I need help with adding ACL on the mounted directory.
My ultimate goal here is to set default permission for files and subdirectories.
Many people suggestes using "setfacl" function, so I tried using it as
setfacl setfacl -d -m g::rwx /SharedA/dirA/dir1
However, I've got error message of
setfacl: /SharedA/dirA/dir1: Operation not supported
SharedA is an shared directory mounted on the server using the line in /etc/fstab as shown below.
IPADDR:/volume4/SharedA /SharedA nfs defaults 0 0
Therefore, I added acl after defaults as shown below
IPADDR:/volume4/SharedA /SharedA nfs defaults,acl 0 0
and remount them using without any error.
sudo mount -o remount /SharedA
However, it does not seem to be working still.
The server is built on CentOS7. Would anybody know what I should try?
I hope I've provided enough info. Please advise.
Thank you!
Related
Looking at several resources I have tried a variety of unsuccessful mount commands to try to be able to chown on a mounted smb/cifs share. My current iteration looks like this
sudo mount -t cifs //192.168.0.1/g /mnt/network -o user=user,uid=1001,gid=1001,vers=1.0,file_mode=0777,dir_mode=0777
followed by
sudo chown 1001:1001 /mnt/network/storage
This produces the following error that I can't seem to get around
chown: changing ownership of '/mnt/network/storage': Permission denied
I've tried gid=0,uid=0 anduser=root
Any insight into what I'm doing wrong or how to make this work would be much appreciated as so far what I've found online doesn't work, Thanks in advance!
I am running on ubuntu 21.04 and some raspberry pi's also running ubuntu (trying to access the same mounted directory which is on an external ssd)
Problem:
httpd is unable to write to /var/www/tmp because it is being blocked by SELinux.
Description: A PDF report library which I'm using to download reports from my website is throwing 'Permission Denied' errors since it is unable to write to /var/www/tmp. I have set the tmp folder location of php to /var/www/tmp. The /var/www/tmp is owned by apache. Also its context has been set to httpd_sys_rw_content_t. Still httpd is unable to write in this directory.
What am I missing?
I have set the context and permissions using below commands.
chown -R apache:apache /var/www/tmp
semanage fcontext -a httpd_sys_rw_content_t "/var/www/tmp(/.*)?"
What may be going wrong? Please note, I don't wish to disable SELinux.
I believe -t flag should be added in semanage command to specify the type. After that apply the changes using restorecon -v
I have a problem whith my installation of docker. When I launch my docker-compose up I have this error :
front_1 | /var/lock/apache2 already exists but is not a directory owned by www-data.
front_1 | Please fix manually. Aborting.
I have this error because I add this line in my dockerfile conf :
RUN usermod -u 1000 www-data
But if I delete this line, my symfony project doesn't work with docker.
Do you have any ideas to solve my problem ?
Best regards
As I see it, you are trying to change UID of user www-data inside docker to have the same ID as host machine user UID (you), so you can open project files in your IDE.
This introduces file permissions problems on apache2 service, which can't read it's own files (config, pid,...), simply because it is not the same user anymore.
Quick 'dirty' solution is to change only owner of symfony project files to UID 1000, but keep group (GID) to the www-data. This applies only for dev machine. Else you don't needed it. Run command inside container.
chown -R 1000:www-data /home/project
You can create some bash alias inside docker to have it at hand.
Other option is to use ACL which will set existing files and folder with permissions, which will get inherited to newly created files under given folder. This could be put to bootstrap script inside container. But only for DEV mode. This way you won't need to run chown.
chown -R 1000:www-data /home/project #set for existing files
/usr/bin/setfacl -R -m u:www-data:rwx -m u:0:rwx -m u:1000:rwx /home/project
/usr/bin/setfacl -dR -m u:www-data:rwx -m u:0:rwx -m u:1000:rwx /home/project
Each -m is for a different user. First is www-data (apache2), second is 0 (root) and third is 1000 (you).
Remember UID can change anytime. So this could create security hole if mentioned users are not having proper UID.
I used second method only for folders, where PHP via apache2 sets permissions (uploaded files, cache,...), but host user needs to access these files.
I was searching hours on the Internet, but for this specific problem I could not find any solution.
1: I have a Xubuntu Linux on my PC. I use it in average way: browse the Internet, watch videos, etc. And also it gives home for my PHPStorm app but no the project files. This is the HOST. It has a host-only network: 192.168.56.1
2: I have a VirtualBox Debian Linux (no GUI) system. This meant to be represent a development version of my real webserver. It has all the project files. This VM is on an external drive, so I can take it everywhere (e.g.: to the office). 192.168.56.101. This is the GUEST.
3: on the HOST I use dnsmasq to force every *.dev domain to be redirected to the GUEST. So I can test my projects easily.
4: on the GUEST I exported the /var/www folder in the /etc/exports:
/var/www 192.168.56.1(rw,sync,no_root_squash,no_subtree_check)
The problem: I want to use the PHPStorm on the HOST to edit the files on the GUEST "locally". But I cannot mount the GUEST's /var/www folder into the HOST's /home/gabor/Projects folder with full permissions. I tried to use the following:
$> sudo mount 192.168.56.101:/var/www /home/gabor/Projects
This looks okay for the first time, but the folder is mounted with nobody:nogoup and I have no permissions to edit.
I want the /home/gabor/Projects has the owner gabor:gabor and everything I create in this folder must has the owner www-data:www-data on the Debian side. But for NFS mounting I cannot specify the user.
$> sudo mount -o umask=0022,gid=1000,uid=1000 192.168.56.101:/var/www /home/gabor/Projects
mount.nfs: an incorrect mount option was specified
I also failed to mount --bind the /var/www with different user (should be nobody:nogroup) on the Debian, so that I could export that one...
How can I solve this problem?
Please help me.
Thank you.
NFS v2 and v3 do not support uid/gid.
on Ubuntu man nfs
Adding this answer for posterity, as I ended up here with the same question.
Try this in /etc/export:
/var/www 192.168.56.1(rw,root_squash)
Then on the client, put this in /etc/fstab:
192.168.56.101:/var/www /home/gabor/Projects nfs defaults,user,noauto,relatime,rw 0 0
The user option will allow a non-root user to mount the volume. Adjust other options as needed.
Then on the client again, become the user you want to mount the volume as, and then mount the volume you added to /etc/fstab:
$ id
uid=1000(gabor) gid=1000(gabor) groups=1000(gabor)
$ mount /home/gabor/Projects
$
Make sure that the uid and/or gid are the same on the server. I'm not sure if the usernames can be different or not. Also make sure that the directory being exported on the server is writable by the user or group. See this blog post for additional info about setting up NFS in a similar manner.
Caution: This is an insecure configuration without authentication. Use NFS v4 with Kerberos for strong authentication.
Ok, I found a solution that exactly does what I want.
First, install the sshfs:
$> sudo apt-get install sshfs
Then mount the remote /var/www:
$> sshfs -o uid=33,gid=33 root#192.168.56.101:/var/www /home/gabor/Projects
And that is it!
$> ls -la /home/gabor | grep Projects
drwxr-xr-x 1 www-data www-data 4096 Okt 14 21:10 Projects
I'm trying to use rsync to deploy my website that resides on a shared web host.
Phpsuexec is running on it and that caused me problems with permissions on files and directories I've transfered via rsync. Actually files should be set to 644 and directories to 755, otherwise I get a 500 error.
After several attempts, I came with this rsync command:
rsync -avz -e ssh --chmod=Du=rwx,go=rx,Fu=rw,og=r -p --exclude-from=/var/www/mylocalfolder/.rsyncignore /var/www/mylocalfolder/ user#mywebsite.net:~/
Unfortunately this command doesn't works as expected because all the sent directories have been set to 744. On the other hand, files permission have been correctly set on 644.
I can't understand what is wrong.
P.S. I use Linux on my local machine.
Try it like this :
--chmod=Du=rwx,Dg=rx,Do=rx,Fu=rw,Fg=r,Fo=r
It worked for me.