recentpopularlog in

kme : permissions   54

umask - cmdline Unix Permissions bits calculator - Unix & Linux Stack Exchange
Useful for this tidbit alone:
<code class="language-bash">printf '%o\n' "$((value ^ 511))"</code>
unix  sysadmin  permissions  permissionbits  posixbits  bashscripting  calculator 
june 2019 by kme
cannot mount as normal user |
<code class="language-fstab">
# add an entry for /dev/sr0 to /etc/fstab with 'users' mount option
/dev/sr0 /cdrom auto ro,noauto,exec,users 0 0
unix  linux  fstab  mount  permissions  asnonadmin  dammitbrain  solution 
october 2018 by kme
linux - You don't have permission error in Apache in CentOS - Stack Overflow -
This is a common problem, and this is a good tip:
ps axo user,group,comm | grep apache

Also, check "getenforce" to see if SELinux is the problem.
centos  apache  httpd  annoyance  webmaster  syadmin  permissions  solution 
october 2017 by kme
NFSv4 ACLs | Department of Electrical Engineering & Computer Science
This is very important: once you have created your ACL with inherited access controls, you must then set the group field of your umask(2) to something permissive enough to allow any extra principals in your inherited list (other than the OWNER@, GROUP@, and EVERYONE@) to have the access you would like. Take a moment to let that sink in. For example, if you have an ACE like on a directory, then you need to set your umask to at most 007 (e.g. with a command like “umask 007”). If instead you only gave joeuser the RX permissions, you could set your umask to 027. No, it does not make any sense, and yes it is a bug, but it is not likely to be fixed soon.

Example: Give your research group, research1, read access to your project directory project1:

$ find project1 -type d -exec nfs4_setfacl -a "" {} \;$ find project1 -type f -exec nfs4_setfacl -a "" {} \;
filesystem  permissions  nfs4  acl  nfs4_setfacl  sysadmin  osc  solution  fuckina 
april 2017 by kme
Basic Usage - Synced Folders - Vagrant by HashiCorp
Modifying the Owner/Group

By default, Vagrant mounts the synced folders with the owner/group set to the SSH user. Sometimes it is preferable to mount folders with a different owner and group. It is possible to set these options:

config.vm.synced_folder "src/", "/srv/website",
owner: "root", group: "root"

Mount options for mount.vboxsf:

set the default file owner user id to UID

set the default file owner group id to GID

set the "time to live" to TID for the dentry

override the mode of all directories to (octal) MODE

override the mode of all regular files to (octal) MODE

set the umask to (octal) UMASK

set the umask applied to directories only

set the umask applied to regular files only

vagrant  virtualbox  sharedfolder  permissions  solution 
march 2017 by kme
Linux/Documentation/filesystems/devpts.txt - Linux Cross Reference - Free Electrons
I saw this on a Debian 8.6 (Jessie, kernel 4.4.19-1-pve) where /dev/pts/ptmx was c--------- and both Screen and tmux would just immediately bail out with no error messages. Even 'strace' wasn't much help in getting to the bottom of this, but The short-term fix was to 'chmod 0666 /dev/pts/ptmx', but adding the mount option discussed below might be a long-term fix.

There are 'lxcfs' entries in the list of mounts, so it could be the same issue discussed elsewhere that's related to containerization. I dunno. I'm satisfied now that I actually understand why the heck this was happening in the firts place.

- (SE thread that gave me the idea to start googling for 'ptmx' which eventually led me here)
As an option instead of placing a /dev/ptmx device node at /dev/ptmx it is possible to place a symlink to /dev/pts/ptmx at /dev/ptmx or to bind mount /dev/ptx/ptmx to /dev/ptmx. If you opt for using the devpts filesystem in this manner devpts should be mounted with the ptmxmode=0666, or chmod 0666 /dev/pts/ptmx should be called.
linux  screen  tmux  terminalmultiplexor  ptmx  devpts  permissions  sysadmin  solution 
december 2016 by kme
linux - How do I use the terminal SCREEN when chrooted? - Super User
I had this problem once where /dev/pts/ptmx was c--------- and Screen and tmux would both refuse to run (without any error message!).
screen  pts  ptmx  sysadmin  permissions  maybesolution 
december 2016 by kme
devpts: Attempting to get it right []
This gave me some clue as to what the permissions were *supposed* to be for /dev/pts and related files. The (short-term) solution to the problem I was having was to 'chmod 666 /dev/pts/ptmx', but possibly a permanent solution is discussed here:
linux  kernel  devpts  ptmx  permissions 
december 2016 by kme
ACL Tips | Apple Support Communities
Here's a good template for a Makefile:

DIRS = one two three
WWWUSER = _www
DIRACL := file_inherit,readattr,read,writeattr,write,delete
FILEACL := directory_inherit,append,list,search,add_file,add_subdirectory,delete_child

chmod +a "$(USER) allow $(DIRACL)" $(DIRS) && \
chmod +a "$(USER) allow $(FILEACL)" $(DIRS)
chmod +a "$(WWWUSER) allow $(DIRACL)" $(DIRS) && \
chmod +a "$(WWWUSER) allow $(FILEACL)" $(DIRS)
mac  osx  acl  filesystem  permissions  sysadmin  reference  solution 
june 2016 by kme
Installing and Configuring Symfony (The Symfony Book)
2. Using ACL on a system that supports chmod +a (MacOS X)

MacOS X allows you to use the chmod +a command. This uses a command to try to determine your web server user and set it as HTTPDUSER:

$ rm -rf app/cache/*
$ rm -rf app/logs/*

$ HTTPDUSER=`ps axo user,comm | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | head -1 | cut -d\ -f1`
$ sudo chmod +a "$HTTPDUSER allow delete,write,append,file_inherit,directory_inherit" app/cache app/logs
$ sudo chmod +a "`whoami` allow delete,write,append,file_inherit,directory_inherit" app/cache app/logs
symfony  mac  osx  sysadmin  acl  permissions  webdevel  solution 
may 2016 by kme
03 - Fixing npm permissions | npm Documentation
I picked ~/opt/npm-global, then added $/opt/npm-global/bin to my $PATH.
npm config set prefix '~/opt/npm-global'
javascript  devel  npm  permissions  annoyance  solution  mac  osx 
april 2016 by kme
osx - How do I use chmod on a Mac to make new files inherit parent directory permissions? - Ask Different
"group:_www allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit"
mac  osx  inheritance  acl  permissions  sysadmin 
january 2016 by kme
SystemGroups - Debian Wiki
'staff' is also interesting; seems to allow writing to /usr/local.
adm: Group adm is used for system monitoring tasks. Members of this group can read many log files in /var/log, and can use xconsole. Historically, /var/log was /usr/adm (and later /var/adm), thus the name of the group.
debian  sysadmin  permissions  usermanagement  xconsole  logs  solution 
september 2015 by kme
How do I make Git ignore file mode (chmod) changes? - Stack Overflow -

git config core.fileMode false
From git-config(1):

If false, the executable bit differences between the index and the
working copy are ignored; useful on broken filesystems like FAT.
See git-update-index(1). True by default.
The -c flag can be used to set this option for one-off commands:

git -c core.fileMode=false diff
And the --global flag will make it be the default behavior on the system

git config --global core.filemode false
git  permissions  chmod  solution 
july 2015 by kme
Fixing Mac OSX File Permissions and ACLs From the Command Line › Backdrift Backdrift
When I migrated parts of ~/Library/Application support, Fluid/FluidApps probably had some funny ACLs because I couldn't remove bookmarks from the bookmarks bar. This fixed the problem, even when the 'resetpassword's "Reset Home Directory Permissions and ACLs" (from the Repair Utilities command line) didn't work.
mac  osx  permissions  acls  terminal  annoyance  solution 
july 2015 by kme
osxadmin: chmod ACL removal
The command to recursively remove all ACLs from the files in the working directory and its subdirectories is:

sudo echo | sudo chmod -R -E ./*
mac  osx  acls  permissions  filesystem  sysadmin  annoyance  solution 
july 2015 by kme
file permissions - Why does chown reports "Operation not permitted" on OSX? - Super User
This happened to me copying files out of a Time Machine backup.
Yes, Mac has many enhancements to Unix in the area of files. Ignoring the whole resource fork thing which is not used much anymore, there are:

the standard Unix permissions ugo rwx and so on. Normal Unix tools apply.
ACL's, viewable with ls -le and changeable with chmod [ -a | +a | =a ].
file flags viewable with ls -lO and changeable with chflags.
extended attributes, viewable with ls -l@ (attribute keys only) and viewable and changeable with xattr. (Note that there is no man page for xattr but it's a simple program described with xattr -h.)

You can be denied operations on a file because of Unix permissions, ACLs, or file flags. To fully unlock a file:

sudo chmod -N ugo+rw # Remove ACLs and set allow everyone read-write permission
sudo chflags nouchg

Note that if ls -lO shows the schg flag is set, you have to get into single-user mode to unset it. I'm not going to get into that here as there are bigger questions about why the file has that flag set and why you are trying to mess with it and what the consequences will be.
mac  osx  sysadmin  permissions  annoyance  acl  solution 
july 2015 by kme
Re: `install -d -m MODE dir' doesn't honor MODE [Re: Bug#37150...
I don't know about ACLs, though -- I expect they'd be inherited, since -m doesn't really talk about ACLs.

Haha, nope. Not with NFS4 on CentOS 6.
installation  install  build  toolchain  centos  sysadmin  permissions  annoyance 
june 2015 by kme
The error message was "An error occurred during recursive file tree walk." while trying something like

nsacl -R -a A:fd:root@localdomain:RX .

probably because setting "inherit" permissions on files doesn't make any sense, and it balks on that.
Only oddity I've found so far is that recursive operations fail when using the d or f inheritance flags because nfs4_setfacl tries to apply them to files as well as directories, which obviously doesn't make sense.


find . -type f -exec nfs4_setfacl -a A::root@localdomain:RX {} \;
find . -type d -exec nfs4_setfacl -a A:df:root@localdomain:RX {} \;
nfsv4  nfs4_setfacl  solution  acl  sysadmin  permissions  unix  errormessage 
september 2014 by kme
Unix Permissions
This suggests that you don't need to change the permissions on your home dir. Maybe in that environment, but my experience (CentOS 6.5, with lots of SELinux hoops to jump through) shows that you need at *least* o=x on the user's home directory.
Permissions for the Web
Now we'll take a look at how permissions affect us on the Web. The first step is understanding the public_html directory. If you are creating a home page, and wish to put it in your home directory, you first need to make a public_html directory in your home directory. So for instance, if I wish to access my home page on the student cluster, whenever I access this will look in my public_html directory for the files. This is a bit of a security feature so that people can look at the other files in your home directory. The command will look like this:
mkdir public_html
The permissions for the public_html should be something like rwx-----x. You can have other permission bits, but this is the minimum that you will need. The command
chmod 701 public_html
will do the trick. It is a popular misconception that you need to change the permissions of your actual home directory. This is NOT TRUE!

Another thing to mention is that if you want people to browse through the directory, then you should also make it world readable. The permissions will be rwx---r-x. When I say browse the directory, I mean something like this: Browse. If you click on that link, then you can see what I mean. When you do not have an index.html file, you can browse the directory.

Now you need to regard yourself with the permissions of an HTML document. The only requirement for an HTML document is that the web server can read it. This means that you need to make your file world readable. After changing into your public_html directory like this:
cd public_html
and you create an HTML document with your favorite editor, you can use the command
chmod o+r some_document.html
to set the permissions correctly. Another way to do it is:
chmod 604 some_document.html
This sets it to rw----r--. This is so you can still read and write to the file, and the web server can get the document. We could ramble on this subject for a much longer time, but let's get on to making some HTML documents. If you have more problems or you need some more specific information, don't hesitate to ask someone..
public_html  webdevel  webmaster  hosting  unix  filesystem  permissions 
june 2014 by kme
Error message is new to me during FileUpload | Wikipedia | Mediawiki
On Wed, Mar 5, 2014 at 12:37 PM, John Foster <jfoster81747 [at] verizon>wrote:

> Could not create directory "mwstore://local-backend/local-public/5/55".

This generally indicates the /images directory is not writable by the
mediawiki  filesystem  permissions  solution  webmaster 
june 2014 by kme
FilePermissions - Community Help Wiki
setfacl -d -m u:nobody:rwx,g:nogroup:rwx,o::r-x shared_dir

You can actually give other users access to the file if you're the owner. Makes sense, but I didn't expect that, since you can't change the primary ownership unless you're root (I thought).
linux  acl  filesystem  permissions  sysadmin  dammitbrain  reference 
june 2014 by kme
mountpoint - Why are the default permissions for /media/username root:root? - Ask Ubuntu
I ran into this problem with Linux Mint 15 (Olivia) because I'd changed the uid for my account (to match the NAS) and I'd missed this one folder. (P.S.: Yes, this /is/ possible with ecryptfs-mounted home dirs, and it wasn't to difficult to puzzle out.) Solution was:

sudo setfacl -m u:username:rx /media/username/
sudo setfacl -x u:1000 /media/username/

$ ls -l /media | grep $USER
drwxr-x---+ 3 root root 4096 Jan 22 15:59 oli

Basically this means that only a root user can interact with the directory. This is great for security (certainly stops other users seeing, let alone stealing/deleting/changing data) but that's not where the story ends.

You might notice the plus sign at the end of the permission mask. This means an ACL (Access Control List) is in use. This allows for far more granular permissions.

$ getfacl /media/$USER
getfacl: Removing leading '/' from absolute path names
# file: media/oli
# owner: root
# group: root
linux  linuxmint  filesystem  removablestorage  usb  flashdrive  permissions  acl  solution 
march 2014 by kme
How to add a user to a UNIX group - Mac OS X Hints
or one uses the System Preferences > Accounts > + > Change "New Account" to "Group" and add the Users via the GUI :)

How to add a user to a UNIX group
Authored by: bcamp1973 on Jun 10, '10 08:18:12AM

That only applies to *new* groups you create though correct?

How to add a user to a UNIX group
Authored by: barefootguru on Jun 10, '10 09:32:06AM

Once you've created a group through System Prefs you can edit membership through there too.

NB: You can context-click on the new group to change its ID and membership, e.g., to match a remote NFS's 'users' (staff, adm, whatever) group. These take effect without logging out, but you'll need to close and reopen any terminal login sessions to get the updates permissions (oddly, even though 'id' shows the new group membership right away). UPDATE: You probably need to log off and back on again, too. Relaunching Finder didn't update permissions.
mac  osx  unix  group  sysadmin  permissions  solution 
december 2013 by kme

Copy this bookmark:

to read