Due to a recent hack of my servers I am in some kind of ultimate restriction taste and thus wanted to limit the permissions of all the root folders like so:
chmod o-x /*
To enable login for other users again, I do:
chmod o+x /home
Now, I have another user which is not root and which should be the only one allowed to login, but it cant - the SSH authentication itself works but then this error appears:
/bin/sh: Permission denied
Seems easy to grant permissions to the bin folder like so:
chmod o+x /bin
But I still get the same Permission denied message.
Whats going on here?
The execute bit (x) on directories allows an user to go into that directory. If you remove the x bit from the root directory (/), then it is not possible to go into that directory and get the details of its contents. But in order to get the details of the bin directory under the / directory, that is necessary.
The same is true for /home and what is in it, by the way.
You might argue that you can do an ls / and list it's contents. That is because the contents itself are in the inode of the listed folder. But try to get a detailed listing with ls -l / and you will see that the permissions can not be listed. This is because the permissions are in the inode of the bin directory, but without the x permission, you are not allowed to enter the root directory in order to look at that inode.
Removing the x permission bits from the root directory is going to cause lots of problems. Don't do it! Better to learn concepts like SELinux or similar.
I am supposed to give write/edit permission to my directory in /var/lib/mysql/dbname via Linux.
I am unaware of backend UI and i know i just enetered the text "sudu so" # centos machine which displays :
[root#ip-10-0-0-61 centos]#
Can anyone tell how to proceed further as I have always been using WinScp which restricts me to write database files due to present set permissions.
Any user interface file manager that could do this would be really helpful too.
Thanks in advance
You can change files/folders permission with the chmod command. There's a man page here. The full command line to type depends on which permission you exactly need. A basic usage of the command is
chmod [ugoa][+-=][rwx] file
Where
[ugoa] allow you to choose whose permission you want to modify: the owner of the file (u), users member of the group of the file (g), any other users (o) and all users (a)
[+-=] allow you to tell the command if you want to add (+) the selected permissions, remove them (-) or set them as the only permissions of the file(=).
[rwx] allow you to choose the permission : read (r), write (w) or execute (x). There exist other type of permissions explained in the man.
To change the permission of a folder recursively, you can add the option -R to the command.
Very simple just execute the command
chmod 777 -R ./
This will do the trick for you.
There are two things to look at, setting permissions, and ownership.
To do this for an entire directory (be careful with this)
chmod -R {permissions} {directory}
If you're unsure what permissions to use check this guide
To set ownership, use
chown {user:group} {directory} -R
Again be careful with these settings. It's not often you'll want an entire directory full of files to all have the same permissions, and you could be opening yourself up to risks if you do so. Always be explicit and give each file the minimum permissions needed to get the job done.
I just installed Atom, and I am getting an error thrown up when I go to save the project.
Unable to save file: Permission denied
I am signed in with admin privileges.
Try running:
sudo chown -R username:www-data /path/to/directory
"username" being what gets spit out when you enter
whoami
Digital Ocean's tutorials are pretty good for installing stuff the right way. I got the above from https://www.digitalocean.com/community/tutorials/how-to-install-wordpress-with-lamp-on-ubuntu-16-04
This is because of linux permissions. The best way to solve this problem is by providing permission for the user. This can be done by chown command.
sudo chown -R username:groupname directory
You can find your username using whoami command and your group name by using groups username command.
Let's say you got "john" as your username. To get groupname you run the command
groups john
You will get an output something like this
john : john staff adm cdrom lpadmin admin
The first name after : is your primary group. In the example it is "john"
The command will be
sudo chown -R john:john /opt/lampp/htdocs
This isn't an atom problem, it's a linux permissions problem.
You opened a file owned by another user (a file probably owned by root). If you want to edit that file, you have to either be root or change the permissions on the file to grant other users access.
Usually the best solution is to temporarily become root and edit the file:
sudo atom /path/to/file
if your case is same situation as this screenshot
try this
$ sudo chmod -R 777 ~/.atom
there is alot of ways to solve this problem, i just change the permisions on the proyect folder:
sudo chmod 777 /path/to/folder/proyect
This is happening because linux don't have permissions. The best way to solve this problem you have to provide permission for the user to access particular directory/folder or file.
Please follow the below steps to give permission.
First find your username by entering the following command in console.
whoami
You will get an output something like this
jrathor
You got "jrathor" as your username.
Now provide permission to that particular folder/directory or file which one you are not able to access.
sudo chown -R jrathor /path/to/folder/or/file
Now you can edit all the files which is available in directory.
It Will work for ubuntu as well as for MAC also.
If you get this error in ubuntu 20.04 as well, I found a solution.
In terminal(ctrl + alt + t), you can access to root using this order 'sudo su'.
Give your password then go to the directory exactly atom want to save.
First,'cd' to find right directory. then again, 'cd /usr/bin'.
Now you are in the directory /usr/bin. Type 'touch atom'. It will make atom txt file in your path. And type 'exit'
sudo chown -R username:www-data /path/to/directory
"username" being what gets spit out when you enter
whoami as #sam said above.
Go to atom, try save the file again. atom will be saved successfully.
before run your file with atom , if you change your file write permission other users can save it
you can read from here for permission linux-permission
$su -
password:
chmod 777 index.php
open new terminal and run your file with texteditor
$ atom /var/www/html/wordpress/index.php
It might be late to answer this, but I tried this and resolved my issue:
(Disclaimer : I tried to save changes in keymap.cson file in atom, got error : Unable to save changes : Permission denied)
chmod 777 <file name>
and after that,
go to the file "keymap.cson".
right click and go to properties.
un-check hidden check-box.
you are good to save changes in keymap.cson in atom
Happy saving :)
This same problem occurred on my Mac running OSX.
Problem:
for some reason npm created the react app with Read & Write permissions to System for only the app folder, although all files and folders contained had read/ write permissions to me, the creating user.
Solution:
You'll need the admin password.
Visit the app folder in Finder, like, "directory/ReactApps/react-app/...", right-click and click the dropdown menu for "Permissions", click the padlock icon in the bottom right of that pane and enter the admin password, create a new user by clicking "+" icon, select yourself, and Read/Write permission, click the (unlocked) padlock icon again.
Copy your current code in Atom, quit Atom (cmd+q), restart, select the file, select all (cmd+a), paste, then save (cmd+s).
Onward
If you are using AWS cloud 9 lightsail (magento in my case) use:
sudo chown -R bitnami:bitnami /opt/bitnami/apps
this will allow you to have full access to your file tree to create new folders and files. (may do more not sure, as im now to this).
Thank you,
When I remove execution privileges (and just leave it with r) from a directory using
chmod 400 sampledir
and try to acces with
cd sampledir
it says permission denied, but if I use nautilus to open it, i can open it and see its contents, Why is that? I read in some place that i terminal you have to execute the directory and the directory will lists its contents, but I think when you use cd, cd is the program and the directory name would be the parametter. That is just an hipothesis becouse i've been reading on google and i cannot understand yet. Thanks a lot for any help.
chdir(2) requires search (execute) permissions on every component in the path. open(2) and readdir(3) do not. By not attempting to change the process' working directory, nautilus bypasses the execute permission requirement.
I would like to know what is the best, correct and recommended way of doing chown and chmod to website files and folders.
I recently started working on linux and I have been doing it in the site root directory like the following:
sudo chown www-data:www-data -R ./
sudo chmod 775 -R ./
I know it is not the best way. There is a protected folder which should not be accessible with browsers and should not be writable, so I did the following to protected folder:
sudo chown root:root -R protected/
sudo chmod 755 -R protected/
Is it correct? If anything can be improved please let me know.
Read your command again. What you are saying is "make everything executable" below these directories. Does an HTML or gif to be executable? I don't think so.
Regarding a directory which should not be writable by the webserver. Think of what you want to do. You want to revoke the right to write a directory from the webserver and the webserver group (and everybody else anyway). So it would translate to chmod -w theDir. What you did is to tell the system "I want root to make changes to that directory which shall be readable by everybody and the root group". I highly doubt that.
So I would suggest having the directory owned by a webserver user with only minimal read access, it should belong to a group (of users, that is) which is allowed to do the necessary of the modification. The webserver does not belong to that group, as you want the outside world to be prevented from making modifications. Another option would be to hand over all the directories to root and to the editor group and modify what the webserver can do via the "others" permission group. But what to use heavily depends on your environment.
Edit:
In general, the "least rights" policy is considered good practice: give away as few rights as possible to get the job done. This means read access to static files and depending on your environment php files, read and execute rights for cgi executables and read and execute rights for directories. Execute rights for directories allow you to enter and read it. No directory in the document root should be writable by the webserver ever. It is a security risk, even though some developers of bigger CMS do not seem to care to much about that. For temporary folders I would set the user and groups to nobody:nogroup and set the sticky bit for both user and groups.