Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I'm having permissions issues when accessing seemingly random directories/files on the windows filesystem with wsl2/ubuntu. Some directories are not accessible and I get a 'permission denied' error when I try to access them or any of the files in them. However, I have no issues accessing them from Windows itself through explorer or a non-admin powershell or command-line shell.
From the WSL side I am the owner of the files and directories and have correct permissions but I still cannot access them. I can however access these directories/files if I switch to root. I shouldn't have to though since the permissions on this directory are the same as the ones on other directores.
drwxr-xr-x me me
I've tried looking at the directory properties from the Windows side and making them more permissive ("Full-control" to each group in the properties>security menu) to all of the various groups with no success. I am the only user of this computer and the only groups that exist are...
Authenticated Users
SYSTEM
Administrators (${my-machine-name}\Administrators)
Users (${my-machine-name}\Users)
I can provide more info if needed.
Make sure that not only the directory that contains the files has rx for your WSL user but also every directory above it (Sorry, would have commented but I don't have enough rep yet).
Try creating a /etc/wsl.conf with the following:
[automount]
options="metadata,uid=1000,gid=1000,umask=022"
After creating the file:
Exit your WSL session
wsl --terminate <distro> or wsl --shutdown
Then restart and test the file/directory permissions again.
The uid and gid probably already default to those values since you mention that the files and directories on the NTFS drive are showing as owned by your user. So they can probably be left out.
The metadata option is important, as it allows WSL to map Linux permissions on to files and directories created in WSL on those NTFS drivers. But again, this isn't really your problem here either.
The umask is hopefully the long-term answer to your problem, as it will map WSL/Linux rwxr-xr-x to directories created in Windows, and rw-r–r– to files.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I have noticed while learning how to setup ssh that lots of stackoverflow posts referred to the file ssh config being inside of the folder ~/.ssh but when i look at the same folder in my macbook the files listed are:
created from my last ssh setup
someprivatekey
someprivatekey.pub
known_hosts
now when i inspect the folder cd /etc/ssh/ then i can see the file ssh_config there.
Is it a normal behavior or should ssh file "ssh_config" always be located in "~/.ssh" folder and I have presumably a wrong configuration?
(Sorry if the post sound very elementary, i am learning how to use ssh)
how to should i setup ssh and the "ssh_config" file correctly?
The file in /etc/ssh affects all users on the machine, while the one in ~/.ssh affects only you. You can find a complete list of the file locations at the end of the ssh manpage (which should be available at your computer by running man ssh).
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I'm not what you would call an advanced linux user, so my apologies for a probably dumb question.
I'm trying to raise the NOFILE limit for my UBUNTU 20.04 distro using WSL2, following this guide: cannot-increase-open-file-limit-past-4096-ubuntu
However, when I try to modify the corresponding .conf files I get a permision denied error.
When trying to do so from windows and VsCode I get:
Failed to save 'system.conf': Command failed: "C:\Users\sague\AppData\Local\Programs\Microsoft VS Code\bin\code.cmd" --file-write "c:\Users\sague\AppData\Roaming\Code\code-elevated-mjlcag" "\\wsl$\Ubuntu-20.04\etc\systemd\system.conf" Error using --file-write: EPERM: operation not permitted, open '\\wsl$\Ubuntu-20.04\etc\systemd\system.conf'
And when trying to do so using nano within the WSL2 terminal (using windows terminal) I get:
Error writing /etc/systemd/system.conf: Permission denied
Please help, I'm stuck with this :')
My apologies for what is probably a very noob question
Well, to be honest you are making a few newbie mistakes, but don't worry - Even once you get past those, what you are trying to do under WSL isn't easy.
First, you are trying to edit a system file as a normal user in nano, resulting in Permission denied. Solution: Use sudo nano /etc/systemd/system.conf instead. But see below (3) for why this ultimately isn't going to work.
Second, you are trying to edit a WSL system file as a normal user under VSCode. This just won't work since VSCode always runs as the normal user by design. It may be possible to get it to run under sudo, but it's probably not worth the effort. Note that this is also a limitation when running the "Remote - SSH" extension in VSCode (similar to the "Remote - WSL" one you are using now).
You are trying to modify the systemd configuration under WSL, where there is no systemd support, so even when you do successfully edit the file, it isn't going to do anything.
Your next attempt once you got past that would probably be (as it is for most of us) to try to raise the ulimit through /etc/security/limits.conf, which is the right way to do it, but requires a trick under WSL. That file is a PAM construct, and ... well, PAM runs at login, and we don't "login" in WSL, so PAM usually doesn't get called.
The hacky solution, as I cover in this answer on Ask Ubuntu (with great assistance from a number of answers in this Github thread) is to make the modifications to /etc/security/limits.conf and then to force PAM to process it by sudo'ing back in as your own user via:
sudo su $USER
or possibly
sudo su - $USER # if you need to run as a login shell
There are also some other suggestions in the Github thread, if those incantations don't quite work for you.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 years ago.
Improve this question
I have a folder on Windows Server 2012 that I want to delete. However, even when I try it in PowerShell or cmd.exe as admin, I'm not allowed to delete or view it. I also tried changing permissions with icals as admin, but was also denied.
The error message when I try to delete it looks like this.
rmdir : Access to the path 'C:\Tomcat8.0\webapps\geoserver\data\coverages' is denied.
At line:1 char:1
rmdir .\data
CategoryInfo : PermissionDenied: (C:\Tomcat8.0\webapps\geoserver\data:String) [Remove-Item], UnauthorizedAccessException
FullyQualifiedErrorId : RemoveItemUnauthorizedAccessError,Microsoft.PowerShell.Commands.RemoveItemCommand
I read that this can be caused by a bug in UAC (User Account Control), so I set it to Never notify, but that didn't change it either.
Background (I'm not sure if this caused the problem): The folder was created by deploying geoserver on Tomcat 8 and trying to manually delete it. The entire folder structure was deleted except for this one folder.
Edit: Maybe it's also worth mentioning that it doesn't matter whether Tomcat is running or not.
I figured out how to delete it now. The folder seemed to be locked by the explorer process somehow.
Solution: Open cmd as administrator, then stop the explorer task, delete the folder and start a new instance of explorer.exe.
The below solution:
Open cmd as administrator, then stop the explorer task,
or open the task manger and end task windows explorer
delete the folder and
start a new instance of explorer.exe from task manger (explorer).
This worked for me.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
Apologies if this has already been asked already, but I tried a quick search and couldn't find my problem.
Basically I am trying to SSH a file onto my friends server from my computer for him to read and modify himself. He has given me my own login and sufficent rights etc, but he is unable to see what I've uploaded to the server, nor can I see what he has added.
I am currently using:
scp hello.txt username#domain.com:/home/username/
which uploads correctly and I can see it.
Could someone please help me out and explain why he is unable to view what he's uploaded, and vice versa?
How can we set it up so we can see each others files and modify them (some sort of public folder?)?
The problem are most likely the access rights on the directory/file. A non-root user might not be able to see the contents of the home directory of another user. If you upload a file to your home directory, your friend can consequently not see the uploaded file and vice versa.
The solution is simple: you need a directory on which both of you have the appropriate permissions, as you already assumed. Try this:
# on the server
mkdir /var/your_share/
chmod o+rwx /var/your_share/
# on your host
scp hello.txt username#domain.com:/var/your_share/
# on the server
ls -l /var/your_share/hello.txt
The ls -l displays the permissions of the uploaded file.
-rw-r--r-- 1 username username 10 Oct 13 15:49 hello.txt
If it says something like this, your friend will not have permissions to change the file but only to read it. Use the following command to grant him write permissions for that file:
# on the server
chmod o+w /var/your_share/hello.txt
ls -l /var/your_share/hello.txt
The output should then be something like:
-rw-r--rw- 1 username username 10 Oct 13 15:49 hello.txt
Note: The permissions granted in these commands are not only for the account of your friend but for all accounts on the server. That means everybody can read and write to the file. If you want to change that, you have to setup a group and only grant rights to the group.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
Sometimes I want to allow users to upload files through Apache. There are two different ways I could set the permissions so that Apache can write the uploaded files to the directory.
I can make the user Apache is running as the owner of the directory so that it looks like this:
drwxr-xr-x 2 www admin 68 Sep 24 2007 uploadedfiles
I can give write permission to "others" where Apache is one of the others:
drwxr-xrwx 35 egbert admin 1190 Mar 9 13:17 uploadedfiles
Is one of these safer than the other?
The most restrictive access, in this case exclusive access to www/admin with permission 0750, is always the safest. Note that, in the permission mask above, users who are neither www nor members of admin are not allowed to access the contents of the directory at all; this is in order to reduce the possibility that an unauthorized party logged into the system gain access to potentially confidential information uploaded by users.
Do not forget that on most *nix platforms you also have a third, extremely flexible option, that is, setting ACLs using setfacl. ACLs are a superset of what can be achieved with the regular permission bits and ownership methods. ACLs are the option of choice when confronted with complex security setups (including per-user permissions, default ownerships, etc. - but you may need to first add acl to /etc/fstab in the mount options of the volume hosting your directory, see man mount.) You may choose to use ACLs if two or more users need access to the directory in question without being members of, say, the admin group.
There are 2 questions to ask here - first, who else (if anyone) needs to access those files? If there are other processes that act on those files, who are they running as, and how will that interact with the chosen solution? If there aren't other processes or users accessing the files, I'd go with making the apache user the owner, as that's all that is needed, and it follows one of the oldest principles in security - only let people who need access to something have it.
If the system is being used for other purposes you should probably avoid giving permissions via the 'others'. Allowing permissions here would basically mean anything else running on that computer, or with access to that computer would have rights to those files.
Also, you could create an additional group, and make apache a group member, and whoever is in admin, and change the group ownership to that group, and give permissions to that group. If you use a group, you will probably also need set the 'setgid' bit on the directory. When the setgid bit is set any files created will get the same group membership of the parent directory.
The general rule with security is that of least privilidge. You want to use as minimal permissions as possible. In this case, the first option (writable by apache) means that the directory can only be written to if your system is compromised through the apache user, whereas with option two (writable by everyone), any account can be compromised and write to that directory. In this case, I would go with option one:
drwxr-xr-x 2 www admin 68 Sep 24 2007 uploadedfiles
Giving read access to others is also a security risk. Wordpress for example, has a file containing the username and password of the database.