Directory Permissions CentOS - permissions

The scenario I'm trying to achive is the following:
1 directory created by root and give access to a group of people.
Therefore i create a group called 'testgroup' and a new user 'testuser' that belongs to 'testgroup'.
I gave permissions rwx to owner and rw to group and none to the others.
But the testuser cannot go inside this directory. What i'm doing wrong ?
-bash-4.1$ ls -la
total 12
drwxr-xr-x 3 root root 4096 Sep 12 21:02 .
drwx--x--x 46 root root 4096 Sep 12 21:02 ..
drwxrw---- 6 root testgroup 4096 Sep 12 21:02 test
-bash-4.1$ cd test
-bash: cd: test: Permission denied
-bash-4.1$ id
uid=32010(testuser) gid=32015(testgroup) groups=32015(testgroup)
-bash-4.1$
Also i tried relloging - but still couldnt have access to that directory.
If i give him execute permissions he can change to that directory. But i dont want to allow him executing scripts, just read/write. Is that possible ?

You need to set the execute bit on your 'test' directory for the 'testgroup' group
chmod 770 test (rwx for owner, rwx for group, no access for everyone)
A directory must have the execute bit set in order to access the files within.
When applying permissions to directories on Linux, the permission
bits have different meanings than on regular files.
The write bit allows the affected user to create, rename, or delete
files within the directory, and modify the directory's attributes
The read bit allows the affected user to list the files within the
directory
The execute bit allows the affected user to enter the directory, and
access files and directories inside

Related

Error setting up WORHP license and parameters file

I am trying use WORHP toghether with AMPL on my Linux Mint (v19.3) machine, but I just can't figure out how to properly set up the license file (and probably the .xml file as well).
I've placed AMPL's and WORHP's binaries, as well as libworhp.so, .lic and .xml files, in the same directory as follows:
user#laptop:/opt/AMPL$ ls -la
total 121676
drwxr-xr-x 3 root root 4096 May 30 22:38 .
drwxr-xr-x 9 root root 4096 May 29 21:43 ..
-rwxr-xr-x 1 500 users 1226960 May 2 17:47 ampl
-r--r--r-- 1 user user 690 May 29 20:01 ampl.lic
-rwxr-xr-x 1 root root 4100512 May 29 22:00 libworhp.so
-r--r--r-- 1 root root 175 May 30 22:53 rosenbrock.mod
-rwxr-xr-x 1 root root 339400 May 29 21:43 worhp_ampl
-r--r--r-- 1 user user 1122 May 30 21:56 worhp.lic
-r--r--r-- 1 root root 20239 May 29 22:34 worhp.xml
The binary file is called worhp_ampl and rosenbrock.mod is a valid AMPL example file.
Still, I get the following error message whenever I try to solve the model with:
user#laptop:/opt/AMPL$ ampl rosenbrock.mod
ReadParamsNoInit: Used parameter file worhp.xml
* Read 268/268 parameters.
WORHP: Using data file /tmp/at9188. Error (License): Could not open license file.
* Local MACs:
- 00:90:f5:93:e9:62
- 74:f0:6d:85:27:ee
WorhpInit: Could not obtain license.
Unsuccessful termination: License error.
Error (AMPL_Init): Error in WorhpInit.
exit value 1
<BREAK>
This error only happens if I set WORHP's corresponding parameter and license environment variables (because I need to use WORHP and AMPL outside of this installation directory).
user#laptop:/opt/AMPL$ echo $WORHP_PARAM_FILE
:/opt/AMPL/worhp.xml
ueser#laptop:/opt/AMPL$ echo $WORHP_LICENSE_FILE
:/opt/AMPL/worhp.lic
On the other hand, everything works (only inside the /opt/AMPL directory) if I remove the declaration of WORHP_PARAM_FILE and WORHP_LICENSE_FILE from my .bashrc.
I couldn't figure out how to do this just by reading WORHP's User's Guide, so I would like to kindly ask for a little help with this issue.
I managed to fix the problem by adding the following to my .bashrc file
WORHP_PARAM_FILE=/opt/AMPL/worhp.xml
export WORHP_PARAM_FILE
WORHP_LICENSE_FILE=/opt/AMPL/worhp.lic
export WORHP_LICENSE_FILE
Instead of the previous:
export WORHP_PARAM_FILE=$WORHP_PARAM_FILE:/opt/AMPL/worhp.xml
export WORHP_LICENSE_FILE=$WORHP_LICENSE_FILE:/opt/AMPL/worhp.lic

Trying to delete a file from Apache2 not in /var/www

I am new to apache2 and am having permission issues with respect a functionality of my website.
I have django running apache2 and my django project has a DELETE functionality on the website, where the back-end deletes a folder from /Project/results . Following is my python function which works as expected when I just run it on the django web development server but throws error 'Exception: ', OSError(13, 'Permission denied') when I run it through apache2,
def delPrevGraph(request):
delId = request.GET["delId"]
try:
print("Path deleting: /Project/results/",delId)
shutil.rmtree("/Project/results/"+delId)
except Exception as e:
print("Exception: ",e)
args={}
return HttpResponse(json.dumps(args))
The permission and owner of the results directly is as follows,
drwxr-xr-x 52 www-data www-data 4096 May 19 06:41 results
But all the folders within results directory are owned by root. Just for checking I did try to chown and give permissions as below but showed no difference.
chown www-data:www-data deleteID
chmod 755 deleteID
Also I tried to adding the following in the default-ssl.conf file and tried restarting the apache2 and deleting from the website. Still no difference.
<Directory /Project/results/>
Require all granted
</Directory>
I cannot change the location of the this directory and place it in /var/www.
Is there a way to to get this done? I am stuck at this issue for a while now and would greatly appreciate some help.
I was reading the shutil documentation. And in the box of warning, they advice us to doesn't use copy functions on POSIX (linux) system. Maybe your problem is relation with a POSIX bug, try to use the basic I/O files functions.

How to edit read only file, as root without sudo

I have a thecus home server, I'd like to edit the index.php file located under /img/www/htdocs/index.php however it tells me every time I vi that it's 'Read-only'.
I checked it's file permissions using ls -l index.php:
-rw-r--r-- 1 root root 7619 Mar 29 2013 /img/www/htdocs/index.php
From my understanding, the -rw first in the permissions, stands for the ownership permissions, and the owner is root in the group of root.
I have ssh'd into my server using:
ssh root#server.com
Once I login, it say's
root#127.0.0.1:~#
I have tried changing it's ownership, chmodding it, using vi to change permissions, trying to force it doesn't work either, how can I edit this damned file ! :(
When I try to use sudo it say's the command is not found, so I'm assuming that's because Thecus have stripped down the commands.
The output of mount without any arguments, I have noticed that the directory that I'm currently working in, is actually set to ro, is there a way I can edit this?
/dev/cloop2 on /img/www type ext2 (ro,relatime,errors=continue,user_xattr,acl)
Any help would be great! :)
Try mount -o remount,rw /img/www/, if that is not possible, you can copy the contents to a place where you can modify them, unmount the original /img/www/ and then symlink or "bind mount" the new location there.

Rails app folder is large due to GIT pack file

So I noticed that my Heroku slug size was huge (100mb) and decided to inspect my Rails project structure to see what was causing the huge size.
When I inspected the project folder it said that it was approx 100mb in size. However, after inspecting all the (first level) children files and folders I couldn't see any culprit (my logs are deleted on a daily basis).
I tried deleting the entire contents (code is up on github of course!) but when I inspect the folder it still says its 99.9mb on disk - weird.
I sudo'd into the folder in terminal and ran ls -al to see if there were any hidden files or folders but only got the following:
-rw-r--r-- 1 <name> staff 15364 15 Apr 16:03 .DS_Store
drwxr-xr-x 3 <name> staff 102 17 Apr 2012 .bundle
drwxr-xr-x 18 <name> staff 612 15 Apr 15:18 .git
-rw-r--r-- 1 <name> staff 487 4 Apr 10:21 .gitignore
Nothing unusual there I think.
Has anyone seen a similar situation and can advise a solution?
UPDATE
So it looks as though the .pack file(s) in the .git folder are the issue here. I did a little searching and ran
git filter-branch --index-filter 'git rm -r --cached --ignore-unmatch unwanted_folder' --prune-empty
and
git gc --aggressive --prune
Which removed all but one of the pack files. Whats confusing me is why the remaining pack file is 75mb when all code and assets come to 25mb? I'm guessing its keeping a history of the changes made locally since the repo was initialised or something? If so, how do I clear these down? I store all changes on github anyway so the old files/versions are redundant (unless I'm missing something?).

Postfix piping email to php, permissions error

I'm attempting to pipe an email to PHP with my Postfix mail server, using the technique mentioned here and have encountered the following error...
Mar 16 22:52:52 s15438530 postfix/pipe[9259]: AD1632E84C63: to=<php#[myserver].com>, relay=plesk_virtual, delay=0.61, delays=0.59/0/0/0.02, dsn=4.3.0, status=deferred (temporary failure. Command output: /bin/sh: /var/www/vhosts/[myserver].com/httpdocs/clients/emailpipe/email2php.php: Permission denied 4.2.1 Message can not be delivered at this time )
I'd really appreciate if anyone could shed some light on this issue for me. I've tried 777'ing the emailpipe directory, to no avail. Where am I going wrong?
Many thanks.
From the postfix docs...
For security reasons, deliveries to command and file destinations are performed with the rights of the alias database owner. A default userid, default_privs, is used for deliveries to commands/files in root-owned aliases.
So you have two options, either set the default_privs in main.cf to match the ownership of the email2php file.
Alternatively, there should be a way to create an alias database that is owned by the user instead of postfix/nobody. I haven't tried this before though so can't advise.
I have fixed this issue by disabling the SELINUX.
Make sure that you have
#!/usr/bin/php
<?php
(or whatever your path to php is - do "which php" on the server)
at the top of each of your php scripts and that each of the php script files is executable
chmod +x /var/.../email2php.php
Also, make sure that you can test the script from the command line:
cat some_rfc822_email.txt | /var/.../email2php.php
and get the result that you want
To fix this issue, you'll want to chown or chmod /var/www/vhosts/[myserver].com/httpdocs/clients/emailpipe/email2php.php to executable by your postfix user. Alternately, you'll want to redefine this user to execute the file successfully.
Simply changing the permissions of your directory (unless you used -R) won't be sufficient.
To illustrate why this works, consider the following toy example:
<me>#harley:~$ touch test
<me>#harley:~$ ls -al test
-rw-r--r-- 1 <me> <me> 0 2012-03-26 23:44 test
<me>#harley:~$ sh test
<me>#harley:~$
<me>#harley:~$ ./test
bash: ./test: Permission denied
<me>#harley:~$ chmod 755 test
<me>#harley:~$ ./test
<me>#harley:~$
In order to execute a file directly through the running shell, it needs to be set as executable. Other invocations (for example, sh email2php.php or php email2php.php) only require read access, because they're chaining execution off a different file entirely.
For what's likely to be causing the issue in the first place, see here.