I am creating a WordPress framework that has an auto update facility. When the system updates the framework, it downloads a .zip file (works ok, stored in a temp folder), and afterwards tries to extract that zip file to a place within the theme. When unzipping, it throws an error complaining about not being able to create a directory ("mkdir_failed").
The parent of target folder has permission "775" for user "bitnami" and group "bitnami";
root#linux:/home/bitnami# ls -al /opt/bitnami/apps/wordpress/htdocs/wp-content/themes/nexus
...
drwxrwxr-x 6 bitnami bitnami 4096 Oct 23 14:02 nexusframework
...
And I tried to put the "daemon" user in the "bitnami" group;
usermod -a -G bitnami daemon
Which indeed is assigned correctly I would say, as i see:
root#linux:/home/bitnami# id daemon
uid=1(daemon) gid=1(daemon) groups=1(daemon),1000(bitnami)
So; if the "daemon" user is in the "bitnami" group and the folder has 775 access rights, then why does it fail with "mkdir_failed"?
(note; assigning "777" to the parent folder solves the problem, but this is not an option because of security).
Thanks!
- Gert-Jan
update;
After doing more investigation on Linux in general, I read that Linux automatically creates a 'private' group for each user (so bitnami group for the bitnami user, etc.). I don't know if the problem is caused by the fact that I was trying (and apparently succeeded?) to add other users to the same group or not.
update;
See my answer below on how I resolved my issue.
Ok, thanks for all the comments. I eventually decided not to continu my investigation but to head for another direction, as having to rely on the container's folder to have "775" permission would be unwise for the framework (many clients would have 755 instead, so getting this to work for a group is nice but would eventually not solve my problem).
Instead I further investigated how WordPress themselves download and unzip themes and decided to follow that route.
The key problem i was trying to tackle, was to not have the unzipped files be owned by the 'daemon' user, but by the 'bitnami' user. The reason why it "impersonated" to the daemon user, was because i manually told the code to use the "direct" fs_method (as it appears, WP offers various ways to interact with the filesystem, where the easiest one is 'direct', see here). However, using the 'direct' FS_METHOD is the core reason why I have this problem, as that one will use the credentials of the webserver (the 'daemon' user in my case). So by using a different FS_METHOD, I know am able to unzip the files in the folder, using the correct 'bitnami' user (since the container is owner and has permissions (775, or 755 wouldn't matter) now my problem is solved. Note that instead of writing directly to the filesystem, now PHP will use FTP (see here).
Does it work if you change the group of the folder to daemon?
chgrp -R daemon /opt/bitnami/apps/wordpress/htdocs/wp-content/themes/nexus
Related
I would like to install and run windows applicaion from ubuntu share directory. But I don't want Windows 7 (or Windows XP) client to see or can copy file within that directory. For example, I have application name CustomerHist.exe that need to read database inside subdirectory name DATA, my purpose is other user can run this application, but cannot see or view files inside DATA subdirectory.
PS.Thanks for every reply, and sorry for my bad english.
Permission structure in Linux is different than the one on windows machines. In Linux you only have r,w,x permission while you have some extra ones on windows. Also in Linux you can give these three types of permission for three types of users; owner,group and others. So for a file, if you want it to have full permissions for owner, only execute permission for group and others , assign 711 to it. For to change permissions you will use chmod command. To share this folder to win users you will need to use samba.
I run servers on my Linux Server (Ubuntu) and there's a bit of a problem. It may seem simple to fix, however I don't think it is. The servers run in my username (server), however, others access certain files with different users via FTP. Because the server is running in my username, whenever a plugin creates new files, they do not have permission to edit etc.
I have tried putting the users into groups and then allowing group access to that folder (even for new files), but had no luck. Every time they need to edit the files, I need to chmod -R 777 it.
I thought about running the servers in their usernames, however that would produce complications. Is it actually possible to make new files retain the permissions of the parent (or a top folder)? All the solutions I've found doesn't seem to work.
Not for users but for groups. You can:
chmod g+s parent_dir
chgrp shared_group parent_dir
If you create files inside it, that files will have the group of the folder (shared_group).
My system is:
Ubuntu 10.04 / Apache2
The question is related to the sofware vftpd - an ftp server for linux (https://security.appspot.com/vsftpd.html)
I have installed vftpd and it works fine. I am having an issue though trying to understand why users are able to delete files which are owned by root. I have set up the ftp server with the option "local_enable=YES" and also "chroot_local_user=YES" so that the users cannot navigate outside their home directory.
The strange thing is that if a file is owned by root, the ftp users are able to delete it. Is a user able to delete any file in the home directory regardless of who owns it?
I want to prevent users from being able to delete files, or allow other users to only have read access to the home directories of other users.
If anyone knows the vftpd software and can help i´d be most grateful,
yours,
Rob
Have you checked which is the chmod of the files? If all files belongs to the same group, and the group have read and write privileges, any user can modify the files through ftp.
I have a java servlet. When it saves files, it saves them as tomcat:tomcat (in a linux environment). I actually need it to save it as sportsfan:tomcat as sportsfan is the FTP user and also needs access to create, modify or overwrite these files.
I thought about running tomcat as sportsfan:tomcat, but I'm running multiple applications under the one tomcat instance.
Perhaps the best way to do this would be to have the FTP user log in as part of the tomcat group. Would that be a correct way?
Please advise.
Adding your sportsfan user ftp to the tomcat group could be a good solution but before that check which are the modifiable files in you system with this permission and consider the security risks.
Another solution: Create a sportsfan group and add your sportsfan user to it. Then change the group of your upload directory and set it as setgid:
chgrp sportsfan upload
chmod g+s upload
After that the new files in the upload will be created with tomcat:sportsfan owner:group. It's not exactly what you asked for but changing the user id (setuid directories) is not supported on Linux. Wikipedia has a pretty good article about setuid and setgid directories. Futhermore, you have to set the umask value of the tomcat user to 000x (e.g. 0002) or a similar value which gives full access to the group.
3rd solution: set up a cron job which changes the permission in every n minutes.
I want to share a folder among all users of a group : dev. So that all files are regardless of the owner can be edited by anyone in the group.
I have created the shared folder and set the respective permissions to the folder.
When a user creates a new file in that folder it belongs to owner:dev
But the permission for the files are rw-r--r--
So other users who belong the same group are not able to edit the files.
Like default group become "dev" how can I set the default permission for the files created in that directory.
I don't want to use "umask" technique because the user will upload files into that directory throuh ftp and other tools.
This really belongs on serverfault and I already mentioned there's almost an exact duplicate there, but anyway there's a nice little solution you can use, which is the FUSE bindfs module (there's a package in ubuntu). You use it to mount one directory onto another mountpoint and can set things such as the default permissions of any files created here, their owner, group and the permissions of files already in the directory (which is what you seem to want).
I don't want to use "umask" technique because the user will upload files into that directory throuh ftp and other tools.
That's the only way to do it, unless those "other tools" are themselves able to adjust permissions.
If you have root access, you can set the default umask for everyone to 002 from /etc/bashrc (assuming bash the default shell for the users in question).
A hack (and this is less preferable to umask) is to setup a cron job that will run every minute and do a chmod -R g+w <dir>.