Before you ask, I tried to search for similar questions, none of them had precisely my problem.
I'm new at this, and I installed Apache2, PHP5, and MySQL5 on a RasPi running Raspbian.
As needed, I put the index.html in /var/www/html and when I type my Pi's IP alone or followed by /index.html, index.html runs its code properly and all elements appear.
Problem: In addition I put my JS and CSS files in that same folder, as well as a few photos to display.
The browser reads the HTML thoroughly, but doesn't load the thereby linked JS and CSS files nor the images. Putting the files in subfolders also didn't help.
When I type in the IP followed by a /style.css (name of my linked CSS file), I get a 403 Forbidden. The errors log also shows this:
file permissions deny server access: /var/www/html/photo.jpg, referer: http://192.168.178.120/
access to /images/dark.jpg denied because search permissions are missing on a component of the path, referer: http://192.168.178.120/
I tried researching this but nothing helped. When my JS and CSS are inside my HTML, everything works fine except the images
Concluded: Apache doesn't allow the browser to load files other than index.html.
Do you know what the issue might be? Is there a specific folder where I should put my other files? Thanks in advance.
Based on the result from ls, your files are not accessible to Apache.
Short answer:
Run the following two commands:
find /var/www/html -type f -exec chmod 644 {} \;
find /var/www/html -type d -exec chmod 755 {} \;
Longer explanation:
pi#raspberrypi:~ $ ls -l /var/www/html
total 2976
-rw------- 1 pi pi 60146 Jul 23 22:11 bnw.jpg
-rw------- 1 pi pi 202851 Jul 23 22:11 color.jpg
-rw------- 1 pi pi 617185 Jul 23 21:27 dark.jpg
-rw------- 1 pi pi 2028727 Jul 23 22:11 effect.jpg
drwx------ 2 pi pi 4096 Jul 23 21:33 images
-rw------- 1 pi pi 2238 Jul 23 22:11 index.css
-rw-r--r-- 1 pi root 1261 Jul 23 22:11 index.html
-rw------- 1 pi pi 108397 Jul 23 22:11 photo.jpg
-rw------- 1 pi pi 538 Jul 23 22:11 script.js
-rw------- 1 pi pi 2238 Jul 23 21:33 style.css
The symbols at the beginning of the line have the following meaning:
d: indicates a directory
r: means the file/directory is readable
w: means the file/directory is writable
x: means the file/directory is executable
-: means none of the above apply
These symbols are grouped as follows:
drwxrwxrwx
^^^ apply to all users on the system
^^^--- apply to all users in the group that owns the file
^^^------ apply to the user that owns the file
Where it says pi pi it's referring to the file's owner: the user pi in the group pi. Your index.html file is an exception, because it's owned by the group root.
That's not really important for now, other than that you need to realise that Apache usually runs as the user www-data in the group www-data. This varies a bit from system to system, but that's the most common. What that means is that for Apache to be able to access a file, it must be made available to either the www-data user or the www-data group (or both).
In your case, the files are owned by the user pi and the group pi (with the exception of index.html, which is owned by the group root. Since Apache is not that user and is most likely not in either of those groups, that means the file permissions for "all users on the system" must be set correctly for Apache to be able to access the file.
As you can see, index.html is set to be readable for all users on the system:
-rw-r--r-- 1 pi root 1261 Jul 23 22:11 index.html
^^^ all users on the system may read from this file, but may not write and may not execute the file
^^^--- all users in the group "root" may read from this file, but may not write and may not execute the file
^^^------ the user "pi" may read from and write to this file, but may not execute the file
All other files, including the images directory, are only accessible to the "pi" user:
-rw------- 1 pi pi 2028727 Jul 23 22:11 effect.jpg
^^^ all users on the system may not read from, write to or execute this file
^^^--- all users in the group "pi" may not read from, write to or execute this file
^^^------ the user "pi" may read from and write to this file, but may not execute it
So for effect.jpg to be made available to Apache, you need to change the file permissions to this:
-rw----r-- 1 pi pi 2028727 Jul 23 22:11 effect.jpg
^^^ all users on the system (including Apache) may read from this file
To do that, you use the chmod command. There are two ways to flip that permission:
chmod o+r effect.jpg
chmod 604 effect.jpg
chmod o+r means "add 'r' permission to the 'other users' category" (you'd use u+r or g+r to change the user or group permissions).
chmod 604 means "set permissions for the user to 6, group to 0 and others to 4" - where the numbers are a binary sum of the permissions: 1 (executable), 2 (writable), 4 (readable).
Directories need a little more work:
drwx------ 2 pi pi 4096 Jul 23 21:33 images
To allow the file system to actually open a directory and read the files within, it needs to be executable for the user that's trying to access its content. So to allow Apache to read any file from this folder, it will need to have the following permissions:
drwx---r-x 2 pi pi 4096 Jul 23 21:33 images
^^^ all users on the system may read from this directory and execute it
To do this, use the same principle:
chmod o+rx images (other users, add readable and executable permissions)
chmod 705 images (set read(4)+write(2)+execute(1) for owner and read(4)+execute(1) for all other users)
Now, although it's not strictly necessary if the owner and group are the same, it is best practice to make sure that the group has the same permissions as the "all other users" category. So instead of giving files 604 (-rw----r--) and folders 705 (drwx---r-x), it's best practice to give them 644 (-rw-r--r--) and 755 (drwxr-xr-x). If you're working in an environment where multiple developers need to be able to modify the files, they should be in the same user group and best practice is to give the group the same permissions as the owner, so 644 (-rw-rw-r--) and 775 (drwxrwxr-x).
Finally, you don't want to have to change all file permissions manually. This particular project seems to be relatively small, but it's still annoying work. Fortunately, we can use the find command to perform a batch update.
find will list the full contents of the given folder, including subfolders, which you can then filter or perform actions on.
find /var/www/html -type f
This will list all entries within /var/www/html or any subfolders that are a regular file.
find /var/www/html -type d
This will list all entries within /var/www/html or any subfolders that are directories.
We can use -exec to tell find to automatically perform a certain command on each file/folder it finds:
find /var/www/html -type f -exec chmod 644 {} \;
The {} is a placeholder where find will put each filename. The \; is needed to inform find that no further arguments for the -exec command will be provided, so we can optionally add other arguments for find itself.
So the above command will fix the permissions for all files, the following command will fix the permissions for all folders:
find /var/www/html -type d -exec chmod 755 {} \;
After that, Apache should have access to all files and folders in /var/www/html. Keep in mind that, every time you create a new file in that folder, you need to check the permissions and fix it if necessary.
Related
I've installed swtpm and added it to a virtual machine using virt-manager (qemu+virsh).
When I'm going to start the machine, a error arises and points to a log file.
The file states:
Need read/write rights on statedir /var/lib/swtpm-localca for user tss.`
The easiest approach I've found is to just give the ownership of that particular folder to that user.
sudo chown -R tss:root /var/lib/swtpm-localca
On my system it has previously stated:
sudo ls -lach /var/lib/swtpm-localca
total 8,0K
drwxr-x--- 2 swtpm root 4,0K Mär 17 11:51 .
drwxr-xr-x 80 root root 4,0K Mär 17 11:51 ..
I do not know what I do break when revoking the user swtmp the access to that folder, but until now it works just smoothly.
I'm trying to debug a page in a web app that keeps crashing Chrome ("Aw, snap!" error). I've enabled/disabled automatic crash reporting, tried logging with google-chrome --enable-logging --v=1, (as well as various levels of verbosity), and all I get is a "crash dump ID" in the chrome_debug.log chrome://crashes Shows all of the dump IDs, but no actual dump file
I see other questions referring to reading the dump files, but I can't find the dump files themselves (just the ID).
Grepping for the crash ID in /tmp and ~/.config/google-chrome/ turns up nothing, but the ~/.config/google-chrome/chrome_debug.log shows that something was sent:
--2015-04-06 11:10:00-- https://clients2.google.com/cr/report
Resolving clients2.google.com (clients2.google.com)... 74.125.228.224, 74.125.228.225, 74.125.228.231, ...
Connecting to clients2.google.com (clients2.google.com)|74.125.228.224|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘/dev/fd/3’
0K
Crash dump id: 7dac9d5d58258264
Any ideas on where to find the actual file/data that's sent?
Details:
Chrome version: 40.0.2214.111 (Official Build)
Linux Mint 16 (Petra)
Edit: Some extra info:
curtis#localhost:-$ tail -n 5 uploads.log && echo $(pwd)
1428584493,ddc357e4600a49e6
1428584497,7ac16455c152381a
1428589439,d00ad6f5e6426f3d
1428934450,66b3f722430511e8
1428939578,7a2efc2b681515d1
/home/curtis/.config/google-chrome/Crash Reports
curtis#localhost:-$ ll -a
total 12
drwx------ 2 curtis curtis 4096 Apr 6 11:32 .
drwx------ 9 curtis curtis 4096 Apr 13 11:43 ..
-rw------- 1 curtis curtis 3291 Apr 13 11:39 uploads.log
Automatic reporting is enabled...
Thanks!
The *.dmp files are stored in /tmp/, and this has nothing to do with the "Automatic crash reporting" checkbox. The file is also not related to the hash stored in ~/.config/google-chrome/
In ~/.config/google-chrome/Crash Reports/uploads.log:
1429189585,5bddea9f7433e3da
From using , the crash dump file for this particular report was:
chromium-renderer-minidump-2113a256de381bce.dmp
Solution:
root#localhost:-$ mkdir /tmp/misc && chmod 777 /tmp/misc
root#localhost:-$ cd /tmp
root#localhost:-$ watch -n 1 'find . -mmin -1 -exec cp {} /tmp/misc/ \;'
Then, as a regular user (not root):
google-chrome --enable-logging --v=1
Once you see files created by the watch command, run:
root#localhost:-$ ls -l
-rw------- 1 root root 230432 Apr 16 09:06 chromium-renderer-minidump-2113a256de381bce.dmp
-rw------- 1 root root 230264 Apr 16 09:12 chromium-renderer-minidump-95889ebac3d8ac81.dmp
-rw------- 1 root root 231264 Apr 16 09:13 chromium-renderer-minidump-da0752adcba4e7ca.dmp
-rw------- 1 root root 236246 Apr 16 09:12 chromium-upload-56dc27ccc3570a10
-rw------- 1 root root 237247 Apr 16 09:13 chromium-upload-5cebb028232dd944
Now you can use breakpad to work on the *.dmp files.
Google Chrome - Crash Dump Location
To generate the Crash Dump locally,
CHROME_HEADLESS=1 google-chrome
The .dmp files are then stored in ~/.config/google-chrome/Crash Reports
Produce Stack Trace
Check out and add depot_tools to your PATH (used to build breakpad)
git clone https://chromium.googlesource.com/chromium/tools/depot_tools
export PATH=`pwd`/depot_tools:"$PATH"
Check out and build breakpad (using fetch from depot_tools)
mkdir breakpad && cd breakpad
fetch breakpad
cd src
./config && make
To produce stack trace without symbols:
breakpad/src/processor/minidump_stackwalk -m /path/to/minidump
More here https://www.chromium.org/developers/decoding-crash-dumps
Personally Preferred Method
Enable crash reporting:
Chrome menu > Settings > Show advanced settings > Tick "Automatically send usage statistics and crash reports to Google"
Go to chrome://crashes > File bug > Takes you to crbug.com > Complete
report leaving the auto-added report_id field unchanged.
Someone from the Chrome/Chromium team will follow up. They can provide
you with your stack trace and aid at resolving the issue.
I'm running django on Digital Ocean with gunicorn and nginx. Gunicorn for serving the django and nginx for static files.
Upon uploading a file via website, I cant save to a folder in /home directory. I get [Errno 13] Permission denied.
Please, how do I make the web server to be able have read write access to any arbitrary folder anywhere under /home?
This all depends on the user that your application is running as.
If you check ps aux | grep gunicorn which user the Gunicorn server is running your app as then you can change the chmod or chown permissions accordingly.
ls -lash will show you which user current only owns the folder and what permissions are on the folder you are trying to write to:
4.0K drwxrwx--- 4 username username 4.0K Dec 9 14:11 uploads
You can then use this to check for any issues.
Some docs on changing ownership and permissions
http://linux.die.net/man/1/chmod
http://linux.die.net/man/1/chown
I would advise being very careful to what locations on your disk you give access for the web server to read/write from. This can have massive security implications.
Well, I worked on this issue for more than a week and finally was able to FIGURE IT OUT.
Please follow links from digital ocean , but they did not pinpoint important issues one which includes
no live upstreams while connecting to upstream
*4 connect() to unix:/myproject.sock failed (13: Permission denied) while connecting to upstream
gunicorn OSError: [Errno 1] Operation not permitted
*1 connect() to unix:/tmp/myproject.sock failed (2: No such file or directory)
etc.
These issues are basically permission issue for connection between Nginx and Gunicorn.
To make things simple, I recommend to give same nginx permission to every file/project/python program you create.
To solve all the issue follow this approach:
First thing is :
Log in to the system as a root user
Create /home/nginx directory.
After doing this, follow as per the website until Create an Upstart Script.
Run chown -R nginx:nginx /home/nginx
For upstart script, do the following change in the last line :
exec gunicorn --workers 3 --bind unix:myproject.sock -u nginx -g nginx wsgi
DONT ADD -m permission as it messes up the socket. From the documentation of Gunicorn, when -m is default, python will figure out the best permission
Start the upstart script
Now just go to /etc/nginx/nginx.conf file.
Go to the server module and append:
location / {
include proxy_params;
proxy_pass http<>:<>//unix:/home/nginx/myproject.sock;
}
REMOVE <>
Do not follow the digitalocean aricle from here on
Now restart nginx server and you are good to go.
Change the owner of /home
See actual owner $ ls -l /
f1 f2 f3 f4 f5 f6 f6 f8 f9 f10
- rwx r-x r-x 1 root root 209 Mar 30 17:41 /home
https://www.garron.me/en/go2linux/ls-file-permissions.html
f2 Owner permissions over the file or directory
f3 Group permissions over the file or directory
f4 Everybody else permissions over the file or directory
f6 The user that owns the file or directory
Change folder owner recursively sudo chown -R ubuntu /home/ substitute ubuntu with a non-root user.
Good practices
Use a subdirectory home/ubuntu as server directory, ubuntu folder have ubuntu user as owner.
Set user-owner permissions to all. Your group and other users to read-only sudo chmod -R 744 /home/ubuntu/
I changed the ownership of the file which is containing my images
chown -R www-data: /myproject/media/mainsite/images
Change the path accordingly and also restart server. In my case its apache2 so
sudo service apache2 restart
In my case it was something very simple that was generating a similar error, I just had to check the user who controlled Gunicorn and the user who controlled NGINX, they had different permissions.
I installed owncloud 7.0.3 on a Raspberry Pi per instructions given in the admin manual. I then created an external folder under /media/owncloud/data on an USB drive. And moved /var/www/owncloud/data directory to this directory. Then I set up the ownership of this directory by (all after setting sudo -i at $ prompt)
chown -R www-data:www-data /media/owncloud/data/
and also did
chmod -R 0777 /media/owncloud/data/
But
stat ./data
reports
File: `./data'
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 801h/2049d Inode: 72 Links: 1
Access: (0700/drwx------) Uid: ( 1000/ pi) Gid: ( 1000/ pi)
Access: 2014-11-29 14:06:05.328198000 -0500
Modify: 2014-11-29 13:27:25.436161000 -0500
Change: 2014-11-29 13:27:25.436161000 -0500
Therefore when I try to login to owncloud on my browser I get
"Can't create or write into the data directory /media/owncloud/data
How can I make the ./data directory writable so that owncloud starts successfully?
Thank you.
On an Amazon EC2 (uname -r gives "3.4.37-40.44.amzn1.x86_64", which I hear is based on Cent OS) I tried installing:
yum install mysql
yum install mysql-devel
And even
yum install mysql-libs
(Due to this thread.)
I'm trying to compile a program and link the MySQL libraries to it. This works fine on my Mac, (but the Mac has libmysqlclient.a). libmysqlclient.a is absolutely nowhere to be found on this machine. All it has is libmysqlclient.so, and many versions of it too.
$ sudo find / -name libmysqlclient*
Gives
/usr/lib64/mysql/libmysqlclient_r.so
/usr/lib64/mysql/libmysqlclient.so
/usr/lib64/mysql/libmysqlclient.so.18
/usr/lib64/mysql/libmysqlclient.so.18.0.0
/etc/alternatives/libmysqlclient
/etc/alternatives/libmysqlclient_r
And
ls -l /usr/lib64/mysql
Gives
lrwxrwxrwx 1 root root 34 Apr 11 19:21 libmysqlclient_r.so -> /etc/alternatives/libmysqlclient_r
lrwxrwxrwx 1 root root 32 Apr 11 19:21 libmysqlclient.so -> /etc/alternatives/libmysqlclient
lrwxrwxrwx 1 root root 24 Apr 11 18:24 libmysqlclient.so.18 -> libmysqlclient.so.18.0.0
-rwxr-xr-x 1 root root 2983360 Mar 14 10:09 libmysqlclient.so.18.0.0
-rwxr-xr-x 1 root root 11892 Mar 14 09:12 mysqlbug
-rwxr-xr-x 1 root root 7092 Mar 14 10:08 mysql_config
So the only real file is libmysqlclient.so.18.0.0.
The compiler command:
g++ main.cpp -L/usr/lib64/mysql -lmysqlclient.so.18.0.0
Fails with
/usr/bin/ld: cannot find -lmysqlclient.so.18.0.0
collect2: ld returned 1 exit status
So somebody is lying or I got completely ripped off at the YUM repo and was not given my libmysqlclient.a like I was supposed to.
(I avoided using the many symlinks on the system so I could eliminate possible issues).
bobobobo! You are so wrong.
First of all, you don't need a libmysqlclient.a file, when you have the .so file. The .a file is for static linking, .so file for dynamic linking.. .so files are decidely better and make you cool.
The problem you get when you try and compile without library link is
g++ main.cpp
Gives
undefined reference to `mysql_init'
But that can be fixed with
g++ main.cpp `mysql_config --cflags --libs`
When you use .so, they are linked a run-time. This makes your compiled code smaller. Not usually big deal these days. The really great feature is that when you update your system, and the library gets updated, you will link in the new (and hopefully) better library. The updates often contain bug fixes and security fixes. Possibly performance improvements. Therefore they make your code more cool and, indirectly, make you a little bit more cool.