chmod configuration in elastic beanstalk - amazon-elastic-beanstalk

I am attempting to restrict access to a few backend folders in an elastic beanstalk environment, but I cannot figure out how to set chmod permissions in an existing environment.
I am aware that there may be a way to do this through the .ebextensions file, but I have been unable to find a resource outlining this process.
How do I restrict folder access to folders and files in my elastic beanstalk environment?
Thank you!

There is a setting you can use in the .ebextenstions file called "files". I haven't tested this with folders though and I am not sure if you can change permissions on already existing files and folders with it.
https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customize-containers-ec2.html#linux-files
You could just add a command that does it though.
commands:
01_set_file_permissions:
command: "chmod 600 /path/to/file"

Related

Openshift 4.6 Node and Master Config Files

Where is the Openshift Master and Node Host Files in v4.6
Previously hosted below in v3
Master host files at /etc/origin/master/master-config.yaml
Node host files at /etc/origin/node/node-config.yaml
You can check your current kubelet configuration using the following procedures instead of the configuration file on the node hosts like OCPv3. Because the kubelet configuration was managed dynamically as of OCPv4.
Further information is here, Generating a file that contains the current configuration.
You can check it using above reference procedures(Generate the configuration file) or oc CLI as follows.
$ oc get --raw /api/v1/nodes/${NODE_NAME}/proxy/configz | \
jq '.kubeletconfig|.kind="KubeletConfiguration"|.apiVersion="kubelet.config.k8s.io/v1beta1"'
These files no longer exist in the same for as in OCP 3. To change anything on the machines themselves, you'll need to create MachineConfigs, as CoreOS is an immutable Operating System. If you change anything manually on the filesystem and reboot the machine, your changes will typically be reset.
To modify Worker Nodes, often the setting you are looking for can be configured via a kubeletConfig: Managing nodes - Modifying Nodes. Note that only certain settings can be changed, others cannot be changed at all.
For the Master Config, it depends on what you want to do, as you will potentially change the setting via a machineConfigPool or for example edit API Server setting via oc edit apiserver cluster. So it depends on what you actually want to change.

How do I modify the defaul graphdb.home directory?

I have installed GraphDB Free v9.3 in LinuxMint 19.3.
The workbench is running fine though I haven't created any repositories yet. This is because I have noticed that although the application is installed at /opt/graphdb-free, the data, conf and log files are in a hidden folder below my home folder: /home/ianpiper/.graphdb/conf (etc).
I would prefer to store these folders on a separate volume, mounted at /mnt/bigdata. In the documentation it suggests that I can set graphdb.home using the graphdb.properties file (though I don't seem to have such a file in my installation) or in the startup script. I think this script might be /opt/graphdb-free/app/bin/setvars.in.sh, and that I could use this to change
-Dgraphdb.home=""
to
-Dgraphdb.home="/mnt/bigdata"
Could a knowledgeable person advise as to whether my understanding is correct, and if so what the best way is to change the location of graphdb.home?
Thanks,
Ian.

az webapp deployment source config choose solution file

I am trying to deploy an app using the following:
az webapp deployment source config --branch master --manual-integration --name myapp --repo-url https://$GITUSERNAME:$GITUSERPASSWORD#dev.azure.com/<Company>/Project/_git/<repo> --resource-group my-windows-resources --repository-type git
The git repo contains 2 .sln solution files and this causes an error when attempting to deploy. Is there any way I can specify which solution file to use? I can seem to find a way in the docs but wondered if there might be a workaround.
I found a solution where you create a .deployment file in the root of the solution with these contents
[config]
project = <PATHTOPROJECT>
command = deploy.cmd
Then a deploy.cmd
nuget.exe restore "<PATHTOSOLUTION>" -MSBuildPath "%MSBUILD_15_DIR%"
The -MSBuildPath may be optional for you

yii2 - All Files and Folders permissions are messed up. What should be the permissions of yii2 framework's directory hierarchy

I moved the complete yii2 installation from one server to another with the help of FileZilla. Sadly, Filezilla don't keep the file permissions by default, and now I'm facing issues with file / directory permissions. I would like to know what's the file permissions for different directories and files in the yii2 directory hierarchy.
You should not transfer the project this way.
Currently it's the era of version control (especially Git) and Composer.
Once you created you project locally and put it under version control, you push it to your main repository and then deploy it to production server.
No need to use Filezilla or something like that.
If your hoster limits you in that, it's better to switch to another one.
In your current situation comparing and setting permissions manually can be very tidious, some of the permissions are set during init command.
So I recommend to deploy it again using version control and Composer instead of struggling with manual permissions setting.
But just in case, I checked production server, most of the folder permissions are 0755, for files - 0644. Folders like runtime, assets have 0777 permissions and set with init command as I mentioned above.
Locally I use Vagrant and pretty much everything here has 0777 permission.

Create an RPM that can also manipulate files and add users

I'm trying to create an RPM in Fedora 15 that will install my software, but in order for my software to work correctly once installed, I also need to edit other (configuration) files on the system, add users/groups, etc. Performing some of these tasks is only allowed by the root user. I know to never create an RPM as the root user, and I understand why that is such a bad idea. However, if I add shell script statements to my spec file (%post, %prep... any section) to edit the necessary files, add users/groups, etc., my rpmbuild command fails with message "Permission denied" (not surprisingly).
What's the best way to handle this? Do I have to tell my users to install my package first, and then perhaps run a shell script as root to configure it all? That doesn't seem very elegant. I was hoping to allow a user to do everything with one simple command such as 'yum install mysoftware'.
Much of my research suggests that perhaps this shouldn't even be done via RPM. I've read many parts of Maximum RPM, and lots of other good resources, but haven't found what I'm looking for. I'm new to creating RPMs, but have already been able to successfully create a simple spec file for my software... I just can't get everything configured properly after the package is unzipped and installed to the correct location. Any input is greatly appreciated!
useradd should be run in %pre and shouldn't run during rpmbuild. That's the standard way of doing it. I would recommend the packaging guidelines and specifically the section on users and groups.
The %pre section of your RPM .spec file should check for all the conditions necessary for your software to install.
The %post section of your RPM .spec file should make all the modifications needed for your software to run.
To avoid file permission errors in the %post section of your RPM .spec file, you can set the file permissions and ownership in the %files section. That way, the user who installs the RPM has the appropriate permissions to modify the configuration files.
%install
# Copy files to directories on your installation server
%files
# Set file permissions and ownership on your installation server
%attr(775, myuser, mygroup) /path/to/my/file
%pre
# Check if custom user 'myuser' exists. If not, create it.
# Check if custom group 'mygroup' exists. If not, create it.
# All other checks here
%post
# Perform post-installation steps here, like editing other (configuration) files.
echo "Installation complete."