I'm trying to configure my local server htdocs folder to write in it without root powers, but without the ugly way of chmod 777. I created a new group, I set it to the folder, I changed the permissions to 775 and I add my user to this new group. This is the result:
$ ls -ld .
drwxrwxr-x 4 nobody htdocs 4096 ago 27 2009 .
$ id asbel
uid=1000(asbel) gid=1000(asbel) grups=1000(asbel),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),109(lpadmin),124(sambashare),1002(htdocs)
$ touch test
touch: no s’han pogut canviar les dates de «test»: S’ha denegat el permís
The answer of the last command says that I don't have permissions to write here.
What is wrong here? Also, I want that when I create new folders they have same group permissions since I want that other users of the group could modify them. Is it correct?
For the new group to take effect, you must log out and log in again (opening a new shell is not sufficient)
#n.m. (originally a comment to this question)
Related
I have some file and can't delete it.
File created my user www-data:
-rw-rw-r-- 1 www-data www-data 17408 Jun 3 16:18 0.48257900 1464959885_555.png
I am trying to delete it by user lifesim:
rm -rf *
rm: cannot remove '0.48257900 1464959885_555.png': Permission denied
Why I can't delete that file?
lifesim#srvJH:~/public_html/upload/blog/posts/2016-06-03$ whoami
lifesim
lifesim#srvJH:~/public_html/upload/blog/posts/2016-06-03$ id lifesim
uid=1001(lifesim) gid=33(www-data) groups=33(www-data)
lifesim#srvJH:~/public_html/upload/blog/posts/2016-06-03$ id www-data
uid=33(www-data) gid=33(www-data) groups=33(www-data),1001(lifesim)
File created by my PHP script.
Lars Fischer is right: you need to have write permission to delete a file from a directory.
As clarified in the comments below the question: your lifesim user has no rights to change the directory containing the file.
Give lifsim or the group "w" permissions on the diretory or use the www-data user for the deletion.
Deleting (or creating) a file means we modify the directory (imagine the directory is just a database document with the file metadata) and remove (or add) the metadata of the file. Thus we must be able to change the directory.
I have moved my website from Godaddy to a VPS server. I'm new to Linux so I followed some tutorials online but still confused about some problems.
I use SSH to log on my server as user adam. In order to run the PHP properly, I have to set 755 permission to /var/www and change the owner of this folder to www-data. But that means I don't have permission to write files in this folder even if add user adam to the group www-data. And I cannot upload webpages onto this folder using FTP which is very annoying. (Currently I have to type su to switch to root and then modify these files with nano)
I know setting 777 is a solution but it may cause some safety concerns so I'm looking for a better solution.
drwxr-xr-x 8 www-data www-data 4096 Jul 24 21:36 www
Every number of permisson is composed as follows
4: read
2: write
1: execute
So if you add them you get the permission. By example 7 means all the permisons and 6 means read and write.
The first number of 755 is for the owner, the second for the group's users and the third for other users.
Then 755 means rwxr-xr-x it is the owner can read wirte and execute, but the group member can't write.
If you want to solve this you can change the privileges to 775 then it will be change to rwxrwr-x
Or you can add www-data as a secondary group to adam and set a setgroupid www-data fro /var/www
I would like to set up a linux share space in the following way:
I want one user lets call admin to have access to all other users home directories.
I want to be able to create users A,B,C,D,E and have none of them view any other folders except there home folder(and /tmp/ if needed).
I do not want them to be able to view any other files.
I will use this so I can create a user for them they can log in view/edit a file in their home folder and nothing else(or scp a file into it)
How do I do this?
My first thought was to create a group and put them all in that group but I do not want them to be able to view each other’s files.
I notice that the folders in /home/* are only read,write,execute by the owner:
[test2#XXX home]$ pwd
/home
[test2#XXX home]$ ll
drwx------ 3 test2 test2 4096 Mar 7 18:54 test2
Is this sufficient permissions then?
The files in /home/A/ for example are
[test2#XXX~]$ pwd
/home/test2
[test2#XXX~]$ ll
total 4
drwxrwxr-x 2 test2 test2 4096 Mar 7 18:54 testdir
-rw-rw-r-- 1 test2 test2 0 Mar 7 18:54 testfile
User B would not be able to write to these files correct?
If so what do I need to do in order to have user admin able to view all these /home/ folders but nobody else.
First of all you need a user "Admin" who will have rwx permissions on all home directories of users A, B, C, D, E. Here I am assuming that your "Admin" user is not root.
You can refer to this link for achieving this functionality.
Now you don't want any of the user A, B, C, D, E to see each others' files, but a Public folder exists in your Home directory (/home/user) for sharing files with other users. If an other user wants to get access to this Public folder, the execute bit for the world should be set on the Home directory.
If you do not need to allow others to access your home folder (other humans or users like www-data for a webserver), you'll be fine with chmod o-rwx "$HOME" (remove read/write/execute from "other", equivalent to chmod 750 "$HOME" since the default permission is 750). Otherwise, you should change the umask setting too to prevent newly created files from getting read permissions for the world by default.
For a system-wide configuration, edit /etc/profile; per-user settings can be configured in ~/.profile. I prefer the same policy for all users, so I'd edit the /etc/profile file and append the line:
umask 027
You need to re-login to apply these changes, unless you're in a shell. In that case, you can run umask 027 in the shell.
Now to fix the existing permissions, you need to remove the read/write/execute permissions from other:
chmod -R o-rwx ~
Now if you decide to share the ~/Public folder to everyone, run the next commands:
chmod o+x ~ - allow everyone to descend in the directory (x), but not get a directory listing (r should not be added)
find ~/Public -type f -exec chmod o+r {} \; - allow everyone to read the files in ~/Public
find ~/Public -type d -exec chmod o+rx {} \; - allow everyone to descend into directories and list their contents
Suppose I have a directory on Linux with a bunch of files and subdirectories. This is that root directory:
drwxr-xr-x 13 user1 group1 4096 May 7 15:58 apps
Now, I only want to alter the group portion of those permissions. I want to alter it in such a way that it exactly matches the owner portion. The result for that directory would be:
drwxrwxr-x 13 user1 group1 4096 May 7 15:58 apps
But, I want a script or command to do this automatically, not just for that directory but for every subdirectory and file recursively under it. Anyone know how?
Thanks.
Give this a try (test it first):
chmod -R g=u apps
The = copies the permissions when you specify a field (u, g or o) on the right side or sets it absolutely when you specify a permission (r, w or x) on the right.
That's simple:
chmod g=u <file>
I am running apache with mod mono and my asp.net app is using mono sqlite as its db. When i refresh the page twice i get the DB is locked error. The folder it is in is chmod 777. The webapp is creating sqlite.db and sqlite.db-journal but it doesnt seem to be able to delete the journal. Also it has problems when i load the page once. It definitely seems to be a permission problem.
i'm confused. What permissions do i need to set these? i tried precreating the files using 777 and had no luck.
-edit- I didnt find a solution however i thought how silly i was being since i was planning to use mysql for my webapp. So i just ported the code and i no longer had issues.
When creating/deleting a file the directory permission matter.
So, if you really want that, you have to set the containing directory's permissions to 777.
Sample:
$ ls -la
total 21
dr-xr-xr-x 2 me me 1024 May 22 19:19 . #no write permissions to directory
drwxrwxrwt 21 root root 19456 May 22 19:19 ..
-rwxrwxrwx 1 me me 0 May 22 19:19 abc #all permissions to file abc
$ rm abc
rm: cannot remove `abc': Permission denied #abc has 777, but deleting doesn't work
$ chmod 777 . #change directoy's permissions
$ rm abc #now removing works
$ ls #file abc is gone
The reason is that when you delete a file, you actually modify the directory and not the file itself.
Think of a hard link: The file itself will not change when you delete one hardlink to it, but the directory changes.
Sounds more like one instance of the session in apache is blocking the other session, i.e. has the db file open exclusively. Try to let the database(model) run as a singleton (or similar) which all sessions access.