I had downloaded the perforce client in my ubuntu 11 system a while ago. The p4v in my system is found under:
-r-xr-xr-x 1 root root 1578 2011-08-29 12:46 /usr/bin/p4v
After I read the documentation of p4v I realize it should not be owned by root.
How do I change the ownership of this and also allow my "user" all the access rights without reinstalling the p4v again?
Thanks
If you "chown" P4V without changing the permissions, your user will still be able to use it.
For example:
chown user:group /usr/bin/p4v
The permissions granted to the file allow read and execute to the owner, anyone in the group and everyone else with access to the system. Changing the user and group will not change the permissions, so your user should still be able to execute the binary.
In general, the ownership of a binary that is executable by all shouldn't matter. The danger comes if the owner of the process is root (or any other privileged user). For example, "mount" will be owned by root, and can be run by any user to show the mounted file-systems. Only when it is run by root can it change your file-system structure.
Related
I understand this has most likely been answered but for the life of me cannot figure it out.
What is the problem?
I'm running an nginx server and have the user "www-data" own the web server directory and all of it's contents. I run wordpress so it is important that www-data keeps ownership as if it does not, the wordpress UI will not be able to edit files. I also like to use SFTP but have disabled login for any other user besides my own. Currently, when I want to use FTP to edit files, I have to chown the wp-content directory temporarily to my personal user and then re-chown the directory back to the www-data user when finished.
What is the intended outcome?
Ideally, I'd like to configure the file permissions so that I may edit files within this directory without having to chown between users everytime. Is this possible or would I be better off setting my personal user as a root user?
What have you tried?
I've tried chown-ing the directory to a group that both www-data and my user are in. Example being:
chown -R :www-data /path/to/dir/wp-content/*
Where "www-data" is both the name of the web user, AND the name of a group that contains both users: myuser & www-data. Even after doing so, myuser is not able to edit the files within this directory.
If anyone would be kind enough to educate a fool (me) or refer to myself a proper resource, I'd be very grateful! Thanks for your time :)
You should have a user that has associated group, named after that user. So you can do the following:
sudo chgrp -R YOUR_USER_NAME YOUR_FOLDER
this should change owinging group for the data in your folder and that owning group will be your user's group
Then change the privilige for the group using:
chmod -R g+w YOUR_FOLDER
There's already an answer, but I figure I'll give a detailed one anyway, for everyone's sake :)
I'm running an nginx server and have the user "www-data" own the web server directory and all of it's contents
You see where it fails from the beginning, is that any sensitive files can be served by NGINX, unless denied in specifically in configuration, simply because it owns it. It's not good because it won't use chmod permission model as a way to control what NGINX can serve and what it cannot.
There is only one setup that is secure and proper, and I detail it here.
Specifically, each website must have its own PHP-FPM pool, which runs by a website-specific user.
The webserver user (e.g. www-data or nginx) is the member of all website's usergroups, e.g. nginx is member of wordpress usergroup.
This allows to simply have 0750 (dirs) and 0640 (files) permissions, and have no issues at all.
I am using RStudio server (Version 0.98.994) on Ubuntu 12.04.
Our group works on a external share drive together and would like to open the same project.
When I open a project file created by other colleagues, I got an error with permission denied (Sorry I cannot show the error message as I already changed the permission manually).
After checking the file permission, I found the default permission is "-rw-r--r-x" for *.Rproj and .Rhistory, "drwxr-sr-x" for ".Rproj.user". So no write permission for group.
In the external share drive (no sure about system, should be Linux), the default permission is rw for group.
How could I change the default permission for *.Rproj, .Rhistory and .Rprojt.user?
Thanks for any advice. Please let me know if my question is not clear.
EDIT:
I created new file and folder in the external share drive from command line. The default permission is -rw-rw-r-- for file and drwxrwsr-x for folder, as I expected. It seems RStudio server created these new files with their own default permission.
Could I change the default permission of these files *.Rproj, .Rhistory and .Rprojt.user when RStudio server creates them? i.e. Add write permission to group.
The default permissions for Directories are 777 which is read/write/execute and for Files it is 666 which is read/write. But then every system has a umask value, which is normally 022.
So when you create a directory it will have permissions 777 but it will take away the umask value of 022 and leave you with your default permissions of 755 which is rwxr-xr-x
You can change the value of umask by simply entering the command
umask=055
This will set the umask value to 055 and whenever you create a new file/directory, 055 will be taken away from the permissions.
Again look at a newly created directory with permissions of 777 and the umask value is taken away so the directories permission is 722 which is rwx-w--w-
Again look at a new directory with permissions
I am running Debian 6 - 64-bit and I am looking to put specific set of permissions on one of a executable binary file.
The file is originally owned by user/group root and holds 0111 set of permissions that only allows execute permissions.
I have set these permissions because I usually do installs for every user I create and this file is automatically copied to the user's home directory when the files are installed. The file is important so I do not want those created users to download or even view the file over FTP, the only thing they are allowed to do is execute.
But since I've set 0111 permissions on the file to achieve what I want, the file is no longer copied to the user's home directory because root cannot read/write the file. What should I do that would still allow root to read/write the file so it is copied over to user's home directory in the automated process but disallow the created user from accessing it. The file is owned by user/group root and after it is copied, it is owned by user/group new-user.
Set the permissions of the original to 511 or 711 (o+r), then before the copy, do umask 666 to remove these permissions from newly created files. The copy will then have permissions 0711 & ~0666 == 0111.
I'm trying to use Jenkins to deploy to a custom workspace but am having permissions issues. The custom workspace folder is /var/www/workspace which is owned by www-data and in the www-data group as normal. I have added my jenkins user to the www-data group and the folder has writable permissions on user and group level. When I run the Jenkins build it fails because it doesn't have permission to clone into the folder. The only thing I can think of that may be stopping this from happening is the fact that the var folder is owned by root even though www and all folder below this are owned by www-data
Any advice appreciated.
Do one thing, go to /var/www/ and type the following command and paste output:
ll
Responding to your comment, to change the owner and group of /var/www/workspace and all files under it you can use:
chown -R jenkins:www-data /var/www/workspace
In the end I changed the user that Jenkins is running as from Jenkins to www-data. Probably not the ideal way to do things but as this is on a non public facing server it suits my purpose. Now when a build has completed I get Jenkins to run a couple of chmod commands to make sure file permissions are correct and the files are already in the www-data group so all works nicely.
Hope you are good. I have Xammp on fedora and changed owner of opp/lampp/htdoc to root. Why I did so because whenever someone creates new folder through sharing, they don't have permission to dynamically create folder or files or to write images. Then I run command
chmod -R 777 /opt/lampp/htdocs
But when system goes to restart then I again need to run this command. So avoid again and again run this command I changed the owner on "opt/lampp/htdocs" and run
chmod -R 777 /opt/lampp/htdocs
Now, whenever server restarts, assigned permissions don't need to be set again and again. That is resolved.
I have an issue, that old directories can be used to write something. But if any network user creates new directory under htdocs, that new directory needs to be changed the permission for it.
previously created, and can use this one directory to run script to create files
drwxrwxrwx 2 root root 4096 2011-06-15 14:09 aaa
Newly created, cannot be used to run a script to create image or to write anything
drwxr-xr-x 2 root root 4096 2011-06-17 15:17 aaaa
drwxr-xr-x this one is really annoying to me for each newly created folder in htdocs :(
Just to let you know that my htdocs user and rights are:
drwxrwxrwx 101 root root 4096 2011-06-17 15:17 htdocs
Why is it so? Can anybody please help me to figure this problem out? I am waiting for quick response anxiously.
First off, you should investigate what permissions you really need - chmodding everything to 777 is a security risk as it will allow any user to write inside of your web root.
However, to address your actual question of the default permissions when a new folder is created by a user, you want to adjust the default "umask" which determines such things.
This question has some information for changing it for the Apache user (if a "network user" is a user creating new files and directories through the httpd process):
Setting the umask of the Apache user
If you need to adjust it for other users or processes, the solution will be similar.
Good luck!
Edit
Since you're on Fedora, try this: (from the question I linked above)
[root ~]$ echo "umask 002" >> /etc/sysconfig/httpd
[root ~]$ service httpd restart
The first command will add that line to the /etc/sysconfig/httpd which is a permanent configuration file, and the second command will make it active.
You are tackling the problem from the wrong side. Restore your apache configuration to use apache.apache as default user/group, and set your samba server to use those credentials when someone write to your document root.
If you are using nfs or another posix compatible filesystem, use chmod g+s to keep all files readable from your apache server.
Try it:
#umask 000
have a good time!!