I have an embedded system running linux and I have busybox installed for running different services. One of the services is ftpd, which I start like this from the etc/init.d/rcS file:
tcpsvd 0.0.0.0 21 ftpd -w -v /mnt/flash&
I have two users in the system, root and a regular user. Root user can easily connect to the FTP server, but when I try to login with the regular user's credentials, I get this error:
ftpd[678]: can't change root directory to '/mnt/flash': Operation not permitted
Now, I thought that it must be a directory permission problem, and I started with changing permissions on the /mnt/flash directory first, but after this didn't work, I ended up having all my files in file-system including / to be owned by this regular user and have drwxrwxrwt permissions (just to find the cause of the problem). But I still get this error.
I have also tried to start ftpd with different root folders, including /.
I also couldn't find any config files for the ftpd in my file-system, maybe I need to create one manually? If so, which one and how to tell ftpd to allow user logins?
I'd really appreciate any help. Thanks.
Well, after trying some random things, I discovered that user login works fine if there is no directory changing involved at all:
tcpsvd 0.0.0.0 21 ftpd -w -v &
I suspect that chroot is called otherwise and the user does not have a right to do that.
Related
I have a Postgres permissions problem, every time i brew install postgres it does so as root user resulting in permissions denial on initdb, createdb and or anything else i try.
I sudo chown the ownership of /usr/local/var/postgres and it seems to change and allow me manual entry into the directory from cmd line, which then only consists of a server.log file listing the error:
postgres cannot access the server configuration file "/usr/local/var/postgres/postgresql.conf": No such file or directory
I then go to initdb and it returns:
The files belonging to this database system will be owned by user "jamesbkemp".
This user must also own the server process.
The database cluster will be initialized with locale "en_GB.UTF-8".
The default database encoding has accordingly been set to "UTF8".
The default text search configuration will be set to "english".
Data page checksums are disabled.
initdb: directory "/usr/local/var/postgres" exists but is not empty
If you want to create a new database system, either remove or empty
the directory "/usr/local/var/postgres" or run initdb
with an argument other than "/usr/local/var/postgres"
I then go back to look at /usr/local/var/postgresand the owner has changed back to root. I really am at a loss after many hours on this as to what's going on. Any ideas folks?
Postgresql install as non root is a pain if not impossible, because it was not designed this way: it is a multi-user service.
The same thing here: apache2 as non-root - you would have to build the server yourself changing the configuration a lot.
Let me add that for an experienced datacenter operator this is a strange idea, like driving a race car in your appartment.
Based on a recommendation on stack overflow, i am giving yii framework a spin.
It appears that I am only able to gain shell access to my web server if I log in as root.
I am running through the tutorial, and am having a number of problems typical command to create a web app-
/usr/local/bin/php /home/testuser/public_html/yii/framework/yiic webapp /home/testuser/public_html/demo
Do I have to type /usr/local/bin/php EVERY TIME???
Do I have to type /home/testuser/public_html/yii/framework/yiic in full every time???
Do I have to yype /home/testuser/public_html/demo in full?
As I am logged in as ROOT, I have to chown every file / folder created by root to make the file viewable by testuser!!!
I create a new controller using yii. controller message helloWorld, yii does some funky stuff, but I can't do ANYTHING with the files without chown EVERYTHING!!!
I'm not too confident with SSH, and I know it's all a learning curve, but... having to change file permissions EVERY time, and having to type full directories every time is just a pain.
I know that there are some shortcuts that I will probably learn with time, but if anybody could give me some pointers to make my life about 1M times easier (considering my main objectives at present are to learn yii framework) linux/terminal/shell commands are currently secondary to my requirements.
Here's what I'd do, in this order:
1 - When you login as root issue the command su - testuser. This changes your effective user id and groupid to that of testuser, meaning, you now are operating as that user account. Your current directory should now be the testuser's home directory. To get back to root user just type exit.
2 - Try running php -v without the fullpath. If it prints out a version number then you don't have to use the fullpath to run php. If you get an error then you can add /usr/local/bin to your PATH environment variable in your .profile file which is present in testuser's home directory. If the .profile doesn't exist then you can create it.
3 - Add /home/testuser/public_html/yii/framework to your PATH in testuser's .profile.
After doing all that then the next time you login as root you would be able to do the following:
su - testuser
cd public_html
php yiic webapp demo
And you wont have to worry about permissions since you are creating directories/files as testuser, not root.
See also: StackOverflow question about modifying your PATH
I'm having a lot of issues with PHP and Apache while using os-x mountain lion. Basically my plugin needs wordpress to move some files but it always ask for ftp server credential, like if apache doesn't have permission to write those directories.
Apache is running with
User daemon
Group daemon
if i do
ls -lad htdocs/
i get
drwxrwxr-x 7 root staff 238 13 Ago 21:51 htdocs/
i'm using zend server ce 5.6. What should i do to make sure that apache has full rights to do everything? I would give it root access (it' my dev machine and i must get things working, so i don't care about security issues, but i don't know how to that, if i can do it in a cleaner why i'd be happy but i need this to work )
Your htdocs directory is owned by root, and in the group staff. User permissions on it are rwx, group permission are rwx, and world permissions are rx. So apache needs to be run as either user root or group staff to have full read/write/execute permissions. Otherwise change the owner and/or group of your htdocs directory to daemon and apache will have full rwx permissions. If you really don't care about security at all, just do chmod 777 htdocs (not recommended).
WordPress isn't really checking if it has the right to write in a directory (it's the same for plugin installation), it's only checking if the user and group it's running through Apache is the same that the parent folder.
So the only way is indeed to chmod the folder to your Apache user/group
I'm trying to get Mercurial to serve using hgwebdir.cgi under Apache on Mac OS X Lion.
I followed the directions listed here:
http://www.popitandrockit.com/2010/05/mercurial-server-on-osx-106-snow.html
That article is for Snow Leopard (I guess no one's tried to do this on Lion yet?) but it mostly works. I did make the modification that I did not use https because the machine in question is behind my company's firewall.
It says that I should be able to access a repository at http://servername/repository_name but that doesn't work. I can, however, get a listing of them at http://servername/hg/, where /hg is the ScriptAlias address. So I should be able to get to a repository via http://servername/hg/repository_name, but instead I'm getting a nice Mercurial page telling me
An error has occured while processing your request:
repository /Users/username/Documents/repository_name not found
Well, the directory is valid and there is a valid repository there according to Mercurial (i.e., hg log and similar commands don't error out)
On the main page I'm getting similar errors in Apache:
[(date)] [error] [client (ip address)] error accessing repository at /Users/username/Documents/repository_name
Were I to guess I'd say it was some sort of access or permissions issue but I'm not familiar enough with Apache or Mac OS X Lion to venture a guess as to how to fix it.
This indeed looks like a permissions problem. On a standard Mac OS X Apache install the web user and group are _www, and you need to make sure these have read and write access. Also Mercurial complains if the hgrc file’s permissions do not match the user. There are two ways to fix it:
Make the repository owned by the Apache _www user. When you type:
ls -ld /Users/username/Documents/repository_name
It should show _www _www in the third and fourth column. If not, change the user of the directory:
sudo chown -R _www:_www /Users/username/Documents/repository_name
Note that if you change this, you should not access the repository on the file system from any other user, or else any newly created files will again have the wrong permissions.
Alternatively, explicitly add your user to the trusted section in your hgweb.config:
[trusted]
users=username
In this case you still need to make sure that the _www user has access at all. If you type:
ls -ld /Users/username/Documents/repository_name
It should show something like drwxrwxr-- in the first column (the middle rw are important) and _www in the fourth. If the files are not readable or writable by the group, use the chmod command to make them:
chmod -R go+rwX /Users/username/Documents/repository_name
And you can change the group of your repository to _www like so:
sudo chown -R :_www /Users/username/Documents/repository_name
Which of the two is preferable depends on your situation: if you’re trying to host your repository on a server I would say the first is preferable, it is simpler and a little more secure. If you’re trying to host it on your local workstation for convenience, the second is easier, because then you can still access the repository from your current user.
Note that for ad-hoc sharing it may be easier to just run hg serve on the command line.
I hope that helps.
Strange problem. We use a cf web server to access NAS. We have tested this issue to the nines and can't figure out the cause.
The problem: We get empty result sets doing a cfdirectory on the share to a known directory with the correct casing. However, we can ls from the cf server as the cf user and see everything without permission errors.
Tests we've tried:
Making a test file to be user the path we are testing is correct - fail.
Doing a directory listing from python - works.
Doing a CFFILE read and write from the offending web server to the directory in question - works.
Doing a CFDIRECTORY on a local directory - works.
Doing ls -la on the directory sudo'd to cfuser - works.
Doing ls -la as root on the directory - works.
Changing cf user permissions to root and retrying CFDIRECTORY - fail.
Changing mount to mount as root user and retrying CFDIRECTORY - fail.
chown-ing the files and the parent dir and retrying CFDIRECTORY - fail.
I can only think of a couple of things. First, make sure your case is correct since filesystem reads are case-sensitive in CF in Linux.
Secondly, I have not had much luck reading directly to SMB from CF. What has worked for me in the past is mounting a drive using SMB Fuse as a normal mount point and making sure the owner/group matches the CF user.