Develop Reference

How to create tmp folder like on my picture?

I want to create in my custom rootfs /tmp folder such as in ubuntu rootfs for raspberry pi2 from ubuntu.com. Rights drwxrwxrwt I have reached, but number 11(major number?) for tmp and green background color with black word "tmp" I don't understand how to reach.

To set the sticky bit, do
chmod +t /tmp
If you want an in-memory /tmp instead of on-disk, then add to /etc/fstab the line:
tmpfs /tmp tmpfs defaults,noatime,nosuid,size=100m 0 0

Fails to `mkdir /mnt/vzsnap0` for Container Backups with Permission Denied

This is all done as the root user.
The script for backups at /usr/share/perl5/PVE/VZDump/LXC.pm sets a default mount point
my $default_mount_point = "/mnt/vzsnap0";
But regardless of whether I use the GUI or the command line I get the following error:
ERROR: Backup of VM 103 failed - mkdir /mnt/vzsnap0:
Permission denied at /usr/share/perl5/PVE/VZDump/LXC.pm line 161.
And lines 160 - 161 in that script is:
my $rootdir = $default_mount_point;
mkpath $rootdir;
After the installation before I created any images or did any backups I setup two things.
(1) SSHFS mount for /mnt/backups
(2) Added all other drives as Linux LVM
What I did for the drive addition is as simple as:
pvcreate /dev/sdb1
pvcreate /dev/sdc1
pvcreate /dev/sdd1
pvcreate /dev/sde1
vgextend pve /dev/sdb1
vgextend pve /dev/sdc1
vgextend pve /dev/sdd1
vgextend pve /dev/sde1
lvextend pve/data /dev/sdb1
lvextend pve/data /dev/sdc1
lvextend pve/data /dev/sdd1
lvextend pve/data /dev/sde1
For the SSHFS instructions see my blog post on it: https://6ftdan.com/allyourdev/2018/02/04/proxmox-a-vm-server-for-your-home/
Here are filesystem directory permission related files and details.
cat /etc/fstab
# <file system> <mount point> <type> <options> <dump> <pass>
/dev/pve/root / ext4 errors=remount-ro 0 1
/dev/pve/swap none swap sw 0 0
proc /proc proc defaults 0 0
df -h
Filesystem Size Used Avail Use% Mounted on
udev 7.8G 0 7.8G 0% /dev
tmpfs 1.6G 9.0M 1.6G 1% /run
/dev/mapper/pve-root 37G 8.0G 27G 24% /
tmpfs 7.9G 43M 7.8G 1% /dev/shm
tmpfs 5.0M 0 5.0M 0% /run/lock
tmpfs 7.9G 0 7.9G 0% /sys/fs/cgroup
/dev/fuse 30M 20K 30M 1% /etc/pve
sshfs#10.0.0.10:/mnt/raid/proxmox_backup 1.4T 725G 672G 52% /mnt/backups
tmpfs 1.6G 0 1.6G 0% /run/user/0
ls -dla /mnt
drwxr-xr-x 3 root root 0 Aug 12 20:10 /mnt
ls /mnt
backups
ls -dla /mnt/backups
drwxr-xr-x 1 1001 1002 80 Aug 12 20:40 /mnt/backups
The command that I desire to succeed is:
vzdump 103 --compress lzo --node ProxMox --storage backup --remove 0 --mode snapshot
For the record the container image is only 8GB in size.
Cloning containers does work and snapshots work.
Q & A
Q) How are you running the perl script?
A) Through the GUI you click on Backup now, then select your storage (I have backups and local and the both produce this error), then select the state of the container (Snapshot, Suspend, Stop each produce the same error), then compression type (none, LZO, and gzip each produce the same error). Once all that is set you click Backup and get the following output.
INFO: starting new backup job: vzdump 103 --node ProxMox --mode snapshot --compress lzo --storage backups --remove 0
INFO: Starting Backup of VM 103 (lxc)
INFO: Backup started at 2019-08-18 16:21:11
INFO: status = stopped
INFO: backup mode: stop
INFO: ionice priority: 7
INFO: CT Name: Passport
ERROR: Backup of VM 103 failed - mkdir /mnt/vzsnap0: Permission denied at /usr/share/perl5/PVE/VZDump/LXC.pm line 161.
INFO: Failed at 2019-08-18 16:21:11
INFO: Backup job finished with errors
TASK ERROR: job errors
From this you can see that the command is vzdump 103 --node ProxMox --mode snapshot --compress lzo --storage backups --remove 0 . I've also tried logging in with a SSH shell and running this command and get the same error.
Q) It could be that the directory's "immutable" attribute is set. Try lsattr / and see if /mnt has the lower-case "i" attribute set to it.
A) root#ProxMox:~# lsattr /
--------------e---- /tmp
--------------e---- /opt
--------------e---- /boot
lsattr: Inappropriate ioctl for device While reading flags on /sys
--------------e---- /lost+found
lsattr: Operation not supported While reading flags on /sbin
--------------e---- /media
--------------e---- /etc
--------------e---- /srv
--------------e---- /usr
lsattr: Operation not supported While reading flags on /libx32
lsattr: Operation not supported While reading flags on /bin
lsattr: Operation not supported While reading flags on /lib
lsattr: Inappropriate ioctl for device While reading flags on /proc
--------------e---- /root
--------------e---- /var
--------------e---- /home
lsattr: Inappropriate ioctl for device While reading flags on /dev
lsattr: Inappropriate ioctl for device While reading flags on /mnt
lsattr: Operation not supported While reading flags on /lib32
lsattr: Operation not supported While reading flags on /lib64
lsattr: Inappropriate ioctl for device While reading flags on /run
Q) Can you manually created /mnt/vzsnap0 without any issues?
A) root#ProxMox:~# mkdir /mnt/vzsnap0
mkdir: cannot create directory ‘/mnt/vzsnap0’: Permission denied
Q) Can you replicate it in a clean VM ?
A) I don't know. I don't have an extra system to try it on and I need the container's I have on it. Trying it within a VM in ProxMox… I'm not sure. I suppose I could try but I'd really rather not have to just yet. Maybe if all else fails.
Q) If you look at drwxr-xr-x 1 1001 1002 80 Aug 12 20:40 /mnt/backups, it looks like there are is a user with id 1001 which has access to the backups, so not even root will be able to write. You need to check why it is 1001 and which group is represented by 1002. Then you can add your root as well as the user under which the GUI runs to the group with id 1002.
A) I have no problem writing to the /mnt/backups directory. Just now did a cd /mnt/backups; mkdir test and that was successful.

From the message
mkdir /mnt/vzsnap0: Permission denied
it is obvious the problem is the permissions for /mnt directory.
It could be that the directory `s "immutable" attribute is set.
Try lsattr / and see if /mnt has the lower-case "i" attribute set to it.
As a reference:
The lower-case i in lsattr output indicates that the file or directory is set as immutable: even root must clear this attribute first before making any changes to it. With root access, you should be able to remove this with chattr -i /mnt, but there is probably a reason why this was done in the first place; you should find out what the reason was and whether or not it's still applicable before removing it. There may be security implications.
So, if this is the case, try:
chattr -i /mnt
to remove it.
References
lsattr output
According to inode flags—attributes manual page:
FS_IMMUTABLE_FL 'i':
The file is immutable: no changes are permitted to the file
contents or metadata (permissions, timestamps, ownership, link
count and so on). (This restriction applies even to the supe‐
ruser.) Only a privileged process (CAP_LINUX_IMMUTABLE) can
set or clear this attribute.

As long as the bounty is still up I'll give it to a legitimate answer that fixes the problem described here.
What I'm writing here for you all is a work around I've thought of which works. Note, it is very slow.
Since I am able to write to the /mnt/backups directory, which exists on another system on the network, I went ahead and changed the Perl script to point to /mnt/backups/vzsnap0 instead of /mnt/vzsnap0.
Bounty remains for anyone who can get the /mnt directory to work for the mount path to successfully mount vzsnap0 for the backup script..

1)
Perhaps your "/mnt/vzsnap0" is mounted as read only?
It may tell from your:
/dev/pve/root / ext4 errors=remount-ro 0 1
'errors=remount-ro' means in case of mistake remounting the partition like readonly. Perhaps this setting applies for your mounted filesystem as well.
Can you try remounting the drive as in the following link? https://askubuntu.com/questions/175739/how-do-i-remount-a-filesystem-as-read-write
And if that succeeds, manually create the directory afterwards?
2) If that didn't help:
https://www.linuxquestions.org/questions/linux-security-4/mkdir-throws-permission-denied-error-in-a-directoy-even-with-root-ownership-and-777-permission-4175424944/
There, someone remarked:
What is the filesystem for the partition that contains the directory.[?]
Double check the permissions of the directory, or whether it's a
symbolic link to another directory. If the directory is an NFS mount,
rootsquash can prevent writing by root.
Check for attributes (lsattr). Check for ACLs (getfacl). Check for
selinux restrictions. (ls -Z)
If the filesystem is corrupt, it might be initially mounted RW but
when you try to write to a bad area, change to RO.

Great, turns out this is a pretty long-standing issue with Ubuntu Make which is faced by many people.
I saw a workaround mentioned by an Ubuntu Developer in the above link.
Just follow the below steps:
sudo -s
unset SUDO_UID
unset SUDO_GID
Then run umake to install your application as normal.
you should now be able to install to any directory you want. Works flawlessly for me.

try ls laZ /mnt to review the security context, in case SE Linux is enabled. relabeling might be required then. errors=remount-ro should also be investigated (however, it is rather unlikely lsattr would fail, unless the /mnt inode itself is corrupted). Creating a new directory inode for these mount-points might be worth a try; if it works, one can swap them.

Just change /mnt/backups to /mnt/sshfs/backups
And the vzdump will work.

"ls -lh" directories reported size : linux vs cifs mounted drives

From a linux box, I recently mounted a Windows share using cifs.
The intend was to "locally" use rsync to backup my windows machine.
The command line used to mount the Windows drive is something like:
mount \\192.168.1.74\share /cifs1 -t cifs -o noserverino,iocharset=utf8,ro
Please also note that the drive attached to the linux box is formatted ntfs.
When doing a sample backup, rsync was always re-copying the directories (names), but not the files. After looking more closely at the "ls -lh " output at both ends, I noticed that on the linux side the size of the directory level is always 0:
TTT-Admin#1080-Router:/tmp/mnt/RT-1080/tmp# ls -lh
drwxrwxrwx 1 TTT-Admi root 0 Feb 8 12:14 DeltaCopy
but the size of the directory level on the cifs side was always different from 0:
TTT-Admin#1080-Router:/cifs1/temp/Rsync-Packages# ls -lh
drwxr-xr-x 1 TTT-Admi root 8.0K Feb 8 12:14 DeltaCopy
This difference explains why rsync was always recopying directories, but not recopying the folders(which was correct, folder sizes and time stamps being the same on both ends).
EDIT: the rsync command is:
> rsync -av /cifs1/Temp/Rsync-Packages/DeltaCopy /mnt/RT-1080/tmp/rsync
-av /cifs1/Temp/Rsync-Packages/DeltaCopy /mnt/RT-1080/tmp/
Is a directory supposed to "have a size" or not ? What should I do to solve this discrepancy ?

Can I change devices permissions with chmod?

Before read: I don't want to use any udev rule.
I need to change (programmatically) the permissions of some device. But first in order to underestand what I have to do (in code) I want to make the job using just chmod command.
So far, I've tried this:
root# ls -l /dev/sdb
root# brw-rw-rw- 1 root disk 8, 16 Apr 7 05:27 /dev/sdb
root# chmod 0600 /dev/sdb
root# ls -l /dev/sdb
root# brw------- 1 root disk 8, 16 Apr 7 05:27 /dev/sdb
as you can see, /dev/sdb has read and write permissions only for the owner (wich is root). But I'm still able to create new files and read files from my connected flash drive.
What I'm missing. How can I use chmod to prevent users to write to some device?
Can be done what I'm asking for?
Thank in advance.

chmod a freshly mounted external drive to set up writing access

I have mounted a external drive at:
# mkdir /mnt/external
and subsequently:
mkdir -p /mnt/external
mount /dev/sdb1 /mnt/external
Now only the root-user has access to write to these folders.
linux-wyee:/home/martin # dir /mnt
drwxr-xr-x 2 root root 4096 13. Dez 22:01 external
How to change this - how to change that all can write to the external drive. I need to change the permissions within the terminal.
chmod 777 /dev/sdb1 /mnt/external or something alike -

Try this first,
umount /dev/sdb1
chmod -R 0777 /mnt/external
then mount with
mount /dev/sdb1 /mnt/external
or try
chmod -R 0777 /mnt/external

chmod -R 777 /mnt/external
No need to specify the device. You chmod the directory recursively.
However, usually external drives are formatted with FAT32 or some sort of Windows-compatible file system, which does not have POSIX / UNIX permissions. So this step may be redundant.
How is your drive formatted?
Have you tried writing to it as a non-root user?

A solution posted on behalf of the OP.
Update:
linux-wyee:/mnt # chown martin:users /mnt/external
See the results: - it is obvious that it works ;-)
martin#linux-wyee:/> cd mnt
martin#linux-wyee:/mnt> ls -l
insgesamt 4
drwxr-xr-x 3 root root 4096 13. Dez 19:43 external
martin#linux-wyee:/mnt> su
Passwort:
linux-wyee:/mnt # ^C
linux-wyee:/mnt #
linux-wyee:/mnt # chown martin:users /mnt/external
linux-wyee:/mnt # cd mnt
bash: cd: mnt: Datei oder Verzeichnis nicht gefunden
linux-wyee:/mnt # ls -l
insgesamt 4
drwxr-xr-x 2 martin users 4096 13. Dez 22:01 external
linux-wyee:/mnt #
It works as you see now the user martin has got permissions.

chmod -R 0777 /mnt/external
This seems to be excessive for me. Everyone on this machine can execute whatever he wants from external disk. A wide opened door for hackers. They can e.g. save a picture using a web form, change execute bit and run it as a script on your system.
Perhaps, rw access for owner and group and r for others would be a better option.

I had a similar problem, but the solution for me was to use the uid and gid options of the CIFS filing system. (I had to use CIFS because apparently NFS doesn't allow access via username and password, which I needed.)