Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
Apologies if this has already been asked already, but I tried a quick search and couldn't find my problem.
Basically I am trying to SSH a file onto my friends server from my computer for him to read and modify himself. He has given me my own login and sufficent rights etc, but he is unable to see what I've uploaded to the server, nor can I see what he has added.
I am currently using:
scp hello.txt username#domain.com:/home/username/
which uploads correctly and I can see it.
Could someone please help me out and explain why he is unable to view what he's uploaded, and vice versa?
How can we set it up so we can see each others files and modify them (some sort of public folder?)?
The problem are most likely the access rights on the directory/file. A non-root user might not be able to see the contents of the home directory of another user. If you upload a file to your home directory, your friend can consequently not see the uploaded file and vice versa.
The solution is simple: you need a directory on which both of you have the appropriate permissions, as you already assumed. Try this:
# on the server
mkdir /var/your_share/
chmod o+rwx /var/your_share/
# on your host
scp hello.txt username#domain.com:/var/your_share/
# on the server
ls -l /var/your_share/hello.txt
The ls -l displays the permissions of the uploaded file.
-rw-r--r-- 1 username username 10 Oct 13 15:49 hello.txt
If it says something like this, your friend will not have permissions to change the file but only to read it. Use the following command to grant him write permissions for that file:
# on the server
chmod o+w /var/your_share/hello.txt
ls -l /var/your_share/hello.txt
The output should then be something like:
-rw-r--rw- 1 username username 10 Oct 13 15:49 hello.txt
Note: The permissions granted in these commands are not only for the account of your friend but for all accounts on the server. That means everybody can read and write to the file. If you want to change that, you have to setup a group and only grant rights to the group.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I have noticed while learning how to setup ssh that lots of stackoverflow posts referred to the file ssh config being inside of the folder ~/.ssh but when i look at the same folder in my macbook the files listed are:
created from my last ssh setup
someprivatekey
someprivatekey.pub
known_hosts
now when i inspect the folder cd /etc/ssh/ then i can see the file ssh_config there.
Is it a normal behavior or should ssh file "ssh_config" always be located in "~/.ssh" folder and I have presumably a wrong configuration?
(Sorry if the post sound very elementary, i am learning how to use ssh)
how to should i setup ssh and the "ssh_config" file correctly?
The file in /etc/ssh affects all users on the machine, while the one in ~/.ssh affects only you. You can find a complete list of the file locations at the end of the ssh manpage (which should be available at your computer by running man ssh).
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I'm having permissions issues when accessing seemingly random directories/files on the windows filesystem with wsl2/ubuntu. Some directories are not accessible and I get a 'permission denied' error when I try to access them or any of the files in them. However, I have no issues accessing them from Windows itself through explorer or a non-admin powershell or command-line shell.
From the WSL side I am the owner of the files and directories and have correct permissions but I still cannot access them. I can however access these directories/files if I switch to root. I shouldn't have to though since the permissions on this directory are the same as the ones on other directores.
drwxr-xr-x me me
I've tried looking at the directory properties from the Windows side and making them more permissive ("Full-control" to each group in the properties>security menu) to all of the various groups with no success. I am the only user of this computer and the only groups that exist are...
Authenticated Users
SYSTEM
Administrators (${my-machine-name}\Administrators)
Users (${my-machine-name}\Users)
I can provide more info if needed.
Make sure that not only the directory that contains the files has rx for your WSL user but also every directory above it (Sorry, would have commented but I don't have enough rep yet).
Try creating a /etc/wsl.conf with the following:
[automount]
options="metadata,uid=1000,gid=1000,umask=022"
After creating the file:
Exit your WSL session
wsl --terminate <distro> or wsl --shutdown
Then restart and test the file/directory permissions again.
The uid and gid probably already default to those values since you mention that the files and directories on the NTFS drive are showing as owned by your user. So they can probably be left out.
The metadata option is important, as it allows WSL to map Linux permissions on to files and directories created in WSL on those NTFS drivers. But again, this isn't really your problem here either.
The umask is hopefully the long-term answer to your problem, as it will map WSL/Linux rwxr-xr-x to directories created in Windows, and rw-r–r– to files.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
I've setup a Debian cloud server. I installed apache, php and then vsftpd. I created users and set permission etc.
When I upload a file, its default permissions are 600 and I can't view the file unless I manually change it to 774 or 775.
So, I'd like to change the default permissions of all files that I upload to /var/www/ to 754.
I know that chmod -R 754 /var/www makes all files within that directory to 774 but it doesn't change the default permissions of all new files that are uploaded.
My user is 'joe' for demo purpose since I'm learning, so I even tried chown -R joe /var/www but that didn't change the default permissions either.
How do I change it default permissions from 600 to 774? In which file should I write and what?
You should use umask. More info here: http://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html
You must change the umask of the user(s) writing to the directory. And BTW do NOT set execute permissions when they are not needed.
A umask is a negative mask of permissions which should be applied. By default, all files would be created with 666 and all directories with 777. With a umask of 002, which seems to be what you want, these become 664 and 775.
Now, how to set the umask depends on the program which actually writes the file, and whether this setting is available in its configuration file.
Another, less known way, would be to set POSIX ACLs to the upload directory: for this, you can use setfacl with the -d option on /var/www (provided your OS, and filesystem, support it both).
One of your comments suggests you are uploading the files through proftpd. If this is the case, then your question is really specific to that piece of software. The answer is not to go modifying /etc/profile, as that is going to change the default umask for all users that use Bourne Shell or similar (i.e. Bash). Furthermore, a user must actually log into the shell for /etc/profile to be read, and on a properly configured system, the user your daemon is running as does not actually log in. Check http://www.proftpd.org/docs/howto/Umask.html for information specific to proftpd and umasks.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
I am trying to use the scp command but I'm getting the following error:
permission denied
lost connection
I get this when I use scp to copy a file from a master node to a slave node.
This is probably more like your error, ya?
Permission denied (publickey).
lost connection
The simplest problem is that you don't have permissions to access the directories specified on at least one end of the copy operation, or you may just have a bad login.
You could try using sudo chown -R
*username* to make sure you have rights to the target directories on
both ends.
Check your directory specifications, make sure that you are using ~/Documents for instance instead of /Documents. Very different locations.
If you've got a bad login, I can't help you there, sorry. Try just ssh-ing into the target(s) make sure you can.
You could check out the manpage for more help
I think error in giving permission to folder which has the authorized_keys file
use chmod and set the permissions
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
Sometimes I want to allow users to upload files through Apache. There are two different ways I could set the permissions so that Apache can write the uploaded files to the directory.
I can make the user Apache is running as the owner of the directory so that it looks like this:
drwxr-xr-x 2 www admin 68 Sep 24 2007 uploadedfiles
I can give write permission to "others" where Apache is one of the others:
drwxr-xrwx 35 egbert admin 1190 Mar 9 13:17 uploadedfiles
Is one of these safer than the other?
The most restrictive access, in this case exclusive access to www/admin with permission 0750, is always the safest. Note that, in the permission mask above, users who are neither www nor members of admin are not allowed to access the contents of the directory at all; this is in order to reduce the possibility that an unauthorized party logged into the system gain access to potentially confidential information uploaded by users.
Do not forget that on most *nix platforms you also have a third, extremely flexible option, that is, setting ACLs using setfacl. ACLs are a superset of what can be achieved with the regular permission bits and ownership methods. ACLs are the option of choice when confronted with complex security setups (including per-user permissions, default ownerships, etc. - but you may need to first add acl to /etc/fstab in the mount options of the volume hosting your directory, see man mount.) You may choose to use ACLs if two or more users need access to the directory in question without being members of, say, the admin group.
There are 2 questions to ask here - first, who else (if anyone) needs to access those files? If there are other processes that act on those files, who are they running as, and how will that interact with the chosen solution? If there aren't other processes or users accessing the files, I'd go with making the apache user the owner, as that's all that is needed, and it follows one of the oldest principles in security - only let people who need access to something have it.
If the system is being used for other purposes you should probably avoid giving permissions via the 'others'. Allowing permissions here would basically mean anything else running on that computer, or with access to that computer would have rights to those files.
Also, you could create an additional group, and make apache a group member, and whoever is in admin, and change the group ownership to that group, and give permissions to that group. If you use a group, you will probably also need set the 'setgid' bit on the directory. When the setgid bit is set any files created will get the same group membership of the parent directory.
The general rule with security is that of least privilidge. You want to use as minimal permissions as possible. In this case, the first option (writable by apache) means that the directory can only be written to if your system is compromised through the apache user, whereas with option two (writable by everyone), any account can be compromised and write to that directory. In this case, I would go with option one:
drwxr-xr-x 2 www admin 68 Sep 24 2007 uploadedfiles
Giving read access to others is also a security risk. Wordpress for example, has a file containing the username and password of the database.