Recently a web space ran out of space. Now I found out that the tmp folder outside the home directory was full of these files: timthumb_tmpimg_00BZyC. Some of these files can't be opened. Why is timthumb storing files outside the home directory? The tmp folder is on the same level like dev, etc, proc, root, sys and so on.
Has the site a security problem? Are some settings incorrect?
Timthumb is used in version 2.8.5 by the Wordpress plugin vSlider. The site also uses Simple Post Thumbnails which uses Timthumb in v. 2.7. I replaced both with Timthumb 2.8.10.
Or does it have to do with temporary files created by timthumb, which were never deleted?
/tmp is intended to be world-writeable -- though if you try the following:
ls -l / | grep tmp
you'll see that it has the sticky (t) bit on, meaning that files created by a user can only be deleted by the same user or a superuser, to prevent different users from clobbering each other's temporary files. This is similar to the %SYSTEMDIR%\TEMP directory in Windows.
So it's not a security problem on the Linux side, though it could be a misconfiguration or a bug on the part of the WordPress plugin you're using. Is there an option limiting how many thumbnails it keeps?
Related
I recently updated a chroot on an old Chromebook from Ubuntu bionic to focal. The chroot has encryption enabled.
I usually work with Git repositories and other files within the Chrome's Downloads folder and haven't had any issues with this previously.
Since the update though, I found I was unable to run things like git clone -- I get an error saying cannot create worktree dir: no such file found. I looked around and found people had similar problems but there's been no clear solution.
Then I decided to look inside one of the existing folders within Downloads and noticed a problem there...
I can open a repo within my Downloads folder on ChromeOS and see all files as I used to.
I can enter-chroot and run ls on the same folder and see all files as I used to there too.
But when I launch the chroot/crouton (I used xfce4), and try to ls the folder from within the terminal, or even look at the folder contents from a UI window, the contents of the repo look encrypted -- as in all the filenames have changed to strings of equal-length and apparently random characters.
It's almost as if encryption is working in reverse -- so my files are unencrypted outside the crouton, but as soon as I go into the xfce UI, they're encrypted and there's no decryption happening. But that's speculation on my part...
Any ideas as to what is going on here? And how I can continue to work within crouton?
It seems this is to do with the fact that Chrome OS encrypts files and that something had happened since I updated Crouton (rather than my updating Ubuntu from Bionic to Focal).
I realised this was a bigger issue when even command line tools like tar and git (which I'd installed) weren't working.
When I tried to unpack a download of Firefox with tar xjf I got an error saying "Required key not available". Some searching around that led me to issue #3261 on the Crouton Github repo.
The solution for me was:
Ensure /etc/pam.d/su-l was writable. (I did ls -l /etc/pam.d/su-l to check but ultimately used sudo...)
Edit the file /etc/pam.d/su-l. (I used sudo vi /etc/pam.d/su-l to ensure the file wasn't read-only in that instant, and because I had no other text editor options but vi available.)
Comment out the line session optional pam_keyinit.so force revoke. (So it should read # session optional pam_keyinit.so force revoke.
Save the file.
Restart the chroot.
When I try to save a file to disc within a project directory, I get this error:
java.io.IOException: W:\\[projectname]\\.idea not found
Some research tells me, the (network) location is not writable.
I'm trying to write this file from phpstorm in windows 8.
The drive (W:) is a network drive to a linux machine.
The directory I try to write to is chowned to the same user and group as I connect with in windows.
This is a result of ls -alh:
drwxrwxrwx 2 correct-user correct-user
On Linux and other Unix-like operating systems files starting with a . are considered 'hidden files' by default. As such, when the Windows-based program creates it, it suddenly doesn't see it anymore right after since it's hidden, even though the creation was successful. You can fix this in your Samba config by adding the following line to the share configuration:
hide dot files = no
In my samba settings I added a veto files parameter. Removing this parameter allows me to write dot files again.
Samba describes this setting as follows:
This is a list of files and directories that are neither visible nor accessible
I'm running into an issue where I do not have write access to the /var directory on a UNIX environment, and InstallAnywhere doesn't provide me the option of writing the .com.zerog.registry.xml to any other location for a product installation. Is there a parameter out there that allows for this file to be written to a different directory?
According to the IA docs:
If logged in as root, the global registry is located in \var.
If logged in as a user, it is located in the user’s home directory.
So, if you're running as root and can't write to /var, it sounds like a permissions problem with the /var directory, independent of IA. Check the permissions on /var.
If you're running as a non-root user, then the registry shouldn't be going to /var, but to $HOME/.com.zerog.registry.xml (FWIW, I just checked one of our test Linux boxes and found .com.zerog.registry.xml under both /var and under test-user $HOME directories. The docs appear to be correct).
I've also seen some very strange behavior if IA is low on space in $TMP. Make sure you have plenty of space there.
Also, have you considered running the installer with sudo, or the graphical equivalents kdesudo (KDE) and gksu (Gnome)? Those might get you where you want to go.
I have a Python application that is currently installed following Linux Filesystem Standard Hierarchy (FHS). It is installed in:
/usr/bin/ (executable)
/usr/lib/python2.x/site-packages/{appname}/ (Python libs)
/etc/{appname}/ (conf files)
/usr/share/man/ (manual files)
Now, it is desired that a non-root user installing this application could install it without root powers and that only this user could run the app. We thought the best would be to install the app in user home directory.
We already have a .{appname} directory in user home to keep per-user configuration files, as the app installed configuration files in /etc.
I think that using the .{appname} dir to keep all application files is not a good idea, as directories pre-appended with . only keeps configuration files. Probably I'll remove the .{appname} dir, as the entire application will be installed per-user now.
2 ideas:
Create a {appname} dir and create subdirs bin, etc, lib and share/man.
Replicate Linux FHS under home and create a {app-name} subdir under lib and etc
~/bin/
~/lib/{appname}
~/share/man/
~/etc/{appname}
Which one of these is more often used and more recommended? Pros and cons of each alternative are welcome. Maybe a third option?
I've seen people recommend /home/usr/bin and /home/usr/local/bin, but I don't understand the need to include the usr here as there is no need to differentiate between essential and non-essential binaries/libraries. I'd prefer to be minimalist.
Thanks in advance.
The first option is the most common. A third option is to create (or fill out) the structure under ~/.local/ (which reflects /usr) that is already used by a number of applications for share/.
I like my webspace tidy :)
Therefore if my root-folder is html/ I would like to install modx (version 2.2) in the subdirectory html/modx/
For my website-visitors everything should be the same as if I would have installed modx in the root folder (html/).
I also don't want to do without friendly urls.
To make it even more difficult: I also really like the builtin modx file browser and I would love to use it for every file and folder in the document root (so every file inside html/* should be displayed).
(How) is this possible?
Additional question: if it is possible, is it better to reinstall modx in the subfolder or to move my installation to the new location (html/modx). As my installation is only a few days old, either option would be fine.
What version of MODx are you using?
Usually you would do an advanced installation (a separate version of MODx). You can move the existing MODx install to your sub-directory but you will need to update all of the config.core.php files and MODX_CORE_PATH constants to reflect this. You will also need to leave and update at least the index.php file in your web root directory. The config files that would need updating include:
config.inc.php
manager/config.inc.php
connectors/config.inc.php
core/config/config.inc.php
core/config/config.inc.php is the most important file and you will want to make sure ALL of the paths listed in there are correct.
The file browser will work fine providing you check all the URL and filesystem paths are correct in the Manager settings.
Change your .htaccess setting:
RewriteBase /subfoldername/
and install it as typically you do.