i have a php script which enables crontab schedules as www-data. I want to do this from apache but with command -u userx. My question what i have to do in order to give the possibility for www-data user to create crontab jobs for other users?
So far:
1. I created userx and i put it to sudoers file.
2. Also made the sudo chown for www-data to crontab folder. The idea is that i host php file which makes the changes in crontab in apache so the user that changes crontab jobs must be www-data. any ideas?
I suggest use crontab for www-data
sudo -u www-data crontab -e
Related
How can I allow non-root users to create your own crontab in Centos?
I'm a Debian user and in it non-root users can create your own crontab by default just with the command:
# crontab -e
How can I achieve this in Centos?
Problem solved. Was a fake crontab file installed in /usr/local/bin. It was blocking crontab users. Was not a system problem.
My site is running on a EC2 Amazon server under Ubuntu/Apache2.
My site was running fine until I changed the permissions for user 'ubuntu' by doing this command:
chown -R ubuntu /var/www/html
Now my site is spitting out warning messages and errors :(
www.kaysboutique.co.uk
I did this because I wanted to be able to write files via FileZilla after following this answer:
Amazon AWS Filezilla transfer permission denied
Fixed by running these:
sudo chown www-data -R /var/www/html
If not fixed, run sudo chown -R www-data /var/www/html
First to fix the pb try to restore the initial user and group for html directory by using this command :
sudo chown -R www-data:www-data /var/www/html
And if you need to add new user to www-data group use this command :
sudo useradd -g www-data [username]
sudo passwd [username]
I'm trying to use Apache to access a file on my Documents folder.
I tried the following:
sudo chown -R www-data:www-data /home/$USER/public_html
sudo adduser $USER www-data
sudo chmod -R 775 /home/$USER/public_html
As suggested by this post:
https://askubuntu.com/questions/26848/permissions-issue-how-can-apache-access-files-in-my-home-directory
Although this works, now I cannot edit or the files directly as the user (without using sudo), despite being a member of the www-data group. The only solution that seemed to work is using chmod -R 777 (which I rather not do).
Turns out all I had to do is restart the OS and it was sorted!
(UNIX/LINUX)
Usually on a local Development Environment we fight with permission, this is really annoying things because sometime what we think is a code bug is just a file not accessible to apache.
The main problem is that some files are created by Apache ( so the web app ) other are created by the developers ( IDE or Editor )
The solution that I use it to add my user to apache group:
-sudo usermod -a -G www-data <username>
-sudo chgrp -R www-data /var/www
The issue is that when I create a new file with my IDE the files have [my user]/[my user] as owner and sometime apache is not able to read these files ( depending on the permission s flags)
So I'm forced to re-execute sudo chgrp -R www-data /var/www
Any solution to avoid this ?
Three main solutions
Set User ID / Set Group ID
sudo chmod -R 2750 www-data /path
Use apache ITK with AssignUserId (privilege seperation)
<IfModule itk.c>
AssignUserId www-data www-data
</IfModule>
Add apache to your IDE group (not recommend)
Side Note
Set User Id could be potentially dangerous as users (apache, so nearly the all world) can gain extra privileges by using files that grant them different (enanched) privileges, so you have perfectly to know what are you doing
I have found this question: that ask for something different but the answer looks to be a solution, here what they say (KahWee Teng):
You add yourself into the group with:
sudo usermod -a -G www-data <username>
Change the group to www-data just in case you haven't:
sudo chgrp -R www-data /var/www
Get new files to inherit the permissions (775) (sticky bit)
sudo chmod -R 2775 /var/www
The key is this last step (2775)
I have a django application which should read and write to a crontab. However if I create the file with this:
sudo su www-data
crontab -e
I can see that:
# ls -la
total 12
drwx-wx--T 2 root crontab 4096 Aug 13 16:28 .
drwxr-xr-x 5 root root 4096 May 1 2012 ..
-rw------- 1 www-data crontab 202 Aug 13 16:28 www-data
However the file is still not readable and writeable by django. If I switch with sudo to www-data user I can't edit the file. How to setup the permissions properly?
You are not allowed to read that dir, for good reason.
You can however:
Read the file with crontab -l
Replace the crontab with crontab /path/to/file/which/will/replace/it.
So a workable solution would be:
Store current crontab -l in some tempfile.
Do you modifications on that tempfile
Install that tempfile with crontab /path/to/tempfile
The reason is in man cron:
Users are not allowed to edit the files under that directory
directly to ensure that only users allowed by the system to run periodic tasks can add them, and only syntactically correct crontabs will be written
there. This is enforced by having the directory writable only by the crontab group and configuring crontab command with the setgid bid set for that
specific group.