I'm getting permission denied attempting to copy a file at the command-line from my Mac to a remote Windows IIS server. I have access to the IIS server and have confirmed that I have write permissions to the folder. I can remote desktop to the server and navigate and work in the directories i want. I can copy the file successfully using Finder. From the Terminal command-line I'm able to mount a volume, navigate, ls and cat the file in the directory i'm trying to cp to.
$cp -f ham.html /Volumes/external-api/eggs.html
cp: /Volumes/external-api/eggs.html: Permission denied
$ ls -l ham.html
-rw-r--r-- 1 kellykx LEGAL\Domain Users 18218 Jul 29 22:58 ham.html
$ ls -ld
drwxr-xr-x 31 kellykx LEGAL\Domain Users 1054 Jul 29 23:02 .
$ ls -l /Volumes/external-api/eggs.html
-rwx------+ 1 kellykx LEGAL\Domain Users 18218 Jul 29 15:23 /Volumes/external-api/eggs.html
$ ls -ld /Volumes/external-api
drwx------+ 1 johnsob2 LEGAL\Domain Users 16384 Jul 29 17:53 /Volumes/external-api
I'm worried there's some IIS voodoo i'm missing. Or worse, something obviously trivial.
Ideas welcome.
Resolved.
The permissions of the Windows share were more restrictive than the file system permissions and took precedence, causing the permission denied message. The Windows share permission was r while the underlying directory and files were rw, as shown.
To resolve:
I used remote desktop to login to the Windows server.
Navigated file manager to the parent dir of external-api,
Right clicked and followed properties->Sharing->Advanced Sharing->Permissions
Selected my name from the list box -- already set up when the share was created
Checked Full Control, Change and Read checkboxes.
Open question:
How do you inspect permissions of mounted SMB share from the OSX command line? The equiv of ls -l.
Related
As root (OS X 10.9.5), I cannot delete a file with no flags or ACL entry (at least seemingly), despite having the correct permissions:
/Library/LaunchAgents$ whoami
root
/Library/LaunchAgents$ ls -alOe
total 32
drwxr-xr-x 6 root admin - 204 Jan 12 22:56 .
drwxr-xr-x+ 66 root admin - 2244 May 9 15:26 ..
0: group:everyone deny delete
-rw-r--r-- 1 root wheel - 690 May 4 2016 com.bitdefender.antivirusformac.plist
/Library/LaunchAgents$ chmod -N com.bitdefender.antivirusformac.plist
/Library/LaunchAgents$ chflags 0 com.bitdefender.antivirusformac.plist
/Library/LaunchAgents$ rm com.bitdefender.antivirusformac.plist
rm: com.bitdefender.antivirusformac.plist: Permission denied
/Library/LaunchAgents$
The ACL entry above pertains to the /Library folder and shouldn't affect /Library/LaunchAgents. I have successfully moved other items in LaunchAgents while the bitdefender item fails. Have tried doing the above in single user mode as well with the same result.
What am I missing?
The purpose was to remove all traces of BitDefender. Having deleted its main folder where the files referenced in the plist resided, no daemons are running. I am however puzzled as to how this is possible.
There might be a kext that protects the file (the antivirus trying to "defend" itself), but sudo kextunload <name> (see the kexts with kextstat | grep -v apple) should work... Or, even better, first eliminate the daemon (vs agent) that controls it with sudo launchctl remove <name> (see the daemons with sudo launchctl list | grep -v apple).
I think it's taking advantage of OSX's System Integrity Protection model, but you don't need to worry about that.
They ship an uninstaller, it's just not very well documented. Here's how you get to it:
Open finder -> Utilities -> BitDefender Uninstaller.
I have downloaded and installed Bash for Windows. When I do a simple ls -al, I get lots of permission denied errors.
I'm not clear quite how the user permissions are being resolved. Let's say that in the bash shell I set up a user called moi and has home drive /home/moi. If I then do ls -al /mnt/c, I get a bunch of permission denied errors, e.g.
ls: cannot access /mnt/c/hiberfil.sys: Permission denied
ls: cannot access /mnt/c/pagefile.sys: Permission denied
ls: cannot access /mnt/c/swapfile.sys: Permission denied total 2388
drwxrwxrwx 2 root root 0 Sep 26 18:09 .
drwxr-xr-x 2 root root 0 Jan 1 1970 ..
drwxrwxrwx 2 root root 0 Oct 22 2015 AutoDiscover
-r-xr-xr-x 1 root root 398156 Jul 26 2012 bootmgr
-r-xr-xr-x 1 root root 1 Oct 30 2015 BOOTNXT
I have checked on the "Windows side" and there is no new user called moi. So, when ls reports permission denied for /mnt/c/swapfile.sys for example, what user is being denied?
A follow on question would be: what do I need to do to get the Bash user and call it my "normal" windows user to have the same permissions?
The Windows user is the user who started bash.exe. You can verify this by creating a file from Linux in the /mnt/c directory looking at the owner of the file in Windows.
From the windows command prompt:
C:\test>echo %USERNAME%
tim
C:\test>bash.exe
wsluser#computer:/mnt/c/test$ touch foo.txt
wsluser#computer:/mnt/c/test$ exit
exit
C:\test>dir /q C:\test\foo.txt
Volume in drive C is OS
Volume Serial Number is B8BA-E032
Directory of C:\test
2017-06-26 02:06 PM 0 tim foo.txt
1 File(s) 0 bytes
0 Dir(s) 363,224,875,008 bytes free
Notice that bash.exe was started by the tim user, and the C:\test\foo.txt file which was created from WSL is also owned by tim.
You can access the Linux file system using the windows file explorer. It's located in your AppData\Local folder. It's "semi-hidden" but accessible:
C:\Users\[username]\AppData\Local\lxss\rootfs
I ran into some strange behavior while setting up a script to start kvm instances today, and am hoping you all can weigh in what's going on here.
Setup:
I have a script that starts a kvm with virt-install.
virt-install ... --disk=image.qcow2 ...
I want to run the same script on different versions of image.qcow2, so I created a symbolic link of a to my latest image.
My directory stucture would look something like this:
startKvm.sh
image.qcow2 -> image_v2.0.qcow2
image_v2.0.qcow2
image_v1.0.qcow2
However, when I tried to run my virt-install command, it returned the following error.
ERROR internal error: process exited while connecting to monitor:
datetime qemu-kvm: -drive file=/path/image.qcow2,if=none,id=drive-ide0-0-0,format=qcow2: could not open
disk image /path/image.qcow2: Could not open file: Permission
denied
Thoughts on the cause and alternate solutions?
I've had a similar idea to use symlinks, however in my scenario I run virt-manager via SSH with X forwarding as a user in wheel (admin) group. Creating a virtual guest produced same error:
Unable to complete install: 'internal error: process exited while connecting to monitor: 2018-02-24T07:53:19.064452Z qemu-kvm: -drive file=/var/lib/libvirt/images/archlinux-2018.02.01-x86_64.iso,format=raw,if=none,id=drive-ide0-0-1,readonly=on: could not open disk image /var/lib/libvirt/images/archlinux-2018.02.01-x86_64.iso: Could not open '/var/lib/libvirt/images/archlinux-2018.02.01-x86_64.iso': Permission denied'
Issue is, in fact, with permissions. When setting up an .iso image using qemu-kvm, it changes its ownership to user/group qemu upon deployment. We need to make sure user qemu has access rights throughout whole path to the file.
Test case
User running virt-manager: yahol (wheel/admin group)
Iso or qcow2 image location: /home/yahol/isos/archlinux-2018.02.01-x86_64.iso
Note: please ignore the timestamps as I've hacked together this answer over 2 days. It was late and I was too tired to finish it the previous day.
Starting with image in user's home directory:
$ ll /home/yahol/isos/archlinux-2018.02.01-x86_64.iso
$ -rw-r--r--. 1 yahol yahol 565182464 Feb 24 08:49 archlinux-2018.02.01-x86_64.iso
Creating symlink as root in default path to KVM images:
# cd /var/lib/libvirt/images
# ln -s /home/yahol/isos/archlinux-2018.02.01-x86_64.iso
lrwxrwxrwx. 1 root root 48 Feb 23 21:35 archlinux-2018.02.01-x86_64.iso -> /home/yahol/isos/archlinux-2018.02.01-x86_64.iso
Symlink belongs to user root, while actual file still has user/group of a regular user.
Setting up and deploying virtual machine via virt-manager. Notice how user/group of image file changes to qemu:
$ ll /home/yahol/isos/archlinux-2018.02.01-x86_64.iso
-rw-r--r--. 1 qemu qemu 565182464 Feb 24 08:49 archlinux-2018.02.01-x86_64.iso
At this point VM manager, be it virt-manager or virt-install, throws the aforementioned error. This happens because user qemu doesn't have access to full path. Home dir of user yahol is only accessible to user yahol:
$ ll -d /home/yahol/
drwx------. 7 yahol yahol 258 Feb 24 08:37 /home/yahol/
Now let's create another path to which qemu has full access:
# mkdir -p /Qemu/Test/Iso
# mv archlinux-2018.02.01-x86_64.iso /Qemu/Test/Iso/
# chown -R qemu:qemu /Qemu/
# cd /var/lib/libvirt/images
# ln -s /Qemu/Test/Iso/archlinux-2018.02.01-x86_64.iso
# ll /Qemu/Test/Iso/archlinux-2018.02.01-x86_64.iso
-rw-rw-r--. 1 qemu qemu 565182464 Feb 23 08:53 /Qemu/Test/Iso/archlinux-2018.02.01-x86_64.iso
# ll /var/lib/libvirt/images
lrwxrwxrwx. 1 root root 46 Feb 24 09:39 archlinux-2018.02.01-x86_64.iso -> /Qemu/Test/Iso/archlinux-2018.02.01-x86_64.iso
This works perfectly fine, virtual machine has been deployed and it's running.
Possible solutions:
change ownership to entire path to actual image to user/group qemu
# chown -R qemu:qemu /Qemu/
give read+execute permissions to others (world) to entire path to image
# chmod -R o+rx /Qemu/
WARNING: This might have security implications!
create a directory owned by user/group qemu dedicated to iso images that will be symlinked
# mkdir -p /Qemu/Test/Iso
# chown -R qemu:qemu /Qemu/
Summary:
Even though everything is done by user with root privileges, the actual user working with VM images is qemu. Adding qemu to wheel group would still require providing means to authenticate and, since it's a no-login user, it might be tricky.
I'm facing an annoying problem. It's been pretty frustrating. I am using a computer at my school to work on the Coursera Startup class. I am trying to connect to an Amazon EC2 instance. I downloaded the key pair. I check permissions.
mac5-library:startup roh21$ ls -l
total 6
-rw-rw-rw-# 1 roh21 108 1692 Jun 22 16:45 startup-class-key.pem
So, it's not secure. So I need to change the permissions. I try:
mac5-library:startup roh21$ chmod 400 startup-class-key.pem
mac5-library:startup roh21$ ls -l
total 6
-r--r--r--# 1 roh21 108 1692 Jun 22 16:45 startup-class-key.pem
Still has read permissions to everyone. Just to demonstrate what happens I do this:
mac5-library:startup roh21$ chmod 600 startup-class-key.pem
mac5-library:startup roh21$ ls -l
total 6
-rw-rw-rw-# 1 roh21 108 1692 Jun 22 16:45 startup-class-key.pem
Is it impossible to change permissions to the user without root permission? I'd be grateful for any kind of help.
Probably not related to initial questions problem, but can be useful. (especially to Unix novices like myself)
Chmod will not work if you are not an owner of resources.
You should run chown first:
$ sudo chown -R $(whoami) .
and then
$ sudo chmod -R +rwX .
First command will change owner of everything in current folder to be logged in user, and second give them read write execute permissions.
Just for example, you, probably, should not change ownership and permissions so boldly.
I copied the file to my ~/.ssh folder and then changed the permissions with chmod. That did it.
Just to provide more information, the permissions for the ssh folder,
drwx------ 8 roh21 108 272 Jun 26 17:26 .ssh
And the permissions to the folder I used initially
drwxrwxrwx 2 roh21 108 2048 Jun 23 06:32 startup
I curious as to why I could not change the permissions to the startup folder even after multiple attempts with the chmod -R option.
Also, note that I was using Mac OS X in my school's library.
See that '#' next to the mode flags? That means that there's extended metadata associated with the file. Use ls -l# to see it. The xattr command will let you view and modify them. It's possible that there's something there that prevents you from modifying the file.
There may also be additional file flags. Use ls -lO (capital-O) to view those. Odds are that one of those flags is the "uchg" flag which means your file is immutable. You can remove that with chflags nouchg <filename> as أحمد طه suggested.
Finally, there might be an ACL attached to the file. Use ls -le to see that.
In general, if you really want to know all the metadata associated with a file on a Mac, the command is ls -leO#.
Looks like you've discovered that the Macintosh doesn't strictly agree with the UNIX permission bits.
Ultimately, there are ACL bits that MacOS sets and that the Macintosh Finder obeys.
To solve your problem quickly, in your Terminal command line, type in "open ." (or the path to your "startup" folder) and that will open up the folder in your Macintosh Finder.
Then do a "Get Info" on the file:
You can change your permissions here.
Hello And it will work
chflags nouchg /path/folder/
Please note you may get "Operation not permitted" at your Terminal when you want to run "chflags nouchg". So, first you should give your Terminal "Full Disk Access" here:
System Settings --> Privacy & Security --> Full Disk Access --> check the Terminal
then close and re-open your Terminal.
Now, run "chflags nouchg PathToYourFolder"
Finally:
chmod 400 YourFile
Done!
I'm trying to edit the httpd.conf file located in /private/etc/apache2, and I can't figure out how to get permission to write
I've done
$ cd /private/etc/apache2
$ sudo chown bdh httpd.conf
$ ls -lash
0 drwxr-xr-x 13 root wheel 442B Jun 7 00:11 .
0 drwxr-xr-x 93 root wheel 3.1K Jun 26 10:51 ..
0 drwxr-xr-x 13 root wheel 442B Jan 3 16:26 extra
24 -r--r--r-- 1 bdh wheel 24K Jun 7 00:11 httpd.conf
...etc...
$ vim httpd.conf
and it says "httpd.conf" [readonly] 677L, 24330C
tried cping to the desktop, but I cant get permission to edit it there either
I'm pretty new to using the terminal, is there some other command I can use?
It is normally unnecessary and undesirable to alter access permissions to edit a file. To edit a file that requires administrator (or other user) privileges without altering the access permissions, use:
sudo -e /private/etc/apache2
Sudo's -e option tells it you want to edit the given file.
This command copies the file and makes it writable by you, tells the editor specified with the SUDO_EDITOR, VISUAL or EDITOR environment variables (they're checked in that order) to edit the file, and when the editor exits, the file is copied back to the original without altering its access permissions.
See the sudo man page for details: x-man-page://8/sudo
The chmod command is what you're looking for I believe: http://en.wikipedia.org/wiki/Chmod
chmod 777 will let anyone read, write or execute for instance.
As richardhsu correctly added, 744 is RWX, R--,R-- and thats probably what you want.