I'm having a problem. When I do ls -la I have this:
drwxr------ 2 mamie netusers 1024 Mar 31 10:50 mamie
drwxr------ 2 papy netusers 1024 Mar 31 10:45 papy
Basically, I want the user mamie (in group netusers) to be able to rwx in /mamie and only r in /papy. And vice versa for papy. If I put rwxr----- when I try to go in /papy using the user mamie it says I cannot access the directory. I have to add x but I only want r.
How can I do that please?
in this case you need to give access with chmod
sudo chmod -R 755 /papy
Related
Using:
podman version 4.2.0
AlmaLinux 8.7
I've created an image based on redhat/ubi8 with the following Dockerfile:
FROM docker.io/redhat/ubi8
RUN dnf install -y gcc-c++ cmake python39 openssh git
RUN useradd -ms /bin/bash foobar -g users
USER foobar
WORKDIR /home/foobar/
RUN mkdir -p .ssh
$ docker build -t mount_test_image .
I run the image from a directory that contains a directory ssh, and I want to mount that directory to /home/foobar/.ssh with ownership of foobar.users
$ ls -l
-rw-r--r--. 1 host_user users 269 Dec 7 09:10 Dockerfile
drwxrwxr-x. 2 host_user users 18 Dec 2 10:41 ssh
docker run -it -d --rm --mount type=bind,src=ssh,target=/home/foobar/.ssh --name=mount_test mount_test_image
However when I enter the container via
docker exec -it mount_test '/bin/sh'
The home directory looks like this:
drwx------. 1 foobar users 18 Dec 7 17:10 .
drwxr-xr-x. 1 root root 21 Dec 7 17:10 ..
-rw-r--r--. 1 foobar users 18 Jun 20 11:31 .bash_logout
-rw-r--r--. 1 foobar users 141 Jun 20 11:31 .bash_profile
-rw-r--r--. 1 foobar users 376 Jun 20 11:31 .bashrc
drwxrwxr-x. 2 root root 18 Dec 2 18:41 .ssh
I obviously get a "permission denied" when trying to access that directory.
sh-4.4$ ls /home/foobar/.ssh
ls: cannot open directory '/home/foobar/.ssh': Permission denied
I tried changing the ownership of the directory on the host to match the uid of the container user, but then it just looks like this:
drwxrwxr-x. 2 nobody root 18 Dec 2 18:41 .ssh
My host user uid:gid is 501:100 and the container user is 1000:100. Right now I'm just trying to generate an ssh key to upload to bitbucket, but this seems like a simple feature a container should be have. All the tutorials and examples just stop after the --mount command instruction and say "there ya go!". What good is the mount point if you can't read/write it?
EDIT:
I tried on Archlinux using docker instead of podman and it works like one would expect with both -v and --mount. The owner of the mounted directory in the container matches the uid and gid of the host. Is this then a bug in podman or is it just done differently?
You are using a non-root user (foobar) in a rootless container. You must use --userns=keep-id for the container user to see the mounted volumes.
https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md#using-volumes
I have a proxmox server so under debian, and I want to mount a remote directory from my Nas Synologies to make backups.
I normally use ssh mounts without any problem.
But this time I have an error that I have never encountered, I can create files, but not delete them.
I find this very strange and I don't see where this can come from
root#proxmox:/mnt/# sshfs user#192.168.0.1:home/data /mnt/dist-folder/ -o reconnect,
ServerAliveInterval=60,ServerAliveCountMax=30,allow_other,
default_permissions,uid=0,gid=0,umask=007
root#proxmox:/mnt# cd dist-folder/
root#proxmox:/mnt/dist-folder# touch aa.txt
root#proxmox:/mnt/dist-folder# ls -la
total 12
drwxrwx--- 1 root root 114 Mar 13 09:53 .
drwxr-xr-x 7 root root 4096 Mar 13 09:37 ..
-rwxrwx--- 1 root root 0 Mar 13 09:53 aa.txt
root#proxmox:/mnt/dist-folder# rm aa.txt
rm: cannot remove 'aa.txt': Permission denied
With uid=0,gid=0 for root user and group
Thanks
This is finally a problem specific to synology.
For the assembly of the file it is absolutely necessary to respect the path by starting with
/homes/<user>home/
So it's give
sshfs user#192.168.0.1:/homes/proxmox/home/data /mnt/dist-folder/
And it's works fine !
It's not the first time that I have an abnormal configuration for this synology tool... AGrrrr
I'm super-confused about file permissions in MSYS. Things started to go wrong after my company transferred my windows-user to a different domain. Now I have this concrete problem:
I want to compile cpputest. I unzipped it using windows, started an msys console and owner and group look like this:
M.Grunwald#GNA ~/Projects/cpputest-3.8
$ ls -la
total 1956
drwxrwx---+ 1 M.Grunwald Domain Users 0 16. Nov 10:21 .
drwxrwx---+ 1 M.Grunwald COMPANY_DE+Domain Users 0 16. Nov 10:21 ..
-rwxrwx---+ 1 M.Grunwald Domain Users 11030 2. Mai 2016 .cproject
-rwxrwx---+ 1 M.Grunwald Domain Users 228 2. Mai 2016 .gitattributes
-rwxrwx---+ 1 M.Grunwald Domain Users 746 25. Mai 12:32 .gitignore
and so on.
When I start autogen.sh, this happens:
$ ./autogen.sh
autom4te-2.69: cannot open autom4te.cache/requests: Permission denied
$ ls -lad autom4te.cache/
drwxr-xr-x+ 1 M.Grunwald Domain Users 0 Nov 16 10:23 autom4te.cache/
So the directory belongs to me, I have all permissions, but I'm not allowed to touch anything in it:
$ touch autom4te.cache/requests
touch: cannot touch 'autom4te.cache/requests': Permission denied
It seems that "I" am not really M.Grunwald and don't belong to "Domain Users", neither... On the other hand:
$ echo "UID: $UID GID: $GROUPS"
UID: 1117609 GID: 1049089
$ ls -lnad autom4te.cache/
drwxr-xr-x+ 1 1117609 1049089 0 Nov 16 10:23 autom4te.cache/
So the IDs match. umask is 0000, too and still group and others don't have write permission. If I want to change this:
$ chmod g+w autom4te.cache
chmod: changing permissions of 'autom4te.cache': Permission denied
Now I'm completely confused and blocked on many similar tasks (always permission problems, cpputest is just one example). Can you help me?
The problem was solved after I re-ran the mingw installer.
I'm trying to get user directories to work with Lighttpd on Arch Linux. But after creating the public_html directory, placing an index.html file in it, setting permissions, configuring Lighttpd to use the user directory module, and restarting lighttpd, it still gives 404 for one specific user (yet another one works).
Here are my configuration files:
$ cat /etc/lighttpd/lighttpd.conf
# This is a minimal example config
# See /usr/share/doc/lighttpd
# and http://redmine.lighttpd.net/projects/lighttpd/wiki/Docs:ConfigurationOptions
server.port = 80
server.username = "http"
server.groupname = "http"
server.document-root = "/srv/http"
server.errorlog = "/var/log/lighttpd/error.log"
dir-listing.activate = "enable"
index-file.names = ( "index.html" )
mimetype.assign = (
".html" => "text/html",
".txt" => "text/plain",
".css" => "text/css",
".js" => "application/x-javascript",
".jpg" => "image/jpeg",
".jpeg" => "image/jpeg",
".gif" => "image/gif",
".png" => "image/png",
"" => "application/octet-stream"
)
include "conf.d/userdir.conf"
include "conf.d/cgi.conf"
$ cat /etc/lighttpd/conf.d/userdir.conf
server.modules += ( "mod_userdir" )
userdir.path = "public_html"
This is what things look like for user aardbei:
$ cat /home/aardbei/public_html/index.html
doot doot
$ ls -ld /home/aardbei/public_html
drwxrwxrwx 2 aardbei aardbei 4096 Mar 27 13:10 /home/aardbei/public_html
$ ls -ld /home/aardbei/public_html/index.html
-rwxrwxrwx 1 aardbei aardbei 37 Mar 27 13:11 /home/aardbei/public_html/index.html
But even after restarting the server with sudo systemctl restart lighttpd I still get 404 at URI /~aardbei/index.html and not what I should get: "doot doot"
However, this is what things look like for the user madeline:
$ cat /home/madeline/public_html/index.html
blah blah blah
$ ls -ld /home/madeline/public_html/
drwxrwxrwx 19 madeline madeline 4096 Mar 27 13:33 /home/madeline/public_html/
$ ls -ld /home/madeline/public_html/index.html
-rw-r--r-- 1 madeline madeline 15 Mar 27 13:33 /home/madeline/public_html/index.html
So the important parts are the same. And yet going to URI /~madeline/index.html does what it should do: it shows "blah blah blah"
Nothing looks relevant here, but here are groups for the two users:
$ groups madeline
wheel video audio wireshark madeline
$ groups aardbei
wheel aardbei
What is going on? Why doesn't the user directory for the user aardbei work in Lighttpd?
Following the instructions on the Arch Linux wiki for Apache worked: https://wiki.archlinux.org/index.php/Apache_HTTP_Server#User_directories
$ chmod o+x /home/aardbei
$ chmod o+x /home/aardbei/public_html
$ chmod -R o+r /home/aardbei/public_html
I'm still not sure I understand the permissions at play here, but it solves my problem.
The reason that the accepted answer works is due to the user that the web server is running as requiring access to the user's home directory in order to access their public_html.
Granting o+x allows other users to access a file and/or sub-directory within but not allow them to list the contents of a directory. Basically they can pass through it so long as they know what they're looking for, public_html, but they cannot get a list of the contents otherwise.
Example
Here's my home directory:
$ ls -dl /home/sam
drwx-----x. 3 sam sam 4096 Nov 3 11:08 /home/sam
$ ls -dl /home/sam/public_html
drwxr-xr-x. 2 sam users 4096 Nov 3 11:09 /home/sam/public_html
Now as the user of the web server, lighttpd, cannot list the contents of my home directory:
$ sudo -u lighttpd ls /home/sam
ls: cannot open directory /home/sam: Permission denied
But can see a specific directory if they happen to know its name:
$ ls -dl /home/sam/public_html
drwxr-xr-x. 2 sam users 4096 Nov 3 11:09 /home/sam/public_html
Here's another directory that the web server can see too:
$ sudo -u lighttpd ls -ld /home/sam/someotherdir
drwx------. 2 sam users 4096 Nov 3 11:22 /home/sam/someotherdir
And files within the public_html are visible as well:
$ ls -dl /home/sam/public_html/index.html
-rw-r--r--. 1 sam users 3 Nov 3 11:09 /home/sam/public_html/index.html
Normal permissions apply here, so if you don't want the web server to see something, make it readonly to your user & groups but not everyone else (others).
I'm having issues with getting Apache working with my virtualhosts, and I've narrowed it down to the fact that I'm adding manually-created virtual hosts (vs. the others which are created by a python script). When I run:
ls -l
I get this:
-rw-r--r-- 1 root wheel 772 May 10 17:53 host1.com
-rw-r--r-- 1 root wheel 766 May 10 17:53 host2.com
-rw-r--r--# 1 myname wheel 914 Mar 28 14:24 host3.com
-rw-r--r-- 1 root wheel 3897 May 10 17:53 host4.com
-rw-r--r-- 1 root wheel 5240 May 10 17:53 host5.com
-rw-r--r-- 1 root wheel 4037 May 10 17:53 host6.com
I'm not sure what the "#" refers to, but that manually-created file my username as the owner instead of root. When I view the file info in OS X (Finder), I see that permissions for most of the files show "system" has Read & Write access, but my manually-created vh file shows that I (my username) has Read & Write access.
Can someone tell me how to set the permissions for "system" or "root" in Terminal? I do have superuser access.
You can change the ownership of a file in terminal by using
sudo chown owner:group filepath
Or in your case
sudo chown root:wheel filepath
Additionally, you can change the permissions of a file by using chmod
The # indicates that there are extended attributes. You can use the command xattr to have a look at them
You can set the owner with chown