_site/
ls -l
drwxr-xr-x 3 test_site www-data 4096 Jun 17 17:43 public_html
When a file is added using ftp by the test_site user these are the permissions
-rw------- 1 test_site test_site 152 Jun 18 08:27 about.html
drwx------ 2 test_site test_site 4096 Jun 18 08:27 css
-rw------- 1 test_site test_site 152 Jun 18 08:27 index.html
How do I get the file to automatically be given the correct permissions so the files are browsable (755)? I know the obvious answer might be to run a batch file, but is that necessary? I don't want to have to run the command everytime.
chmod -R 755 /var/www/sites/test_site/public_html/*
ls -l
-rwxr-xr-x 1 test_site test_site 152 Jun 18 08:27 about.html
drwxr-xr-x 2 test_site test_site 4096 Jun 18 08:27 css
-rwxr-xr-x 1 test_site test_site 152 Jun 18 08:27 index.html
I'm new to linux so please be gentle :)
I can confirm that test_site users is in the www-data group
id test_site
uid=1004(test_site) gid=1005(test_site) groups=1005(test_site),33(www-data)
I think what you are looking for is umask
umask 0022
umask -p
umask -S
You will need to modify your default /etc/profile in order to make this permanent. umask 0022will on creation give directories chmod 755 and files chmod 644 which is the recommended permissions for the www folder in apache.
Example
umask 0022
mkdir www
touch www/{index.html,style.css}
drwxr-xr-x. 2 user user 4096 Jun 18 10:53 .
drwxr-xr-x. 3 user user 4096 Jun 18 10:52 ..
-rw-r--r--. 1 user user 0 Jun 18 10:53 index.html
-rw-r--r--. 1 user user 0 Jun 18 10:53 style.css
FTP also supports setting umask before initiating a transfer. Setting it with ftp, sets if for that transfer only, so that you don't need to change it system-wide as you would with /etc/profile.
Does SCP have a problem setting file permissions or have I misconfiguration my server?
Use case:
There is a file on a server that I want to edit called "importantFile.txt". The file has owner and group of "master":
ls -l importantFile.txt:
-rw-rw-r-- 1 master master 7 Mar 18 08:11 importantFile.txt
I am called "slave" but luckily, I am in group "master" so I can edit the file as I see fit. However, I'm a lazy slave and can't be bothered to edit the file on the server, I'd prefer to edit the file on my local machine and SCP it to the server:
echo "bored slave info" > importantFile.txt
scp importantFile.txt slave#theServerAddress:/pathToFile/importantFile.txt
If I do this, the contents of the file on the server are uploaded fine and the timestamp of the file is updated but the permissions of the file don't change, the file is still owned by "master". This is a problem because if "slave" uploaded bad content, no one would know it was "slave" who caused the problem, "master" would look guilty.
Perhaps I have to set a umask? if so where? I tried .bash_profile without success and haven't found anything on Google about umask in /etc/ssh/sshd_config.
That's nothing special about scp - try logging on to the server as slave, and editing the file using your favourite text editor... You'll find the same behaviour occurs... Writing to a file does not make you the owner of the file.
Example:
as root
#cd /tmp
#mkdir fubar
#chgrp vboxusers fubar
#cd fubar/
#touch testfile
#chgrp vboxusers testfile
#chmod g+w . testfile
#ls -al
total 16
drwxrwxr-x 2 root vboxusers 4096 2009-03-19 10:30 .
drwxrwxrwt 15 root root 12288 2009-03-19 10:29 ..
-rw-rw-r-- 1 root vboxusers 0 2009-03-19 10:30 testfile
#echo foo > testfile
#ls -al
total 20
drwxrwxr-x 2 root vboxusers 4096 2009-03-19 10:30 .
drwxrwxrwt 15 root root 12288 2009-03-19 10:29 ..
-rw-rw-r-- 1 root vboxusers 4 2009-03-19 10:30 testfile
as user (in vboxusers group)
>cd /tmp/fubar
>ls -al
total 20
drwxrwxr-x 2 root vboxusers 4096 2009-03-19 10:30 .
drwxrwxrwt 15 root root 12288 2009-03-19 10:29 ..
-rw-rw-r-- 1 root vboxusers 4 2009-03-19 10:30 testfile
>echo bar >> testfile
>ls -al
total 20
drwxrwxr-x 2 root vboxusers 4096 2009-03-19 10:30 .
drwxrwxrwt 15 root root 12288 2009-03-19 10:29 ..
-rw-rw-r-- 1 root vboxusers 8 2009-03-19 10:31 testfile
>vim testfile
>ls -al
total 20
drwxrwxr-x 2 root vboxusers 4096 2009-03-19 10:31 .
drwxrwxrwt 15 root root 12288 2009-03-19 10:31 ..
-rw-rw-r-- 1 root vboxusers 12 2009-03-19 10:31 testfile
>cat testfile
foo
bar
baz
You have to delete the file to overwrite it. Wether you are able to do that depends on the directory's permissions and ownership. Hijacking ownership of an already existing file is not possible. The write permission you have is only applied on the contents of the file.
It seems you can configure how Emacs deals with this through the backup-by-copying-when-mismatch variable (see the Emacs Manual or type C-h-v backup-by-copying-when-mismatch in Emacs).
I actually filed a bug report about this, because I thought it was a bug in Tramp.
I had misunderstood the way files work, modifying file contents do not change ownership or group.
Why the confusion? EMACS - Whenever I was editing a file I was using Emacs and Emacs does change the owner and group to the current user. It does this because it makes a backup file at save time by moving the "filename" to "filename~" and creating a new file called "filename" - because it's a new file, it has the current users file permissions. I guess this is 1up to VI fans?