Permissions for webcam access through Apache - apache

I am trying to capture an image through a webcam and display it on a webpage but I am getting "permission denied errors"
I am running apache with the following user/group
/etc/apache2/envvars :
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
In the html code i have the request:
myRequest.open("GET", "/cgi-bin/getImage1.cgi", true);
myRequest.send();
In /usr/lib/cgi-bin I have the file: getImage1.cgi
#!/bin/bash
rm image1.jpg
fswebcam -r 640x400 --no-banner --deinterlace -q -d /dev/video0 --jpeg 95 image1.jpg
The file and directories permissions are:
In /usr/lib drwxrwxrwx 2 root www-data 4096 May 14 19:37 cgi-bin
In /usr/lib/cgi-bin -rwxr-xr-x 1 www-data www-data 115 May 14 18:51 getImage1.cgi
In /dev crw-rw----+ 1 root video 81,0 May 14 18:02 video0
User www-data is a member of the following groups:
$ id www-data
uid=33(www-data) gid=33(www-data) groups=33(www-data),44(video)
When i run the web page i get the following error code:
rm: cannot remove 'image1.jpg': No such file or directory
Error opening device: /dev/video0
open: Permission denied
Unable to find a source module that can read /dev/video0.
End of script output before headers: getImage1.cgi,
The error implies that it is executing the script but that the user does not have sufficient permissions to access the /dev/video0.
The apache user should be www-data which is a member of both www-data and video groups, so it should have access to the /usr/lib/cgi-bin directory, getImage1.cgi file, and the /dev/video0 webcam.
If I execute the script from the console it runs fine.
I would appreciate if anyone can offer suggestions.

Related

How to correctly set permission for a localhost server in Fedora using Laravel?

I am attempting to run a laravel app on a local server in https mode in a Fedora 36 OS, but I am given this message
The stream or file "/var/www/compagnon-be/storage/logs/laravel.log"
could not be opened in append mode: Failed to open stream: Permission
denied The exception occurred while attempting to log
It seems to me that my permissions are correct
My DocumentRoot is /var/www/compagnon-be/public
I used these commands from /var/www
sudo chown -R $USER:apache compagnon-be
and
sudo chmod -R 775 compagnon-be
ls -l returns this (muser being my user)
[jaaf#localhost www]$ ls -l
total 12
drwxr-xr-x. 2 root root 4096 17 juin 13:13 cgi-bin
drwxrwxr-x. 14 muser apache 4096 2 déc. 06:32 compagnon-be
drwxr-xr-x. 4 root root 4096 1 déc. 06:52 html
[jaaf#localhost www]$
What is wrong ?
The trouble was coming from selinux.
I tried
sudo restorecon -R -v /var/www/compagnon-be
After that the message changed to
file_put_contents(/var/www/compagnon-be/storage/framework/views/dc2fe5ffc0c4db448244e2a441f79c65b3812ff5.php):
Failed to open stream: Permission denied
Then I decided to install setroubleshoot package in my Fedora distribution and launched sealert
Refreshing the page triggered an alert and sealert gave me the commands to use
It was:
Vous devez modifier l'étiquette sur (You must change label on) « /var/www/compagnon-be/storage/framework/views »
# semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/compagnon-be/storage/framework/views'
# restorecon -v '/var/www/compagnon-be/storage/framework/views'

Setting user permissions for a directory mounted in /etc/fstab

My embedded Linux system is using an admin user account to make some restricted administration tasks. The home directory for that user is /mnt/foo. That directory is the mount point for a partition mounted by /etc/fstab on boot:
/dev/mmcblk1p6 /mnt/foo ext4 defaults 0 0
The problem is with permissions for that /mnt/foo directory:
$ ls -ld /mnt/foo/
drwxr-xr-x 16 root root 4096 Mar 23 07:54 /mnt/foo/
This permissions don't allow the admin user to create/write any file:
$ pwd
/mnt/foo
$ touch hello
touch: hello: Permission denied
This problem can be easily fixed setting 777 permissions to /mnt/foo in rcS startup script:
$ chmod 777 /mnt/foo
But I don't like this solution. I have tried setting different options in the fstab (gid=admin,uid=admin,umask=000), but it seems these mount options are not supported by ext4 filesystems.
Is the rcS startup script the only feasible way to fix this issue? Thanks!
you can change the default value in the /etc/fstab entry line:
/dev/mmcblk1p6 /mnt/foo ext4 defaults 0 0
to become
/dev/mmcblk1p6 /mnt/foo ext4 file_mode=0755,dir_mode=0755 0 0
or whatever the permissions you want to give

Jenkins user cannot copy files to Apache /var/www folder - all permissions appropriate

Jenkins installed on Ubuntu 18.04 and running successfully.
As part of our project build process, we need to copy built files to a specific folder under /var/www/html (Apache folder). Our build / Execute shell:
npm install
ng build --prod
cp -R /var/lib/jenkins/workspace/kagi-core/dist/core/* /var/www/html/kagi-core/
But jenkins build fails at the final copy command with the following errors:
23:18:10 + cp -R /var/lib/jenkins/workspace/kagi-core/dist/core/3rdpartylicenses.txt /var/lib/jenkins/workspace/kagi-core/dist/core/assets ...
23:18:10 cp: cannot create regular file '/var/www/html/kagi-core/3rdpartylicenses.txt': Permission denied
...
...
Here's what we did/tried so far:
Added "jenkins" user to root and ubuntu groups.
ubuntu#ip-172-31-15-215:/var/www/html$ groups jenkins
jenkins : jenkins root ubuntu
Changed permissions on /var/www/html/kagi-core folders to "jenkins" user
drwxr-xr-x 3 ubuntu jenkins 4096 Sep 17 21:36 www
..
drwxr-xr-x 3 ubuntu jenkins 4096 Sep 18 21:04 html
..
drwxrwxrwx 4 ubuntu jenkins 4096 Sep 18 21:18 kagi-core
What are we missing? Appreciate any help!
While trying to fix this, found the solution. Adding here for reference:
On observing carefully, the permissions to /var/www folders, they are as
drwxr-xr-x 3 ubuntu jenkins 4096 Sep 17 21:36 www
but instead they should be the other way around (allow "jenkins" user to the default group):
drwxr-xr-x 3 jenkins ubuntu 4096 Sep 17 21:36 www
Also we reset the group to default root
So the command that solved the issue was
cd /var
sudo chown -R jenkins:root www/
After this, jenkins builds were successful (able to copy to the /var/www/html folder).

What permission do I need to edit a perl file on linux via Sublime

Somehow I've made an error where my Perl files, located on a Linux server, must be set at 775 for me to edit them via Sublime, on my Windows laptop.
I can change the files to 755 and they'll run properly, but I can't edit them unless they're set to 775. When I try to save them I get a Permission Denied error.
Everything is owned by www-data
drwxr-xr-x 2 www-data www-data 4096 Jun 10 08:00 cgi-bin
The Perl file within cgi-bin directory is as well
-rwxr-xr-x 1 www-data www-data 960 Jun 10 01:22 perly.pl
When I log in via the Sublime editor I log in as the original user I created my server with "danny", and he is a member of the www-data group.
Can anyone figure out where I making a mistake or the wrong assumption?

How to set up crontab permissions to be readable by apache

I have a django application which should read and write to a crontab. However if I create the file with this:
sudo su www-data
crontab -e
I can see that:
# ls -la
total 12
drwx-wx--T 2 root crontab 4096 Aug 13 16:28 .
drwxr-xr-x 5 root root 4096 May 1 2012 ..
-rw------- 1 www-data crontab 202 Aug 13 16:28 www-data
However the file is still not readable and writeable by django. If I switch with sudo to www-data user I can't edit the file. How to setup the permissions properly?
You are not allowed to read that dir, for good reason.
You can however:
Read the file with crontab -l
Replace the crontab with crontab /path/to/file/which/will/replace/it.
So a workable solution would be:
Store current crontab -l in some tempfile.
Do you modifications on that tempfile
Install that tempfile with crontab /path/to/tempfile
The reason is in man cron:
Users are not allowed to edit the files under that directory
directly to ensure that only users allowed by the system to run periodic tasks can add them, and only syntactically correct crontabs will be written
there. This is enforced by having the directory writable only by the crontab group and configuring crontab command with the setgid bid set for that
specific group.