EzDevInfo.com

what chmod and owner:group settings are best for a web application?

we are configuring a PHP web application on CentOS and have all our files currently in /var/www/html/project/

Apache is configured to run as apache:apache and has access to the directory above. Right now our files and directories have the following rights:

owner = root group = apache

DIRECTORIES: drwxr-x--- root apache

FILES: -rw-r----- root apache

Is this a safe setup? Or is it better to use a new user e.g. "project" to be the owner of all files and directories?

How to use set-user-ID bit on directories?

I want all files in directory /home/alex/foo to be owned by alex, no matter who creates them. I'm trying this technique, but it doesn't work (on CentOS 5, under root):

$ cd /home/alex
$ mkdir foo
$ chmod u+s foo
$ chown alex foo
$ ls -al . | grep "foo"
drwsr-xr-x  2 alex root      4096 Nov 14 14:18 foo
$ echo "test" > foo/test.txt
$ ls -al foo
total 12
drwsr-xr-x  2 alex root   4096 Nov 14 14:19 .
drwxr-x--- 13 alex root   4096 Nov 14 14:18 ..
-rw-r--r--  1 root root      6 Nov 14 14:19 test.txt

As you see, the file is owned by root, but should be owned by alex. What am I doing wrong?

Chown operation not permitted for root

I try to chown the owner of a file to root, but I can't. I'm doing this as root. I get the following message:

chown: changing ownership of `ps': Operation not permitted

chown on a mounted NFS partition gives "Operation not permitted"

I have a remote partition that i have mounted locally using NFS.

'mount' gives

192.168.3.1:/mnt/storage-pools/ on /pools type nfs (rw,addr=192.168.3.1)

On the server i have in exports:

/mnt/storage-pools   *(rw,insecure,sync,no_subtree_check)

Then I try

 touch /pools/test1
 ls -lah
 -rw-r--r--  1 65534 65534    0 Dec 13 20:56 test1
 chown root.root test1
 chown: changing ownership of `test1': Operation not permitted

What am I missing ? Pulling my hairs out.

How can I reset the permissions of /bin /boot /etc and /dev to orignal owner, Ubuntu?

I accidentally changed the ownership of the /bin, /boot, /etc and /dev recursively to nobody:nogroup using chown when I misplaced a forward slash!

How can I resort the original file ownerships?

I've managed to get them all to root:root but I'm not sure if all the files should be owned by root and if this will break something?

Is they are option to fix file permissions like there is in OS X?

Help!

Limit sudo to only one directory and it's subdirectories by sudoers file

So I would like to limit Apache to only change permissions in a certain folder and all of it's sub-directories, so this is what I have in my sudoers file

apache ALL= (ALL) NOPASSWD: /bin/chmod -R [g+ws] /var/www/sites/[a-z]+

But that does not appear to work. I sure I could get it to work by removing the restriction on the subfolder, but that seems dangerous as it would give a potential hacker unlimited access.

So is there a way to limit apache to only change files and folders within the "sites" folder or am I stuck giving unlimited access with chmod / chown?

Are there any big security holes using this approach?

How to give ownership to root without being root ? (needed for Apache)

I've got a PHP script that creates a folder on my server. This folder is supposed to be accessed via Apache, and users can view it online.

Now if I create this folder while being root, everything works as it should, I can view the html/php when going on the website.

If I create this folder while being the user Apache (or running my script), I can create the folder, put all the files inside but when I got on my webpage, it displays:

You don't have permission to access / on this server.

Now I don't know that much about Apache, but for me the easiest solution is to give ownership of my folder to root. I try typing:

chown root:root /blabla/myfolder

and it writes:

chown: changing ownership of 'myfolder/': Operation not permitted

Why is that ?

Thank you

sshfs permission denied even for root user

I use sshfs to mount a remote folder from another server to the local server. Mounting the remote folder works without a problem using the following command:

sshfs -o allow_other someServerFromSSHConfig:/home/data/somefolder/ /some/local/folder

The problem is that I cannot change the owner of the files using chown (regardless of root permissions) I always get:

chown: changing ownership of ‘/somefolder/file.img’: Permission denied

The user that accesses the folder is member of the fuse group. Even if I add additional mount options in sshfs to set the owner as userx:groupx I cannot change permissions using userx and using chown -R userx:groupx [...]

I expect to be able to set user permissions for files in mounted folders but this is not the case.

Using chown to change the group owner of a directory is not permitted....Why?

I am trying to execute chown on a directory that has the following permissions and owners:

drwxrwxr-x 2 justin devs  4096 Jan  1 20:42 test

I am trying to simply execute the following as the justin user:

chown justin:nginx test

So basically just change the group owner to nginx, but I am getting:

chown: changing ownership of `test/': Operation not permitted

Any ideas?

Unix Group Permissions

I have created a directory and chown to have permissions master:webmaster and chmod the folder to 775 hence group writeable. So why is it i bert as a member of webmaster cant mv the directory or create a file inside the directory.

ls permission denied even with execute permissions

I chowned recusively /srv/site to www-data:www-data and chmodded it recursively with ug+rwx. I then added myself to group www-data.

$ sudo usermod -a -G www-data cyrus
$ sudo chgrp -R www-data /srv/site
$ sudo chmod -R ug+rwX /srv/site

However, why do I still get permission denied?

$ ls /srv/site
ls: cannot open directory /srv/site: Permission denied

$ cd /srv; ls -la   
total 12
drwxr-xr-x  3 root     root     4096 Aug 13 02:42 .
drwxr-xr-x 24 root     root     4096 Aug 11 21:20 ..
drwxrwx--x 10 www-data www-data 4096 Aug 13 02:42 site

Cannot login to Solaris due to chown on /usr directory

Someone ran "chown -R username /usr" and now I have no way of logging into the box to change it back. SSH has been disabled, X Server won't start so I have no graphical GUI, and the console login keeps saying "Login Incorrect" when I try to login. I don't have the exact message next to me, but it says some files within the /usr directory are not owned by root, which leads me to believe the chown was the problem that caused this.

I can change the ownership back if I can just get into the command prompt somehow. Does anyone have any ideas how I could get a command prompt from this?

The box is a Dell T310 server running Solaris 10 (10/09 version).

Cross-group file permissions in Linux

I have 2 users: Alice and Bob and 2 groups: Management and Personnel. Alice has primary group Management, and secondary groups Personnel and Alice. Bob has primary group Personnel and secondary group Bob.

Now they both need read/write access to the local Subversion repository in /var/svn/new-project/. The problem is that when Alice commits to the repository Bob can't commit to it anymore, due to the fact that he's not in Management group, which is Alice's primary group.

My question: how to enable both to read and write to the repository without messing up the permissions, while keeping them in separate primary groups, without chmod'ing the repo dir to 777 and without running a cronjob which fixes the permissions every minute?

Make files editable for guests without using chmod

Sorry if this is the wrong place to post this, or if it has been posted before. I couldn't find anything though.

If I log on to a linux server without supplying a username or password (from windows through samba), what user am I logged on as? The reason I'm asking is because I want to make that user an owner of the files, so that he/she can change the files without the need for me as an administrator to make it writeable to all. I know there is no sense in what I'm trying to do, but it's a very special case scenario. The limitation I have is that I may not change the files through chmod in any way, yet the files needs to be editable by a guest. Is this possible, assuming the files are editable by the owner (755)?

What could cause *every* command in RHEL to be executed by root?

Recently I was asked to look at a system for a "friend" that left me completely stumped. Their original problem stated to me:

1. They have a RHEL 5.10, gnome desktop fairly typical install
2. They are having trouble running a Retina scan
   
   • They claim Retina could not ssh in and start the scan

This is what I found, after checking out their firewall, tcp wrappers, sshd config, sudoers, etc.

Any command you run that references a user appears to always reference root instead. Some examples:

• desktop login as user 'scan' & you are actually logged in as root
• ssh login does the same thing. whoami and who am i both return root
• run chown -R scan.scan /home/scan results in all file ownerships to be = root:scan

There are no sticky bits set on programs in /usr/bin or /bin or /sbin other than what one would normally expect to see.

This problem is so odd, I don't even know what search terms to use.

Half-baked ideas welcome.

@Matthew Ife: The user id of scan is 501, but getent passwd scan returns:

scan:x:0:0::/home/scan:/bin/bash