Suppose I have a directory on Linux with a bunch of files and subdirectories. This is that root directory:
drwxr-xr-x 13 user1 group1 4096 May 7 15:58 apps
Now, I only want to alter the group portion of those permissions. I want to alter it in such a way that it exactly matches the owner portion. The result for that directory would be:
drwxrwxr-x 13 user1 group1 4096 May 7 15:58 apps
But, I want a script or command to do this automatically, not just for that directory but for every subdirectory and file recursively under it. Anyone know how?
Thanks.
Give this a try (test it first):
chmod -R g=u apps
The = copies the permissions when you specify a field (u, g or o) on the right side or sets it absolutely when you specify a permission (r, w or x) on the right.
That's simple:
chmod g=u <file>
Related
How can I prevent changing the ownership of a file?
I have a file with permission as follows:
-rw-r-----. 1 netcool ncoadmin 1689 May 8 14:54 NCI_Constellation.proj
As part of RPM package installation, I am running a script which is supposed to write data into NCI_Constellation.proj file. Whereas the permission of the file is getting changed as follows during package installation and the writing to the file is not happening.
-rw-r-----. 1 root root 1689 May 8 14:54 NCI_Constellation.proj
Is there a way to not change the ownership of NCI_Constellation.proj file and keep it as it is as follows so that I will be able to write data to the file?
-rw-r-----. 1 netcool ncoadmin 1689 May 8 14:54 NCI_Constellation.proj
Please help.
The question is: what package does that file belong to and with what permissions?
rpm -qf /path/to/NCI_Constellation.proj
will give you the package owning this file (let's say NCI.rpm). Then
rpm -qlv NCI.rpm | grep NCI_Constellation.proj
will give you the owners and rights of this file as packaged by NCI.rpm. If you are the one packaging NCI.rpm; you should put something like this in your %files section:
%files
%attr(640,netcool,ncoadmin) /path/to/NCI_Constellation.proj
By the way make sure that you really can write to the file with those permissions; test that first... Who is running the script to change this file? As which user? then run it yourself manually as that user to make sure these file permissions will suffice.
you have two options in my opinion,
first : set netcool to root group by doing this:
$ sudo usermod -a -G root netcool
with this command you user is able to change and modify the file even after the permissions changed.
second : set netcool user a second root user by changing /etc/passwd file.
for this open the file with every file-editor you want then change UID and GID to 0. after doing this if you run $ grep netcool /etc/passwd you should see :
netcool:x:0:0: {the rest may change for anybody}.
We can prevent the changing of group of file by using setgid bit on directory. So if you add user netcool to ncoadmin and give write permission to ncoadmin then you can edit the file. Here is how you can set the SetGid bit on directory.
chmod g+s your_directory_containing_file(NCI_Constellation.proj)
Bit more about the setgid on directory:
setgid can be used on directories to make sure that all files inside the directory are owned
by the group owner of the directory. The setgid bit is displayed at the same location as the x
permission for group owner. The setgid bit is represented by an s (meaning x is also there)
or a S (when there is no x for the group owner). As this example shows, even though root
does not belong to the group proj55, the files created by root in /project55 will belong to
proj55 since the setgid is set.
root#RHELv4u4:~# groupadd proj55
root#RHELv4u4:~# chown root:proj55 /project55/
root#RHELv4u4:~# chmod 2775 /project55/
root#RHELv4u4:~# touch /project55/fromroot.txt
root#RHELv4u4:~# ls -ld /project55/
drwxrwsr-x 2 root proj55 4096 Feb 7 17:45 /project55/
root#RHELv4u4:~# ls -l /project55/
total 4
-rw-r--r-- 1 root proj55 0 Feb 7 17:45 fromroot.txt
I have some file and can't delete it.
File created my user www-data:
-rw-rw-r-- 1 www-data www-data 17408 Jun 3 16:18 0.48257900 1464959885_555.png
I am trying to delete it by user lifesim:
rm -rf *
rm: cannot remove '0.48257900 1464959885_555.png': Permission denied
Why I can't delete that file?
lifesim#srvJH:~/public_html/upload/blog/posts/2016-06-03$ whoami
lifesim
lifesim#srvJH:~/public_html/upload/blog/posts/2016-06-03$ id lifesim
uid=1001(lifesim) gid=33(www-data) groups=33(www-data)
lifesim#srvJH:~/public_html/upload/blog/posts/2016-06-03$ id www-data
uid=33(www-data) gid=33(www-data) groups=33(www-data),1001(lifesim)
File created by my PHP script.
Lars Fischer is right: you need to have write permission to delete a file from a directory.
As clarified in the comments below the question: your lifesim user has no rights to change the directory containing the file.
Give lifsim or the group "w" permissions on the diretory or use the www-data user for the deletion.
Deleting (or creating) a file means we modify the directory (imagine the directory is just a database document with the file metadata) and remove (or add) the metadata of the file. Thus we must be able to change the directory.
I would like to set up a linux share space in the following way:
I want one user lets call admin to have access to all other users home directories.
I want to be able to create users A,B,C,D,E and have none of them view any other folders except there home folder(and /tmp/ if needed).
I do not want them to be able to view any other files.
I will use this so I can create a user for them they can log in view/edit a file in their home folder and nothing else(or scp a file into it)
How do I do this?
My first thought was to create a group and put them all in that group but I do not want them to be able to view each other’s files.
I notice that the folders in /home/* are only read,write,execute by the owner:
[test2#XXX home]$ pwd
/home
[test2#XXX home]$ ll
drwx------ 3 test2 test2 4096 Mar 7 18:54 test2
Is this sufficient permissions then?
The files in /home/A/ for example are
[test2#XXX~]$ pwd
/home/test2
[test2#XXX~]$ ll
total 4
drwxrwxr-x 2 test2 test2 4096 Mar 7 18:54 testdir
-rw-rw-r-- 1 test2 test2 0 Mar 7 18:54 testfile
User B would not be able to write to these files correct?
If so what do I need to do in order to have user admin able to view all these /home/ folders but nobody else.
First of all you need a user "Admin" who will have rwx permissions on all home directories of users A, B, C, D, E. Here I am assuming that your "Admin" user is not root.
You can refer to this link for achieving this functionality.
Now you don't want any of the user A, B, C, D, E to see each others' files, but a Public folder exists in your Home directory (/home/user) for sharing files with other users. If an other user wants to get access to this Public folder, the execute bit for the world should be set on the Home directory.
If you do not need to allow others to access your home folder (other humans or users like www-data for a webserver), you'll be fine with chmod o-rwx "$HOME" (remove read/write/execute from "other", equivalent to chmod 750 "$HOME" since the default permission is 750). Otherwise, you should change the umask setting too to prevent newly created files from getting read permissions for the world by default.
For a system-wide configuration, edit /etc/profile; per-user settings can be configured in ~/.profile. I prefer the same policy for all users, so I'd edit the /etc/profile file and append the line:
umask 027
You need to re-login to apply these changes, unless you're in a shell. In that case, you can run umask 027 in the shell.
Now to fix the existing permissions, you need to remove the read/write/execute permissions from other:
chmod -R o-rwx ~
Now if you decide to share the ~/Public folder to everyone, run the next commands:
chmod o+x ~ - allow everyone to descend in the directory (x), but not get a directory listing (r should not be added)
find ~/Public -type f -exec chmod o+r {} \; - allow everyone to read the files in ~/Public
find ~/Public -type d -exec chmod o+rx {} \; - allow everyone to descend into directories and list their contents
I'm trying to configure my local server htdocs folder to write in it without root powers, but without the ugly way of chmod 777. I created a new group, I set it to the folder, I changed the permissions to 775 and I add my user to this new group. This is the result:
$ ls -ld .
drwxrwxr-x 4 nobody htdocs 4096 ago 27 2009 .
$ id asbel
uid=1000(asbel) gid=1000(asbel) grups=1000(asbel),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),109(lpadmin),124(sambashare),1002(htdocs)
$ touch test
touch: no s’han pogut canviar les dates de «test»: S’ha denegat el permís
The answer of the last command says that I don't have permissions to write here.
What is wrong here? Also, I want that when I create new folders they have same group permissions since I want that other users of the group could modify them. Is it correct?
For the new group to take effect, you must log out and log in again (opening a new shell is not sufficient)
#n.m. (originally a comment to this question)
I am running apache with mod mono and my asp.net app is using mono sqlite as its db. When i refresh the page twice i get the DB is locked error. The folder it is in is chmod 777. The webapp is creating sqlite.db and sqlite.db-journal but it doesnt seem to be able to delete the journal. Also it has problems when i load the page once. It definitely seems to be a permission problem.
i'm confused. What permissions do i need to set these? i tried precreating the files using 777 and had no luck.
-edit- I didnt find a solution however i thought how silly i was being since i was planning to use mysql for my webapp. So i just ported the code and i no longer had issues.
When creating/deleting a file the directory permission matter.
So, if you really want that, you have to set the containing directory's permissions to 777.
Sample:
$ ls -la
total 21
dr-xr-xr-x 2 me me 1024 May 22 19:19 . #no write permissions to directory
drwxrwxrwt 21 root root 19456 May 22 19:19 ..
-rwxrwxrwx 1 me me 0 May 22 19:19 abc #all permissions to file abc
$ rm abc
rm: cannot remove `abc': Permission denied #abc has 777, but deleting doesn't work
$ chmod 777 . #change directoy's permissions
$ rm abc #now removing works
$ ls #file abc is gone
The reason is that when you delete a file, you actually modify the directory and not the file itself.
Think of a hard link: The file itself will not change when you delete one hardlink to it, but the directory changes.
Sounds more like one instance of the session in apache is blocking the other session, i.e. has the db file open exclusively. Try to let the database(model) run as a singleton (or similar) which all sessions access.