I'm trying to create a file with a user. The file should be created in a manner that another user can delete it (I would be fine with just any user being able to delete it).
cd /tmp
> test
chmod 666 test
#make file owned by a different user and group
chown tomcat:tomcat test
rm -r test
Result:
rm: cannot remove 'test': Operation not permitted
What am I doing wrong? How do I have to create that file so another user is able to delete it?
The /tmp directory is a "bit" special. It has the permissions 1777 which sets the sticky bit. You'll see that an ls -l / shows tmp with the permissions:
drwxrwxrwt 25 root root 12288 Aug 3 08:20 tmp/
That t means that it prevents anyone except the owner from removing files. You'll need to use a different directory. Additionally, the -r doesn't make sense for a file.
Related
I'm running a Ubuntu 16.04 server. On my server, I have a file in directory /home/userA/dirA:
userA#myUbuntu:~$
userA#myUbuntu:~$ pwd
/home/userA
userA#myUbuntu:~$
userA#myUbuntu:~$ ls -l
total 8
drwxrwxr-x 3 userA userA 4096 Feb 17 14:13 dirA
userA#myUbuntu:~$
userA#myUbuntu:~$ ls -l dirA/
total 7796
-rw-rw-r-- 1 userA userA 1234 Feb 17 14:05 theFile.txt
userA#myUbuntu:~$
Note the ownership here; user userA owns the file and the directory where the file resides.
I need a shell script that moves theFile.txt to another location, into a directory that is not owned by userA. Here's my script:
#!/bin/bash
echo "Attempting to move file..."
{
sudo mv /home/userA/dirA/theFile.txt /home/userB/dirB/.
} || {
echo "Failed to move file!"
}
...and the output:
userA#myUbuntu:~$ ./myScript.sh
Attempting to move file...
Failed to move file!
userA#myUbuntu:~$
As you can tell, the script runs as userA. I don't want to run it as root.
So I'm assuming the script is failing because of the permissions; a script run as userA does not have permission to move a file into a directory owned by userB. I've been trying all sorts of variations of the sudo command and others, but to no avail. I've also tried goofy workarounds, like copying the file to /tmp (that works) and then doing a chown to change file ownership (that doesn't work). But there's got to be a way to neatly do this. Any ideas?
Create a new group, add both users into it and set the appropriate permissions. After that you will be able to move files between folders.
I can copy file but can not move it on my Mac Terminal.
I want to execute following command:
mv /apps/gfss/ipt/files/R2R/Japan_WHT/21940000/DATA.xlsx /apps/gfss/ipt/files/R2R/Japan_WHT/21940000/inprogress/
And I get following error:
mv: rename /apps/gfss/ipt/files/R2R/Japan_WHT/21940000/DATA_21940000.xlsx to /apps/gfss/ipt/files/R2R/Japan_WHT/21940000/inprogress/DATA_21940000.xlsx: Permission denied
However, if I use Finder, I can move it. But I want to do this from Terminal.
But, I am able to copy:
cp /apps/gfss/ipt/files/R2R/Japan_WHT/21940000/DATA.xlsx /apps/gfss/ipt/files/R2R/Japan_WHT/21940000/inprogress/
Wondering what is that I am doing wrong!?
Below is the ls -ltr output:
gfss-apac-ipt2:21940000 admin$ pwd
/apps/gfss/ipt/files/R2R/Japan_WHT/21940000
gfss-apac-ipt2:21940000 admin$ ls -ltr
total 384
-rw-r--r--# 1 alokur wheel 193385 Nov 22 12:09 DATA_21940000.xlsx
drwxr-xr-x+ 2 admin wheel 68 Nov 22 13:08 inprogress
P.S.: Move does not work even when I do chmod 777 inprogress; and I get same error.
I asked this question here, but no luck so far.
Resolved:
I had to delete the folder /apps/gfss/ipt/files/R2R/Japan_WHT/21940000 and recreate it.
Then I cd to /apps/gfss/ipt/files/R2R/Japan_WHT/ and gave permission to 21940000 directory using chmod -R 777 21940000/
I think there was some hidden directory inside 21940000 created by some other user and hence I was unable to do chmod before.
Thanks to Ab Sin for his comments which gave me some directions to investigate.
I need to give access to 2 users one with read access and other with write access to a particular folder(/folder). Both the users are supposed to be in the same group(sftp)
user with read access: readsftp
user with write access: writesftp
I have done
useradd -G sftp readsftp
useradd -G sftp writesftp
Now the user writesftp should be able to write files to /folder and user readsftp should be able to only read files in the folder /folder
The vipw files read
36 sftp:x:47173:47173::/data:/bin/sh
37 ft:x:1002:1002::/home/ft:/bin/bash
38 readsftp:x:47176:47173::/data:/bin/sh
39 writeuser:x:47177:47173::/data:/bin/sh
Have I changed it rightly?
(Please observe the ID's)
Could you please help me do this by using sticky bit, and umask and chmod? In the /folder folder
I have previously changed files and folder permissions using chmod and I am unable to get through the right understanding on how to do it wrt users.
Thanks in advance.
First, you need to transfer the ownership of the folder (recursively) to writeftp and the group ownership to sftp:
sudo chown -R writeftp:sftp /path/to/folder
Then you enable executable permissions for the group to all folders and full permissions to the owner:
find /path/to/folder -type d -exec chmod 750 {} \;
and set read permissions for all files to the group and read/write permissions for the owner for all files:
find /path/to/folder -type f -exec chmod 640 {} \;
Following the above steps you'll solve your problem, but however, there are better solutions for your problem. You could use ACLs (access control lists) on that file system or use SELinux while the latter is much more complicated to configure and maintain.
When I try to change the permissions for a file it doesn't seem to work. chmod says it is changing it but the file permissions remain the same. Can anyone explain what I am doing wrong? Here is a copy of my command line.
~$ sudo chmod -v u+x ex01
mode of 'ex01' changed from 0600 (rw-------) to 0700 (rwx------)
~$ ls -l ex01
-rw------- 1 user user 60297 Feb 6 21:50 ex01
Certain file systems, such as vfat, don't support Unix permissions. The owners and permissions of the files are decided when the file system is mounted. On vfat for example there is an option to set the permissions to whatever you want, and another that sets the execute bit only for .exe, .com, .bat and similar files. See https://www.kernel.org/doc/Documentation/filesystems/vfat.txt
I'm facing an annoying problem. It's been pretty frustrating. I am using a computer at my school to work on the Coursera Startup class. I am trying to connect to an Amazon EC2 instance. I downloaded the key pair. I check permissions.
mac5-library:startup roh21$ ls -l
total 6
-rw-rw-rw-# 1 roh21 108 1692 Jun 22 16:45 startup-class-key.pem
So, it's not secure. So I need to change the permissions. I try:
mac5-library:startup roh21$ chmod 400 startup-class-key.pem
mac5-library:startup roh21$ ls -l
total 6
-r--r--r--# 1 roh21 108 1692 Jun 22 16:45 startup-class-key.pem
Still has read permissions to everyone. Just to demonstrate what happens I do this:
mac5-library:startup roh21$ chmod 600 startup-class-key.pem
mac5-library:startup roh21$ ls -l
total 6
-rw-rw-rw-# 1 roh21 108 1692 Jun 22 16:45 startup-class-key.pem
Is it impossible to change permissions to the user without root permission? I'd be grateful for any kind of help.
Probably not related to initial questions problem, but can be useful. (especially to Unix novices like myself)
Chmod will not work if you are not an owner of resources.
You should run chown first:
$ sudo chown -R $(whoami) .
and then
$ sudo chmod -R +rwX .
First command will change owner of everything in current folder to be logged in user, and second give them read write execute permissions.
Just for example, you, probably, should not change ownership and permissions so boldly.
I copied the file to my ~/.ssh folder and then changed the permissions with chmod. That did it.
Just to provide more information, the permissions for the ssh folder,
drwx------ 8 roh21 108 272 Jun 26 17:26 .ssh
And the permissions to the folder I used initially
drwxrwxrwx 2 roh21 108 2048 Jun 23 06:32 startup
I curious as to why I could not change the permissions to the startup folder even after multiple attempts with the chmod -R option.
Also, note that I was using Mac OS X in my school's library.
See that '#' next to the mode flags? That means that there's extended metadata associated with the file. Use ls -l# to see it. The xattr command will let you view and modify them. It's possible that there's something there that prevents you from modifying the file.
There may also be additional file flags. Use ls -lO (capital-O) to view those. Odds are that one of those flags is the "uchg" flag which means your file is immutable. You can remove that with chflags nouchg <filename> as أحمد طه suggested.
Finally, there might be an ACL attached to the file. Use ls -le to see that.
In general, if you really want to know all the metadata associated with a file on a Mac, the command is ls -leO#.
Looks like you've discovered that the Macintosh doesn't strictly agree with the UNIX permission bits.
Ultimately, there are ACL bits that MacOS sets and that the Macintosh Finder obeys.
To solve your problem quickly, in your Terminal command line, type in "open ." (or the path to your "startup" folder) and that will open up the folder in your Macintosh Finder.
Then do a "Get Info" on the file:
You can change your permissions here.
Hello And it will work
chflags nouchg /path/folder/
Please note you may get "Operation not permitted" at your Terminal when you want to run "chflags nouchg". So, first you should give your Terminal "Full Disk Access" here:
System Settings --> Privacy & Security --> Full Disk Access --> check the Terminal
then close and re-open your Terminal.
Now, run "chflags nouchg PathToYourFolder"
Finally:
chmod 400 YourFile
Done!