I installed owncloud 7.0.3 on a Raspberry Pi per instructions given in the admin manual. I then created an external folder under /media/owncloud/data on an USB drive. And moved /var/www/owncloud/data directory to this directory. Then I set up the ownership of this directory by (all after setting sudo -i at $ prompt)
chown -R www-data:www-data /media/owncloud/data/
and also did
chmod -R 0777 /media/owncloud/data/
But
stat ./data
reports
File: `./data'
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 801h/2049d Inode: 72 Links: 1
Access: (0700/drwx------) Uid: ( 1000/ pi) Gid: ( 1000/ pi)
Access: 2014-11-29 14:06:05.328198000 -0500
Modify: 2014-11-29 13:27:25.436161000 -0500
Change: 2014-11-29 13:27:25.436161000 -0500
Therefore when I try to login to owncloud on my browser I get
"Can't create or write into the data directory /media/owncloud/data
How can I make the ./data directory writable so that owncloud starts successfully?
Thank you.
Related
I've installed swtpm and added it to a virtual machine using virt-manager (qemu+virsh).
When I'm going to start the machine, a error arises and points to a log file.
The file states:
Need read/write rights on statedir /var/lib/swtpm-localca for user tss.`
The easiest approach I've found is to just give the ownership of that particular folder to that user.
sudo chown -R tss:root /var/lib/swtpm-localca
On my system it has previously stated:
sudo ls -lach /var/lib/swtpm-localca
total 8,0K
drwxr-x--- 2 swtpm root 4,0K Mär 17 11:51 .
drwxr-xr-x 80 root root 4,0K Mär 17 11:51 ..
I do not know what I do break when revoking the user swtmp the access to that folder, but until now it works just smoothly.
I am unable to change the ownership of a directory, under a mounted drive.
Already tried sudo chown mysql:mysql /personal/mysql and sudo chmod --reference=/var/lib/mysql /personal/mysql.
However, the mysql directory i.e., /personal/mysql is owned by root.
ls -la /personal/mysql | grep mysql
drwxrwxrwx 1 root root 4096 Oct 29 06:32 mysql
You need to specify the uid and gid as options when you create the initial mount using the mount command. The uid and gid can be found by running the id command:
So for example, if:
id mysql
returns:
uid=10171(mysql) gid=10171(mysql)
Run mount with:
mount -type ... //...... /path/to/dir -o uid=10171,gid=10171,....
Ok, i'm following official Mysql docs to enable encryption on a mysql database on docker:
Using the keyring_file File-Based Plugin
Keyring Plugin Installation
keyring_file_data
So here's what i've done:
added early-plugin-load and keyring_file_data to /etc/mysql/my.cnf (i used echo stuff >> file since mysql docker image has no text editor), so now it is:
[mysqld]
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
datadir = /var/lib/mysql
secure-file-priv= NULL
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Custom config should go here
!includedir /etc/mysql/conf.d/
early-plugin-load=keyring_file.so
keyring_file_data=/usr/local/mysql/mysql-keyring/keyring
created keyring file with
cd /usr/local/mysql
mkdir mysql-keyring
chmod 750 mysql-keyring
chown mysql mysql-keyring
chgrp mysql mysql-keyring
restarted container to restart mysql
connected to mysql and checked plugin availability (whith no luck) with
mysql> SELECT PLUGIN_NAME, PLUGIN_STATUS
FROM INFORMATION_SCHEMA.PLUGINS
WHERE PLUGIN_NAME LIKE 'keyring%';
Checked the logs for errors:
2020-03-15T12:30:08.669015Z 0 [ERROR] [MY-011370] [Server] Plugin keyring_file reported: 'File '/usr/local/mysql/mysql-keyring/keyring' not found (OS errno 20 - Not a directory)'
2020-03-15T12:30:08.669036Z 0 [ERROR] [MY-011355] [Server] Plugin keyring_file reported: 'keyring_file initialization failure. Please check if the keyring_file_data points to readable keyring file or keyring file can be created in the specified location. The keyring_file will stay unusable until correct path to the keyring file gets provided'
2020-03-15T12:30:08.669053Z 0 [ERROR] [MY-010202] [Server] Plugin 'keyring_file' init function returned error.
So it look like that i correctly enabled the plugin, but something is wrong with the file.
Am i missing some steps?
keyring file
root#8c3670db35d4:/# ls -la /usr/local/mysql/mysql-keyring/
total 8
drwxr-s--- 2 mysql mysql 4096 Mar 15 12:34 .
drwxr-sr-x 3 root staff 4096 Mar 15 12:33 ..
-rw-r----- 1 mysql mysql 0 Mar 15 12:34 keyring
Are you sure you created the keyring file correctly inside the container ? This is how I was able to achieve the above with a correctly crafted Dockerfile.
Create a folder for your image project (use whatever folder you like)
mkdir /tmp/testMysqlKeyring
cd /tmp/testMysqlKeyring
Create a mysql keyring dropin configuration file keyring.cnf with the following content:
[mysqld]
early-plugin-load=keyring_file.so
keyring_file_data=/usr/local/mysql/mysql-keyring/keyring
Create a Dockerfile with the following content
FROM mysql:8
# Place the dropin config file in the relevant folder
COPY keyring.cnf /etc/mysql/conf.d/
# Create the keyring folder and adapt perms
RUN mkdir -p /usr/local/mysql/mysql-keyring && \
chmod 750 /usr/local/mysql/mysql-keyring && \
chown mysql.mysql /usr/local/mysql/mysql-keyring
Build image from the above configuration:
docker build -t file_keyringed_mysql:latest .
Run a container from that image (you will adapt with your exact volumes and environment later...)
docker run -d --rm --name my_keyring_test -e MYSQL_ALLOW_EMPTY_PASSWORD=true file_keyringed_mysql:latest
Check that plugin is correctly installed inside the container
$ docker exec my_keyring_test mysql -e "SELECT PLUGIN_NAME, PLUGIN_STATUS FROM INFORMATION_SCHEMA.PLUGINS WHERE PLUGIN_NAME LIKE 'keyring%';"
PLUGIN_NAME PLUGIN_STATUS
keyring_file ACTIVE
I'm running django on Digital Ocean with gunicorn and nginx. Gunicorn for serving the django and nginx for static files.
Upon uploading a file via website, I cant save to a folder in /home directory. I get [Errno 13] Permission denied.
Please, how do I make the web server to be able have read write access to any arbitrary folder anywhere under /home?
This all depends on the user that your application is running as.
If you check ps aux | grep gunicorn which user the Gunicorn server is running your app as then you can change the chmod or chown permissions accordingly.
ls -lash will show you which user current only owns the folder and what permissions are on the folder you are trying to write to:
4.0K drwxrwx--- 4 username username 4.0K Dec 9 14:11 uploads
You can then use this to check for any issues.
Some docs on changing ownership and permissions
http://linux.die.net/man/1/chmod
http://linux.die.net/man/1/chown
I would advise being very careful to what locations on your disk you give access for the web server to read/write from. This can have massive security implications.
Well, I worked on this issue for more than a week and finally was able to FIGURE IT OUT.
Please follow links from digital ocean , but they did not pinpoint important issues one which includes
no live upstreams while connecting to upstream
*4 connect() to unix:/myproject.sock failed (13: Permission denied) while connecting to upstream
gunicorn OSError: [Errno 1] Operation not permitted
*1 connect() to unix:/tmp/myproject.sock failed (2: No such file or directory)
etc.
These issues are basically permission issue for connection between Nginx and Gunicorn.
To make things simple, I recommend to give same nginx permission to every file/project/python program you create.
To solve all the issue follow this approach:
First thing is :
Log in to the system as a root user
Create /home/nginx directory.
After doing this, follow as per the website until Create an Upstart Script.
Run chown -R nginx:nginx /home/nginx
For upstart script, do the following change in the last line :
exec gunicorn --workers 3 --bind unix:myproject.sock -u nginx -g nginx wsgi
DONT ADD -m permission as it messes up the socket. From the documentation of Gunicorn, when -m is default, python will figure out the best permission
Start the upstart script
Now just go to /etc/nginx/nginx.conf file.
Go to the server module and append:
location / {
include proxy_params;
proxy_pass http<>:<>//unix:/home/nginx/myproject.sock;
}
REMOVE <>
Do not follow the digitalocean aricle from here on
Now restart nginx server and you are good to go.
Change the owner of /home
See actual owner $ ls -l /
f1 f2 f3 f4 f5 f6 f6 f8 f9 f10
- rwx r-x r-x 1 root root 209 Mar 30 17:41 /home
https://www.garron.me/en/go2linux/ls-file-permissions.html
f2 Owner permissions over the file or directory
f3 Group permissions over the file or directory
f4 Everybody else permissions over the file or directory
f6 The user that owns the file or directory
Change folder owner recursively sudo chown -R ubuntu /home/ substitute ubuntu with a non-root user.
Good practices
Use a subdirectory home/ubuntu as server directory, ubuntu folder have ubuntu user as owner.
Set user-owner permissions to all. Your group and other users to read-only sudo chmod -R 744 /home/ubuntu/
I changed the ownership of the file which is containing my images
chown -R www-data: /myproject/media/mainsite/images
Change the path accordingly and also restart server. In my case its apache2 so
sudo service apache2 restart
In my case it was something very simple that was generating a similar error, I just had to check the user who controlled Gunicorn and the user who controlled NGINX, they had different permissions.
I have a samba network. Authentication is done using winbind and uses login successfully.
Home folder is mount with no problem, but users don't have access to mounted subfolders:
/home/user -> user home
/home/dept -> shared files
If I login as root and "su"; I can access to /home/user/dept with no problem. I think the problem is in mount options, but I cannot find it.
My pam_mount.conf.xml is:
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<pam_mount>
<path>/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin</path>
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
<logout wait="0" hup="0" term="0" kill="0" />
<mkmountpoint enable="1" remove="true" />
<volume options="user=%(DOMAIN_USER),domain=DOMAIN" fstype="cifs" server="192.168.1.5" path="%(DOMAIN_USER)" mountpoint="/home/%(USER)"></volume>
<volume options="user=%(DOMAIN_USER),domain=DOMAIN" fstype="cifs" server="192.168.1.5" path="dept" mountpoint="/home/%(USER)/dept"></volume>
</pam_mount>
Any hint/idea?
It is a samba problem, because when I mount a folder using sudo I loose execution permission to the folder:
user#computer:~$ ls -l | grep shared
drwxrwx--- 2 user domain users 0 Dec 12 16:34 shared
user#computer:~$ sudo mount -t cifs //192.168.1.5/shared /home/user/shared -o user=user,domain=DOMAIN,uid=15002,gid=15000,rw,iocharset=utf8
Password:
user#computer:~$ ls -l | grep shared
drw-rwx---+ 43 user domain users 0 Dec 22 10:34 shared
user#computer:~$ sudo umount shared
There is two ways.
1) install cifs-utils (if it's not already done) and try:
# mount.cifs //your.server.name/path /mnt/yourfolder -o username=your_name,password=you_password,uid=YOURDOMAIN\\your_name
"uid" is immportant. This way works in my network.
2) Set your domain as default domain during logging and setup pam_mount.conf.xml simply like that:
<volume user="*" fstype="cifs" server="192.168.1.5" path="%(DOMAIN_USER)" mountpoint="~/folder_name">
My question is how to setup chmod for ~/folder_name in mountpoint?