How to set up crontab permissions to be readable by apache - apache

I have a django application which should read and write to a crontab. However if I create the file with this:
sudo su www-data
crontab -e
I can see that:
# ls -la
total 12
drwx-wx--T 2 root crontab 4096 Aug 13 16:28 .
drwxr-xr-x 5 root root 4096 May 1 2012 ..
-rw------- 1 www-data crontab 202 Aug 13 16:28 www-data
However the file is still not readable and writeable by django. If I switch with sudo to www-data user I can't edit the file. How to setup the permissions properly?

You are not allowed to read that dir, for good reason.
You can however:
Read the file with crontab -l
Replace the crontab with crontab /path/to/file/which/will/replace/it.
So a workable solution would be:
Store current crontab -l in some tempfile.
Do you modifications on that tempfile
Install that tempfile with crontab /path/to/tempfile
The reason is in man cron:
Users are not allowed to edit the files under that directory
directly to ensure that only users allowed by the system to run periodic tasks can add them, and only syntactically correct crontabs will be written
there. This is enforced by having the directory writable only by the crontab group and configuring crontab command with the setgid bid set for that
specific group.

Related

SSH/Fuse mount create file ok but can't delete it

I have a proxmox server so under debian, and I want to mount a remote directory from my Nas Synologies to make backups.
I normally use ssh mounts without any problem.
But this time I have an error that I have never encountered, I can create files, but not delete them.
I find this very strange and I don't see where this can come from
root#proxmox:/mnt/# sshfs user#192.168.0.1:home/data /mnt/dist-folder/ -o reconnect,
ServerAliveInterval=60,ServerAliveCountMax=30,allow_other,
default_permissions,uid=0,gid=0,umask=007
root#proxmox:/mnt# cd dist-folder/
root#proxmox:/mnt/dist-folder# touch aa.txt
root#proxmox:/mnt/dist-folder# ls -la
total 12
drwxrwx--- 1 root root 114 Mar 13 09:53 .
drwxr-xr-x 7 root root 4096 Mar 13 09:37 ..
-rwxrwx--- 1 root root 0 Mar 13 09:53 aa.txt
root#proxmox:/mnt/dist-folder# rm aa.txt
rm: cannot remove 'aa.txt': Permission denied
With uid=0,gid=0 for root user and group
Thanks
This is finally a problem specific to synology.
For the assembly of the file it is absolutely necessary to respect the path by starting with
/homes/<user>home/
So it's give
sshfs user#192.168.0.1:/homes/proxmox/home/data /mnt/dist-folder/
And it's works fine !
It's not the first time that I have an abnormal configuration for this synology tool... AGrrrr

What permission do I need to edit a perl file on linux via Sublime

Somehow I've made an error where my Perl files, located on a Linux server, must be set at 775 for me to edit them via Sublime, on my Windows laptop.
I can change the files to 755 and they'll run properly, but I can't edit them unless they're set to 775. When I try to save them I get a Permission Denied error.
Everything is owned by www-data
drwxr-xr-x 2 www-data www-data 4096 Jun 10 08:00 cgi-bin
The Perl file within cgi-bin directory is as well
-rwxr-xr-x 1 www-data www-data 960 Jun 10 01:22 perly.pl
When I log in via the Sublime editor I log in as the original user I created my server with "danny", and he is a member of the www-data group.
Can anyone figure out where I making a mistake or the wrong assumption?

Debian apache www-user to set processes for other users in crontab

i have a php script which enables crontab schedules as www-data. I want to do this from apache but with command -u userx. My question what i have to do in order to give the possibility for www-data user to create crontab jobs for other users?
So far:
1. I created userx and i put it to sudoers file.
2. Also made the sudo chown for www-data to crontab folder. The idea is that i host php file which makes the changes in crontab in apache so the user that changes crontab jobs must be www-data. any ideas?
I suggest use crontab for www-data
sudo -u www-data crontab -e

How to set file permissions for root in OS X / Terminal?

I'm having issues with getting Apache working with my virtualhosts, and I've narrowed it down to the fact that I'm adding manually-created virtual hosts (vs. the others which are created by a python script). When I run:
ls -l
I get this:
-rw-r--r-- 1 root wheel 772 May 10 17:53 host1.com
-rw-r--r-- 1 root wheel 766 May 10 17:53 host2.com
-rw-r--r--# 1 myname wheel 914 Mar 28 14:24 host3.com
-rw-r--r-- 1 root wheel 3897 May 10 17:53 host4.com
-rw-r--r-- 1 root wheel 5240 May 10 17:53 host5.com
-rw-r--r-- 1 root wheel 4037 May 10 17:53 host6.com
I'm not sure what the "#" refers to, but that manually-created file my username as the owner instead of root. When I view the file info in OS X (Finder), I see that permissions for most of the files show "system" has Read & Write access, but my manually-created vh file shows that I (my username) has Read & Write access.
Can someone tell me how to set the permissions for "system" or "root" in Terminal? I do have superuser access.
You can change the ownership of a file in terminal by using
sudo chown owner:group filepath
Or in your case
sudo chown root:wheel filepath
Additionally, you can change the permissions of a file by using chmod
The # indicates that there are extended attributes. You can use the command xattr to have a look at them
You can set the owner with chown

How can I mount an S3 volume with proper permissions using FUSE

I have an Amazon S3 bucket (let's call it static.example.com) that I need to mount on an EC2 instance (Ubuntu 12.04.2). I've installed s3fs. I'm able to mount the volume, but I can't write to the bucket. I have tried:
sudo s3fs static.example.com -o use_cache=/tmp,allow_other,uid=33,gid=33 /mnt/static.example.com
I can then cd /mnt and ls -la to see:
drwxr-xr-x 5 root root 4096 Mar 28 18:03 .
drwxr-xr-x 25 root root 4096 Feb 19 19:22 ..
lrwxrwxrwx 1 root root 7 Feb 21 19:19 httpd -> /httpd/
drwx------ 2 root root 16384 Oct 9 2012 lost+found
drwxr-xr-x 1 www-data www-data 0 Jan 1 1970 static.example.com
This all looks good, but when I cd static.example.com and mkdir test, I get:
mkdir: cannot create directory `test': Permission denied
The only way I can actually create a directory or touch a file is to force it with sudo. This is not a viable option, however, because I want to write files to the bucket from Apache. My Apache server runs as user:group www-data. Running mount yields:
s3fs on /mnt/static.example.com type fuse.s3fs (rw,nosuid,nodev,allow_other)
How can I mount this bucket in a manner that will allow me to write to the bucket?
I'm the lead developer and maintainer of Open source project RioFS: a userspace filesystem to mount Amazon S3 buckets.
Our project is an alternative to “s3fs” project, main advantages comparing to “s3fs” are: simplicity, the speed of operations and bugs-free code. Currently the project is in the “beta” state, but it's been running on several high-loaded fileservers for quite some time.
We are seeking for more people to join our project and help with the testing. From our side we offer quick bugs fix and will listen to your requests to add new features.
Regarding your issue:
if'd you use RioFS, you could mount a bucket and have a write access to it using the following command (assuming you have installed RioFS and have exported AWSACCESSKEYID and AWSSECRETACCESSKEY environment variables):
riofs -o allow_other http://s3.amazonaws.com bucket_name /mnt/static.example.com
(please refer to project description for command line arguments)
Please note that the project is still in the development, there are could be still a number of bugs left.
If you find that something doesn't work as expected: please fill a issue report on the project's GitHub page.
Hope it helps and we are looking forward to seeing you joined our community !
This works for me:
sudo s3fs bucketname /mnt/folder -o allow_other,nosuid,use_cache=/mnt/foldercache
If you need to debug, just add ,f2 -f -d:
sudo s3fs bucketname /mnt/folder -o allow_other,nosuid,use_cache=/mnt/foldercache,f2 -f -d
Try this method using S3Backer:
mountpoint/
file # (e.g., can be used as a virtual loopback)
stats # human readable statistics
Read more about it hurr:
http://www.turnkeylinux.org/blog/exploring-s3-based-filesystems-s3fs-and-s3backer