I'm running Apache2 under uBuntu 9.10. My problem is that I use my own user "wavesailor" to work on my websites. I kept all my sites under /var/www and I set up the security of the directory after following the guidelines.
Code:
sudo chown -R root:root /var/www
sudo chown -R www-data:www-data /var/www/*
[code]...
I just installed Ubuntu workstation into VMware and then installed Apache, Mysql, PHP, and phpmyadmin.I am able to access Apache from any computer in my home so there is not issue there.The issue I am facing is when I try to copy anything into /var/www/ I get a permission denied messsage.I added myself to the administrators group and then rebooted but still get the same message.
I was able to access it by using the following command...gksu nautilus.I don't want to have to do that every time. I would like to be able to access it by just opening "Documents" and the selecting "file system" inside of Nautilus.
I am not putting lnux on my mac, so I don't think it goes in the Apple section and Security is the closest I could find regarding file permissions, so excuse me if I am in the wrong area for this question. I need to back up my macbook (OSX) data. I do not have another mac nor do my friendsw.. I do have a PC running ubuntu 9 though. So I hook it up and can see it, but all the document are locked and I dont have permissions.... now with windows I know how to take over permissions, I have looked online and the closest I found is using the temporary root user command to view all locked files but that gets me to about 25% my data.
View 5 Replies View RelatedI have upgraded to Lucid, but was having the same issues on Karmic. I made a 2nd user acct we'll call X and we'll call the original acct Y. All of these issues only happened after creating X.
On X I have: sound Things wrong with X: I don't have the ability to modify any folders (even ones that are made from X's acct), I can't change the password or even access the Users and Groups, I can't modify any browser settings in Firefox but can on Chromium, the option for wireless is completely gone
On Y I have: the ability to access users and groups, the ability to modify all folders on either acct, the ability to change any settings on anything Things wrong with Y: no sound (doesn't even show the driver, but the driver is there on X's acct), wireless is completely gone (just like X's acct), even though I can access Users and Groups I cannot modify anything about X's acct
My first thought was to completely delete X since that's when all the problems began, but I'm afraid that since X seems to have "stolen" my sound card, that will be lost forever. I am also afraid that since neither account has wireless deleting X might hinder ever getting it back.
I am setting up a new ubuntu server, and I am quite new to linux. This server will be used as code repository for a project I am going to be working on. I plan to setup 3 groups for users: dev, test, doc
- for various developers, testers and documentation users.
I would like to setup the following permissions on the main code repository directory:
dev - write permission
test - execute permission
doc - read permission
public (anyone outside these groups) - deny all access
I am unsure what chmod setting to use, or if this is even possible in ubuntu.
I wanna make a small web server for local use , I've installed apache, every thing works fine I'm the root
I wanna protect the folder that contain the htdocs files (www), i don't want any users that not in root group to access (not even read)
I changed the permission of the htdocs folder as next
Owner: www (apache user)
per: creat , delete
group: root
per: creat , delete
other: none
it only works on the main folder that i changed its permissions ! not all sub folders and files ! were my steps right ? and are their anyway to change all folders and files at once ?
I just added a new user to my ubuntu:
sudo adduser james
When james logs in he access his folder BUT he can also access other user's folders. How can I prevent his access to others? I wish to restrict his account to his folder only (he can read/write).
I have a shared partition on Ubuntu, 'dm-6', if I create a new folder in it, it has 'teocomi' as owner.If I create the folder from another (windows) PC the owner is 'nobody' and from Ubuntu I have to chmod/chown it in oredr to edit its content...Is there a way to set automatically permission and owner for newly created folders and directories?
I tryed with:
Code:
sudo chmod u+s -R /media/dm-6
How is possible, that vim can write to file and changes his ownerchip ?
View 4 Replies View RelatedI've been using Ubuntu for a few years and I am having issues trying to load .jar files and .exe files in Wine. I keep getting an error message that says my computer doesn't have permission to load these files. I've done some research and found people saying to enable the file as executable in the files properties, to enable executable in the permissions folder, and to allow source code on the Ubuntu Software screen, but whenever I try to check these boxes, they immediately revert to having a line through them instead. I remember when I was running Ubuntu a few years ago I was able to completely disable this restriction in terminal, but I can't remember what I did.
View 5 Replies View RelatedI know how to assign file permissions and other tasks like user to group, but I'm stuck with a situation in how I should set up my system.So I have a LAMP server set up. I'm not the only developer so I created a group called "developers" for my other users "Mike," "Alex," and "Cindy," which are developers (I'm Mike by the way). I know that "www-data" is the user and group Apache uses.This is good because only I have permission to update the production site, but for the dev site, it's a different story.
View 3 Replies View Relatedi try to copy file music .oog .wav from Music folder to /usr/share/sounds/freedesktop/stereo but i can't and in folder /stereo i can't manage rename ,cut ,move to trash for all file .ogg when i right click at file to look Properties > at permissions i saw owner : root can not change these permissions
that 's i not understand about owner . and how i can change these permissions ?
How do I add root permissions to my user account?
I want full permissions for all computers in my house, without having to get up and go to the other room and change permissions for the file, folder, drive, directory, computer, etc., then go back to the other room again.
I just created a partition, as THIS user, THIS machine, rebooted, and cannot create a folder on the partition I just created. UGH. No more of this stuff... I guess at the very least, I'll still have to log onto each machine for this?
Is there a way to specify append only permissions for a file?
View 2 Replies View RelatedWe are a school and we share a samba folder with students and teacher groups. What we are trying to do is:
- Give students group users the permissions to rwx own files in folder
- Students must not be able to do anything with others files. I mean nothing so, at most, they could see the files in folder but not read it.
- Teachers can do anything with files in folder
As you can imagine, the idea is that students deliver their exams in that folder without the ability to read/copy the other students files. With sticky bit we can restrict students permissions to their own files, that is ok, but how to restrict all the permissions on other students files without restricting student access to that folder?
What do the default file permissions in ubuntu 9.10 protect/deny access to?
View 9 Replies View RelatedI have a Ubuntu file server with a mix of 30+ users ( mix of windows and linux ).All are members of the same group. All need read write create access. I want to prevent deletion of certain key folders. How can I achieve this ? sudo chmod -R nnnn ??
View 8 Replies View Relatedone thing i can't seem to be able to do is give the guest account just these permissions: using firefox (or other browser) and using one file directory and using a text editor. means the guest can browse the net and sefe some infos form that - nothing more. the previous version had something like that, it was really easy for me, a noob, to do it with two or three clicks. if this possibiility exists, what to do. if it's not implemented... maybe it should be. 'cause many people let others use the computer but don't want any complications...
View 6 Replies View RelatedI have broken my MBR and can now only enter 9.10 with the ubuntu start up cd.when i boot through he ubuntu live cd.I can see my mounted drive with all my files however i do not have the permissions to open or copy some of my files( music, films, pics) . id like to do this so i can transfer all my files to an external HDD and reformat start all over again.error when trying to open files.You do not have the permissions necessary to view the contents of.
View 1 Replies View RelatedI may not be a code worrior, yet I have been a Ubuntu convert from Apple for about 3yrs now. Since 1984-2006 now hackers or viruses. And Until now Ubuntu has been clean, well I have been good with repos, etc.
1. Recently I found "Odd" behavior with my Amarok 1.4 player, ffmpeg, winff.
2. During a Synaptic upgrade there were some "unauthorized changes". I have seen this before due to some of my software, so I ignored it. . .
To my bewilderment, "It" erased Amarok 1.4 player, ffmpeg, winff, all image kernels, claimed domain over my system permissions, and external HD. B4 I shutdown, downloaded LUCID 10.4. . . restarted, then copied over all info possible to minimize a complete delete of my system. Upon restart, indeed all kernel images were gone, Only live CD allowed me access to repartition my HD.
NOW. I have Lucid running, and have been denied access to my external HD and partitioned (internal HD). I used Nautilus to copy over files to my internal laptop HD, yet permissions continue to be an issue. The INFECTED FOLDERS are owned by "User 999-user#999. I must micro manage every folder and file to gain "partial permission". The dialog box stutters and never allows me to go down to "Root"
On Windows, you can go to a file's permissions and it's clearly stated who can do what. You can choose between individual users or groups such as 'everyone' or certain types of users such as 'domain users'. You could create a clear cut list of every single user/group on the system and what their permissions for a file are and have it neatly displayed in a list.On Unix, we have octal permissions and sticky bits. I understand the whole concept of rwxrwxrwx (777). The first three are what the file owner can do, the second is what the main group the user belongs to can do, and the third is what other users can do.
But, when you view a file's permissions you are only getting the permissions as they apply to the user that owns the file. For example, as I understand it, if I viewed a file that only the root user had rwx permissions on and everyone else could only read. The permissions would show up as rwxr--r-- (744). But, those same permissions would show up to any user as 744 as well. Since the last 3 characters are what applies to "other users" (pretty vague). How would someone know what users in particular those permissions apply to? There could be one "other user" that can rwx that file and another "other user" that can't.Also, why just stop with the main group? What about other groups? A the user Foo's main group he belongs to might be Foo. But he could also belong to the groups Boo and Zoo, which belong to other users and would give him full rwx permissions over Boo and Zoo's files just as if he were Boo or Zoo.
Then you have the whole sticky bit thing that makes it so that files can be owned by the same person and at the same time be made use of (to varying degrees) by other users. To chmod the UID you'd chmod 2777 or for GID 4777 (just an an example). I did this for a file and it allowed a standard user account who was previously unable to run the command to be able to run it. But, how can that work when I didn't anywhere specify what particular user (or groups of users) that sticky bit applies to?
I'm confused about this whole thing to the point that I'm not even sure exactly what questions I should be asking or even if my examples are even 100% correct. I just sort of ranted about some specific things that floated to the top of my head. Permissions are easy to understand when your running a Unix-like system on a single user desktop. Because the only users/groups you have are root, the single user, and various system users/groups that you don't really need to worry about. So a file with rwxr--r-- means that only the Root user (not even members of his group) can edit the file and you can't unless you use sudo. Because the "other user" in the last 3 characters always just means you. But, things seem to get a whole lot more complicated when you start adding in multiple users. Can someone explain this or link to a "for dummies" article that can explain all of this to me in a way that someone who's used to Windows style permissions can make a connection between the two OS families and their way of handling these things?
I want to have an account (beta user), on which:I can use the Internet and other programs without administrative rights without the right to install programs with a kind of sandbox for everything that is connected to the Internet, which means: everything that is associated with the web browser's processes and files that I save to hard disk I want to be separated from the rest of the system, so that whatever can catch up on this account will be locked in it, for example any (if at all) possible malicious scripts from Internet or whatever may be dangerous now or invented in the future. Sometimes, for example, I save the web page to disk with all it content.
And in case someone cracked into this account I want make it in that way that he could not do any tricks to read or change passwords, or make any other changes to the system. The best would be if a password for that user might serve only to log in without having any other powers, and I would give that user an automatic login. For now I created a beta user without administrative rights. I understand that the limiting rights of the user are associated with limiting rights to their home directory. There are also groups, and a user may be included or excluded. I excluded that user from admin group but I don't know what else I can limit and how. When I give chmod 0644 for /home of this user he cannot run Firefox. When I give him 0740 he can run applications, so I assume the x attribute must be preserved.
This is a user without sudo rights, so when I type sudo apt-get update a message shows up correctly that this user doesn't belong to the sudoers group. But still it's not what I wanted. When the user runs Gufw and wants to change the settings to disable the firewall, a message shows up asking to type in a password of alpha user = primary user, which is that belonging to the sudoers group, the first / main user that I created during system installation. I wish that there was only the message that the beta user has no power to change anything, which means even completely remove the possibility of asking for sudo.
In addition, I wish that this beta couldn't be able to change the permissions to its home directory, or go to see what is above. Because so far beta can change the file permissions for its /home, even without a sudo password. How can I do it? Do I need to create a kind of chroot jail for this user? I would like any changes to that user account could be made only after the user log off from beta account, and log in on alfa account and that beta could run only programs that ware installed by alpha. And that beta could read and write, but alfa could also read and write or remove, alter files on beta account. Basically, alfa account should be superior to beta account. Can do that?
What should I do if I want to allow access to USB flash drive selectively - Say for e.g. All permissions for "root", "Read/Write" for user "A", Only "Read" for user "B" and user "C" shouldn't be able to access or mount (no permissions) the USB flash drive at all.Also I want to do it by modifying entries in some files or by some commands (so that it can be done programatically if needed)
View 5 Replies View RelatedRecently I've tried installing Calibre from the Software Centre, but it seemed to be glitching as when I press Update Source, the 'In Progress' icon shows up, but when it finishes nothing changes - the Update Source button is still Should I report this?Anyways, I've installed Calibre from their website to .calibre in Home Folder. However, the folder is 'locked' as it requires root priveleges and I can't drop files there without being the admin. I'd like to reduce 'open as root' files to minimum, so I was wondering if there is a way to change the permissions of all the content in one operation, preferably using GUI, and not the terminal?
In addition I've noticed that other folders in my Home Folder like Pictures/Wallpapers require root privileges. This is really annoying as when I 'experiment' with Ubuntu I use Live CD to make sure I don't screw up the main system. When I do I can't open some files from hard disk because of those root inconsistencies
I was about to post a new thread and saw that there are several answers out here already and I have done the new group permission one on my server -- actually on my test server I just added "my user" to the group "root" to gain rw access to /var/www/htdocs/.Someone suggested that the proper way might be to do symlinks to the directory in a real production environment and I wanted to find out if that is the *best* way to go or whether to actually make a group "www_admin" (pick your favorite flavor of this) and add my users to that group?
I guess I am looking for the "best practice" in a real corporate production environment that is most secure.
I have a question regarding Samba Permissions. As the subject described, is it possible to let users read the file but can not copy the file physically? It's fine if they open and copy paste the contents but no physical copy paste and also I need to log the activity of the users. If samba will not be able to comply my needs, could you suggest some programs to meet my requirements?
View 3 Replies View RelatedI am trying to determine best method for monitoring filesystem for invalid file permissions, 777 or on NFS share but owned by root etc.
View 2 Replies View RelatedI was curious if anyone has addressed this issue before. I have set the permissions to /var/log/Xorg.0.log as follows:
Code:
-rw-r----- 1 root root 00000 Jan 00 00:00 /var/log/Xorg.0.log
I have done a lsof and the file is being opened by root. I have set Roots umask to 0077, yet after a reboot
[code]....
I have a setup samba and want to get the correct security permissions when my wife creates / copies files from her camera onto the shared/mapped drive on her new laptop (windows 7) I want the permissions set to 770 or maybe 760. See my config below.
Now I can get it to create 760 but even if I change the mask it still generates the same permissions. After every change I restart the samba service. the umask is still 0022, do not know if that makes a difference? The directory permission's are correct with this mask. Do I need to look at groups?
[Code]...
I have recently secured a server by preventing root from logging in via SSH. Now I log in with a non-root account and use 'su' when necessary.However, now I can't do something I used to do, which is open 'sftp://user@ipaddress' in nautilus and be able to edit files as root. Is there anyway to get nautilus to give me root permissions on the server? Or at least end up with root permissions in a GUI text editor on my computer? I don't mind if I have to use bash to start the process, once I can get a GUI for editing files.
Note 1: Yes, I realize I could ssh in and use nano/vi etc, but I'd rather use my graphical text editor.
Note 2: The server does not run X, so I can't just forward it.