If you explicitly state -,root,root in the %defattr then the installed packaged will belong to root - root, and will have 'default' permissions (due to the -. Replacing it with a three-digit octal give the installed files those permissions instead of 'default permissions').
I am wondering how RPM determines what permissions to give when using '-'? I think it is related to umask, but I'm currently testing to confirm. If it is related to umask, then when exactly does the umask get applied?
Thanks.
umask removes permissions from the defaults of 0666 for files. If you have a umask of 0022, then you end up with effective default permissions on new files/folders of 0644. You can see the default umask that your account has with the umask command and no parameters. It is normally set at login time by the /etc/bashrc file and /etc/profile file.
Related
POSIX directory permissions include the "sticky" bit (S_ISVTX) which is described as limiting deletion or renaming to just the owner of a file, or to root. This is often used for directories such as /tmp and /var/tmp which may have permissions drwxrwxrwt to allow all users to create temporary files, but prevent other non-root users from deleting those files.
My question is about root's permission to modify files created by ordinary users within directories marked with the sticky bit.
Suppose, an ordinary user creates a file in a sticky-bit protected /var/tmp (which is on a local, non-NFS filesystem, with no SELinux restrictions):
echo "something" > /var/tmp/somefile
but then root tries to append to this file:
echo "else" >> /var/tmp/somefile
When I try this on some Linux systems (e.g. Debian-11, ArchLinux) this produces a bash: /var/tmp/somefile: Permission denied error. This seems an unexpected restriction on the powers of the superuser to change files in the local filesystem. Other flavours of Linux (e.g. Debian-10, Debian-9, Fedora-35) do not seem to have this restriction, despite no obvious differences in filesystem setup.
I've not been able to find any documentation that suggests that the sticky bit should prevent root from modifying such a file. For example, the POSIX documentation for sys/stat.h which underpins chmod, says very little about behaviour other than deletion of sticky-protected files.
Can anyone point me towards any official documentation of how the sticky bit should behave when the superuser tries to modify a file in a directory marked with the sticky bit, or what system settings influence this behaviour?
Answer found
The behavior you are showing seems to depend on the fs.protected_regular Linux kernel parameter, introduced along with fs.protected_fifos by this commit, with the aim to fix security vulnerabilities.
Solution:
sudo sysctl fs.protected_regular=0
Resources:
Since it is a patch, it probably won't be documented in more detail.
https://askubuntu.com/questions/1250974/user-root-cant-write-to-file-in-tmp-owned-by-someone-else-in-20-04-but-can-in/1251030#1251030
https://unix.stackexchange.com/questions/503111/group-permissions-for-root-not-working-in-tmp
So I've been going through a really perplexing issue trying to decipher why my umask value is being applied differently depending on how I am creating new files in RHEL.
My goal is to have new files created with 664 permissions so that my group which contains other users can also edit the file.
I have tried editing:
/etc/profile
/etc/bashrc
with:
umask 002
I also tried editing:
/etc/pam.d/common-session
/etc/pam.d/sshd
/etc/pam.d/login
with:
session optional pam_umask.so umask=002
When I create a new file in an SSH terminal using touch the permissions are perfect 664 with the group being able to edit the file.
If I create a new file in a GUI editor such as Coda for Mac, the permissions on the file are 644. If I use that same Coda software and open up the ssh shell built in and touch a new file with the same account the permissions again are the correct 664.
Am I missing something with how to correctly configure umask for all types of users regardless of how the file is being created? (interactive or not?)
Edit:
I got this fixed by finally realizing the files in the GUI were being created locally on the computer and then transferred with the bad permissions. I got it fixed by setting the rules in Coda to specify 664 for new files. Sorry!
I've tried 'umask 77' in the shell, then building it with:
[non-root-user#machine SPECS]$ rpmbuild -bb SPECFILE.spec
but I still get this from the output:
+ umask 022
You cannot change the umask from the shell because rpmbuild will always set a a fixed umask of 0022 before running %prep script.
Therefore, depending on what you're trying to achieve, you could try change the umask in the spec file, at the beginning the %prep section:
%prep
umask 077
But, if you're just trying to set the file permissions for the files in the RPM, the standard way is to use %defattr and %attr directives in the %files section:
%defattr sets the default attributes for files and folders:
%defattr(<file mode>, <user>, <group>, <dir mode>)
some attributes may be omitted by replacing them with a dash (because the file is installed with those attributes properly set)
%attr sets the attributes for a single file or folder:
%attr(<mode>, <user>, <group>) file/folder
As with %defattr if a particular attribute does not need to be specified, you can replace it with a dash (for example you can use it along with %defattr to keep the default value for that attribute)
A full example:
%files
# set default attributes for all files and folders:
%defattr(644, root, root, 755)
# make a file executable:
%attr(755, -, -) /usr/bin/myexec
# set a different owner for a file:
%attr(-, myuser, -) /var/log/mylog.log
# set different permissions, owner and group for a file:
%attr(600, myuser, mygroup) /home/myfile
For more details & examples you can take a look to:
http://www.rpm.org/max-rpm-snapshot/s1-rpm-specref-files-list-directives.html and
http://www.rpm.org/max-rpm/s1-rpm-anywhere-specifying-file-attributes.html
I don't think changing the umask is what you should be doing. I assume you are unhappy with the permissions on the files coming out of the RPM. For that, you should be using %attr() and %defattr() in your %files section.
In the diagnostics sections in textpattern, it's giving me the error:
"File directory path is not writable:...html/textpattern/files" (took out beginning of path)
I changed the permissions for the textpattern folder, and the folder named "files", which is in the root folder not in the textpattern folder, but it's still giving the error. Do I need to change permissions for all enclosed items of the textattern folder and not just the folder itself?
Maybe I got you wrong but I suppose you simply have to change the path to the files folder in your admin panel from "…html/textpattern/files" to "…/html/files".
Assuming you're on a *nix system...
It sounds like you want to change the permissions recursively.
A quick fix might be to change the permissions like so:
chmod -R 777 html/textpattern
This command will go through every folder and file and change its permissions (the -R turns on the recursive bit).
Warning, this is very broad and not a good idea for production.
A better approach would be to change the permissions at a finer level of granularity. Google for "Linux file permissions" or type man chown at the shell.
I have found some solutions to this error and tried implementing them but none of which has worked and hope that some here at SO might have a different answer.
I get this error, "Warning! Failed to move file" when I try install modules into my new installation of Joomla here:
http://sun-eng.sixfoot.co.za
Here's some solutions I have tried to no avail:
http://forum.joomla.org/viewtopic.php?f=199&t=223206
http://www.saibharadwaj.com/blog/2008/03/warning-failed-to-move-file-joomla-10x-joomla-15x/
Anyone know of another solution to this please?
Thanks!
Go to Help -> System Info in your administrator backend and check your Directory Permissions tab to make sure everything is writable.
Also make sure your Path to Temp Folder is correct in Site -> Global Configuration.
Finally, check to make sure that the module isn't already installed. It's possible that some files already got copied or something and now your system is having problems overwriting them.
If none of this works, let us know if the error message specifies which file can't be moved. That would help figure out a solution.
In the configuration folder change the temporal folder location to /tmp (public $tmp_path = '/tmp';) or create your own temperate folder and set it to /myowntemp and change the file permission to 777. you are good to go .
This is typically a file permissions issue. If the system cannot write to the tmp directory within Joomla it will give you the "Warning Failed To Move File" error.
The typical solution is to make the directory wide-open, in general a bad practice but a quick fix. You log in to the Linux command line via a terminal (telnet or ssh) session and set the permissions of the directory.
# chmod -R 777 ./tmp
The better option is to find out what user/group the Apache server is running as and assign the permissions accordingly. For example, if Apache is running your site as the myuser:nobody user:group then you can open up write permissions for the group by changing ownership of the tmp folder and making it writable by anyone in the group:
# chgrp -R nobody ./tmp
# chmod -R 775 ./tmp
Security can be a pain to get set correctly if you don't know *nix commands and security settings, so most people just blast a huge hole in the security with chmod 777.
The next thing you'll probably run into is another error message about not being able to update a specific directory. Again, this is a permissions issue and is typically a piece of the file being unzipped into the administrator subdirectory. Depending on whether your installing a component, a module, or a complex plugin with multiple pieces you may need to open up one or more of these directories using the same approach as above. Here is the "blow a big open hole in security" method:
# chmod -R 777 ./administrator/
Or more selectively:
# chmod -R 777 ./administrator/components/
# chmod -R 777 ./administrator/modules/
If you are a linux user then it is very simple to solve. Just type the following command and try again to install plugin/entension.
sudo chmod -R 777 /var/www/html/my_joomla_folder
You can also refer this link for brief information regarding permission of each folder and file.
Cheers!!
In Joomla 3.x you should go to System->System Information to see directory permissions
If one or more directories that are listed are not "writable" then you should change the permission of those directories:
If you are using one of Linux distributions you can use this command
to give the directories read/write/execute permission:
sudo chmod 777 -R address_of_lampp_directory/lampp/htdocs/joomla_directory
I have had a similar issue today and found is was the permissions set on the 'temp folder'. To resolve I changed them to 777 and my plugin installs worked fine!!
Another thing to check is whether you actually have space on the disk. I had this error and discovered that the drive was 100% full. Removing some unused files fixed the problem.
One other thing to try if everything else is not working is to add the following to your .htaccess file:
php_value upload_max_filesize 10M
Make sure 10M covers the size of the file you are uploading - increase it if your file is 12Mb, for instance.
[Source]
This issue was solved like this.
On the configuration.php file change the tmp_path variable according to:
if you site is mysite.azurewebsites.net, the path should looks like
'C:\DWASFiles\Sites\mysite\VirtualDirectory0\site\wwwroot\tmp'
instead of
'C:\DWASFiles\Sites\mysite.azurewebsites.net\VirtualDirectory0\site\wwwroot\tmp'
Refer to the link: http://social.msdn.microsoft.com/Forums/en-US/windowsazurewebsitespreview/thread/2701eadc-9977-46ab-9c56-81a2234bdce4
I did it and every is working for every error problem with OSX, I use OSX version 10.9.2 and get many problems. The way to fix every error is
# cd /Applications
# chmod -R 777 ./XAMPP
some files might not change permission but the problem is gone.
you can create folder and upload fine and picture, including install plugin.