I have a samba network. Authentication is done using winbind and uses login successfully.
Home folder is mount with no problem, but users don't have access to mounted subfolders:
/home/user -> user home
/home/dept -> shared files
If I login as root and "su"; I can access to /home/user/dept with no problem. I think the problem is in mount options, but I cannot find it.
My pam_mount.conf.xml is:
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE pam_mount SYSTEM "pam_mount.conf.xml.dtd">
<pam_mount>
<path>/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin</path>
<mntoptions allow="nosuid,nodev,loop,encryption,fsck,nonempty,allow_root,allow_other" />
<logout wait="0" hup="0" term="0" kill="0" />
<mkmountpoint enable="1" remove="true" />
<volume options="user=%(DOMAIN_USER),domain=DOMAIN" fstype="cifs" server="192.168.1.5" path="%(DOMAIN_USER)" mountpoint="/home/%(USER)"></volume>
<volume options="user=%(DOMAIN_USER),domain=DOMAIN" fstype="cifs" server="192.168.1.5" path="dept" mountpoint="/home/%(USER)/dept"></volume>
</pam_mount>
Any hint/idea?
It is a samba problem, because when I mount a folder using sudo I loose execution permission to the folder:
user#computer:~$ ls -l | grep shared
drwxrwx--- 2 user domain users 0 Dec 12 16:34 shared
user#computer:~$ sudo mount -t cifs //192.168.1.5/shared /home/user/shared -o user=user,domain=DOMAIN,uid=15002,gid=15000,rw,iocharset=utf8
Password:
user#computer:~$ ls -l | grep shared
drw-rwx---+ 43 user domain users 0 Dec 22 10:34 shared
user#computer:~$ sudo umount shared
There is two ways.
1) install cifs-utils (if it's not already done) and try:
# mount.cifs //your.server.name/path /mnt/yourfolder -o username=your_name,password=you_password,uid=YOURDOMAIN\\your_name
"uid" is immportant. This way works in my network.
2) Set your domain as default domain during logging and setup pam_mount.conf.xml simply like that:
<volume user="*" fstype="cifs" server="192.168.1.5" path="%(DOMAIN_USER)" mountpoint="~/folder_name">
My question is how to setup chmod for ~/folder_name in mountpoint?
Related
I've installed swtpm and added it to a virtual machine using virt-manager (qemu+virsh).
When I'm going to start the machine, a error arises and points to a log file.
The file states:
Need read/write rights on statedir /var/lib/swtpm-localca for user tss.`
The easiest approach I've found is to just give the ownership of that particular folder to that user.
sudo chown -R tss:root /var/lib/swtpm-localca
On my system it has previously stated:
sudo ls -lach /var/lib/swtpm-localca
total 8,0K
drwxr-x--- 2 swtpm root 4,0K Mär 17 11:51 .
drwxr-xr-x 80 root root 4,0K Mär 17 11:51 ..
I do not know what I do break when revoking the user swtmp the access to that folder, but until now it works just smoothly.
UPDATE** The screenshot is within atom, but when I navigate to the directory using the file explorer, and right click, the option to rename or create a new folder are restricted and I cannot click on them.
I just finished setting up the LAMP stack on my fresh UBUNTU 18.04 installation. I have everything working, the default /var/www/html/index.html page from Apache2 is being served on localhost, no port forwarding or any unique domain name, i just wanna run this on my network from my computer for now.
If there is a simple way to create multiple websites and easily choose which folder to serve than that's fine, but I want to serve just one website for now.
When I go to my /var/www/html folder and try to edit the index.html file it says permission denied. What do I need to do in order to work inside this directory for the remaining time that I am building the website. I am signed in as the root user on my system.
Also, if I do change permissions to allow me to work in this directory, what does it mean for people trying to access my server if it was available to the public. (RIGHT NOW JUST ON LOCALHOST).
Lemme know if you need more info or explanation thanks!
sudo chown -R $USER:$USER /var/www
this works, it changes the owner to my user instead of root user. I still don't understand because my user already had sudo rights and all those permissions. It was the user I created during the ubuntu18.04 setup, so there shouldn't be an issue, or idk.
File ownership issues can be fixed at the command line by typing:
sudo chmod 777 /var/www/html -R
One caveat from
turnkeyLinux.com:
Changing file permissions is a trade off
(often increasing security reduces user-friendliness and/or
usability). For security 'best practice' only the folders that require
write access by the webserver should be owned by the webserver.
If your webserver has write access everywhere and your server
is compromised it makes it easier to hack your WordPress install) but
for ease of use giving the webserver ownership should resolve all your
issues...
This article on Understanding File Permissions was great, too.
This will help you.
sudo chgrp -R www-data /var/www/html
sudo gpasswd -a username www-data
sudo chmod -R 777 /var/www/html
The permission error is occurring because the folder does not have the rights and rights are reserved with different user. (you can inspect this by doing ls -l folderName)
The solution for your problem can be handled in different ways following are the few :
WAY1:
Find out who is running apache by running the command apachectl
-S
Locate the user name (say www-data)
Change the ownership of your folder as chown -R www-data:www-data /var/www/html (this will allow only your apache
to play with files)
Run the following command ln -s /var/www/html /home/username/html (this will create a soft link for your folder,
where you can edit/delete/read which will reflect on your apache)
WAY2:
goto /var/www/
sudo chown -R www-data:${USER} html
(Now both apache and your loged-in user will have rights to play with file).
If you are not root or you don't have a permission on some things(folder,files..), know that your actions are limited.
Take folder as example:
first of all verify permissions of your folder
==>ls -ld linkto/folder
and after give it a permissions it need or type the command bellow to add all permissions
==>sudo chmod -R 777 /var/www/html
verify permissions of your folder again if it is correct then try to copy again
Just write
And give read and write rights to the folder ( not user )
Try the following the command
For Read and Write:
sudo chmod -R a+rw /var/www
For Read, Write and Execute:
sudo chmod -R a+rwx /var/www
Edit the file as root. Or better yet fix your permissions so you don’t have to worry.
I'm running django on Digital Ocean with gunicorn and nginx. Gunicorn for serving the django and nginx for static files.
Upon uploading a file via website, I cant save to a folder in /home directory. I get [Errno 13] Permission denied.
Please, how do I make the web server to be able have read write access to any arbitrary folder anywhere under /home?
This all depends on the user that your application is running as.
If you check ps aux | grep gunicorn which user the Gunicorn server is running your app as then you can change the chmod or chown permissions accordingly.
ls -lash will show you which user current only owns the folder and what permissions are on the folder you are trying to write to:
4.0K drwxrwx--- 4 username username 4.0K Dec 9 14:11 uploads
You can then use this to check for any issues.
Some docs on changing ownership and permissions
http://linux.die.net/man/1/chmod
http://linux.die.net/man/1/chown
I would advise being very careful to what locations on your disk you give access for the web server to read/write from. This can have massive security implications.
Well, I worked on this issue for more than a week and finally was able to FIGURE IT OUT.
Please follow links from digital ocean , but they did not pinpoint important issues one which includes
no live upstreams while connecting to upstream
*4 connect() to unix:/myproject.sock failed (13: Permission denied) while connecting to upstream
gunicorn OSError: [Errno 1] Operation not permitted
*1 connect() to unix:/tmp/myproject.sock failed (2: No such file or directory)
etc.
These issues are basically permission issue for connection between Nginx and Gunicorn.
To make things simple, I recommend to give same nginx permission to every file/project/python program you create.
To solve all the issue follow this approach:
First thing is :
Log in to the system as a root user
Create /home/nginx directory.
After doing this, follow as per the website until Create an Upstart Script.
Run chown -R nginx:nginx /home/nginx
For upstart script, do the following change in the last line :
exec gunicorn --workers 3 --bind unix:myproject.sock -u nginx -g nginx wsgi
DONT ADD -m permission as it messes up the socket. From the documentation of Gunicorn, when -m is default, python will figure out the best permission
Start the upstart script
Now just go to /etc/nginx/nginx.conf file.
Go to the server module and append:
location / {
include proxy_params;
proxy_pass http<>:<>//unix:/home/nginx/myproject.sock;
}
REMOVE <>
Do not follow the digitalocean aricle from here on
Now restart nginx server and you are good to go.
Change the owner of /home
See actual owner $ ls -l /
f1 f2 f3 f4 f5 f6 f6 f8 f9 f10
- rwx r-x r-x 1 root root 209 Mar 30 17:41 /home
https://www.garron.me/en/go2linux/ls-file-permissions.html
f2 Owner permissions over the file or directory
f3 Group permissions over the file or directory
f4 Everybody else permissions over the file or directory
f6 The user that owns the file or directory
Change folder owner recursively sudo chown -R ubuntu /home/ substitute ubuntu with a non-root user.
Good practices
Use a subdirectory home/ubuntu as server directory, ubuntu folder have ubuntu user as owner.
Set user-owner permissions to all. Your group and other users to read-only sudo chmod -R 744 /home/ubuntu/
I changed the ownership of the file which is containing my images
chown -R www-data: /myproject/media/mainsite/images
Change the path accordingly and also restart server. In my case its apache2 so
sudo service apache2 restart
In my case it was something very simple that was generating a similar error, I just had to check the user who controlled Gunicorn and the user who controlled NGINX, they had different permissions.
I installed owncloud 7.0.3 on a Raspberry Pi per instructions given in the admin manual. I then created an external folder under /media/owncloud/data on an USB drive. And moved /var/www/owncloud/data directory to this directory. Then I set up the ownership of this directory by (all after setting sudo -i at $ prompt)
chown -R www-data:www-data /media/owncloud/data/
and also did
chmod -R 0777 /media/owncloud/data/
But
stat ./data
reports
File: `./data'
Size: 4096 Blocks: 8 IO Block: 4096 directory
Device: 801h/2049d Inode: 72 Links: 1
Access: (0700/drwx------) Uid: ( 1000/ pi) Gid: ( 1000/ pi)
Access: 2014-11-29 14:06:05.328198000 -0500
Modify: 2014-11-29 13:27:25.436161000 -0500
Change: 2014-11-29 13:27:25.436161000 -0500
Therefore when I try to login to owncloud on my browser I get
"Can't create or write into the data directory /media/owncloud/data
How can I make the ./data directory writable so that owncloud starts successfully?
Thank you.
I am new to the database world and I ran into some problems....
My hard disk on my Mac says I have less than 8gb left of free space. For this reason, I would like to move my MySQL data directory to an external network drive called ls-xld4c.
I have been trying to follow the rules to do so via http://mailsteward.com/nickstek/?p=22
As noted from step 3 from the link above:
I copied the /usr/local/mysql/data directory and all of its files and subdirectories to the
new location at /Volumes/share/MYSQL
So here is what i typed in my terminal:
cd /Volumes/share/MYSQL
cp -R /usr/local/mysql/data
which returns the following: ( i do not know what this means)
usage: cp [-R [-H | -L | -P]] [-fi | -n] [-apvX] source_file target_file
cp [-R [-H | -L | -P]] [-fi | -n] [-apvX] source_file ... target_directory
Here is some info that might be handy:
1) Server version: 5.6.17 MySQL Community Server (GPL)
2) Where my external drive is located: /Volumes/share
-The network drive is called ls-xld4c and is 1TB in size(I don't know if that is relevant)
The specific folder I want to put the directory reads that it is found in...
Server : smb://ls-xld4c/share/MYSQL , however /Volumes/share/MYSQL shows that it is a valid directory
3) I do not have a password and the user is root
You have almost done it. The error is flagged because you have not specified the destination directory which should be your current working directory. Please use CO command as:
cp -R /usr/local/mysql/data .
The ending dot means current directory which you have already set by using:
cd /Volumes/share/MYSQL
By the way, the following steps are required:
Stop MySQL service.
Copy data files from the directory as specified in "my.cnf" or "my.inf" (in case of windows).
Paste data to destination dir.
Change "my.cnf" or "my.inf" such as the "datadir" entry specifies the destination path.
Restart MySQL.
1. Stop MySQL
sudo /etc/init.d/mysql stop
2. Change Data Directory
sudo cp -R -p /var/lib/mysql /newlocation
3. Edit MySQL default configuration file
sudo vim /etc/mysql/mysql.conf.d/mysqld.cnf
change 'datadir' to /newlocation
sudo vim /etc/apparmor.d/usr.sbin.mysqld
change '/var/lib/mysql' two-entries to /newlocation
4. Start MySQL
sudo /etc/init.d/mysql restart
On macOS Big Sur, MySQL installer used to install MySQL:
Go to System Preferences > MySQL > click on Stop MySQL Server
In configuration tab, you can see current Data Directory
Copy data folder to your destination directory
Change "Data Directory" address to your destination address > then Apply
Go to System Preferences > Security & Privacy > Privacy > Full Disk Access and make sure "mysqld" is checked here
Go to System Preferences > MySQL > click on Start MySQL Server
if you do not do step 5, the service won't start back.
hope it helps for those with permission issues