Using Rails 3.1 with the paperclip gem on nginx I get the following 500 error when attempting to upload images:
Permission denied - /webapps/my_rails_app/public/system
Observing the guidance offered elsewhere on this issue, I have modified my directory permissions such that
drwxr-xr-x 3 www-data www-data 4096 Mar 10 17:57 system
And, it would appear, this permission structure is maintained for all public sub-directories.
Yet, having restarted nginx, the error persists.
Do I need to modify nginx.conf or take another hack at permissioning the affected directory?
When I've run into this in the past, it's generally because the Rails application was started by a user or process that is not a part of the www-data group, and is not the www-data user. I'd first check to confirm that the www-data is in fact running your app.
This can be done using ps awwwx and perhaps some grep logic to find your app in the process stack.
I might suggest that you change the directory permissions to allow any member of the www-data group to write to the directory as well.
Related
I've newly started to use Laradock to build my Laravel projects but I have a problem in editing the files such as Controllers, Models, etc which are made by the php artisan command in the Laradock workspace. The reason is the user in the workspace is a root and on the other side, I'm trying to edit the file in my editor by a common user. So every time I have to run the command chmod -R 777 /newCreatedFile.php to change the permission. So is there any solution to handle this problem?
By the way my OS is ubuntu 18.04
In the Laradock Getting Started guide, it explains how to get Laradock running as a specified user:
Note: You can add --user=laradock to have files created as your host’s user. Example:
docker-compose exec --user=laradock workspace bash
I believe this should solve your issue, as you will no longer have the Docker user running these commands. Try it out!
Note: The core issue may just be that whatever user Laradock is running as is not creating files with group permissions that allows the host machine's user write capabilities, hence why the --user flag can be used. It may not actually be running as the root user itself.
I'm trying to run a simple Laravel command line on my Elastic Beanstalk instance: php artisan queue:work
But I keep getting the following error:
In StreamHandler.php line 107:
The stream or file "/var/app/current/storage/logs/laravel.log" could
not be opened: failed to open stream: Permission denied
I've tried every solution I can find on SO (except the chmod -R 777 advice that seems to trail this question everywhere).
I've tried deleting the existing laravel.log and then using touch to create a new one, and then making sure webapp is the owner.
I've also tried:
sudo chmod -R 755 /var/app/current/storage/
sudo chown -R webapp /var/app/current/storage/
When I list the logs directory, everything looks as I think it should:
-rwxr-xr-x 1 webapp webapp 0 Apr 4 14:38 laravel.log
The storage directory also looks fine:
drwxr-xr-x 6 webapp webapp 4096 Apr 3 19:33 storage
But I'm still getting the above error! Can anyone explain why (not just give a solution).
Thank you
So the simple answer is that I was running the command as ec2-user. As a solution, I could either:
Change the ownership of laravel.log to ec2-user
Run the command as the owner (eg. sudo -u webapp php artisan queue:work)
Switch to root with sudo su to see how it would be run during deployment (ie. as root)
Nothing was especially wrong.
When you log into an EBS instance via ssh, you're logged in as ec2-user.
I don't believe the ec2-user is part of the webapp group which is actually executing PHP & apache/nginx.
Try adding your ec2-user to the webapp group by creating an ebextension in the root of your Laravel project under .ebextensions/ec2user.config
users:
ec2-user:
groups:
- webapp
Prove this is the problem by turning off selinux with the command
sudo setenforce 0
This should allow writing, but you've turned off added security server-wide. That's bad. Turn SELinux back
sudo setenforce 1
Then finally use SELinux to allow writing of the file by using this command
sudo chcon -R -t httpd_sys_rw_content_t storage
And you're off!
I am working in terminal on macOS. I have a macOS App with permissions:
drwxr-xr-x+ 3 root admin
What does the + at the end mean?
There are similar questions to this for other environments.
I can't launch the App. I get this error.
LSOpenURLsWithRole() failed with error -10810 for the file /path/to/file
EDIT1: I have several user accounts setup. I have used chown to change from userA to root. I hoped this would allow any user to open the App. If I login to 'userA' account, I can launch the App, but if I use any other user account, I get the above error. What the jellybeans is going on ???
Edit2: I deleted the App from userA and re-downloaded / installed using userB. userB can launch the app just fine but userA cannot (same error). The user:group is slightly different this time though (notice the '+' isn't there by default this time.
drwxr-xr-x 3 userB staff
Performing sudo chown root /path/to/file changed the permissions to
drwxr-xr-x 3 root staff
This made no change i.e. userB can launch and userA cannot.
if you can see + in the file permission then ACL is setup on the file. It means a special permission has set on the file which allow owner of the file to provide the access to individual. You need to ask to owner of the file to execute below command then you will be able to execute the script/program/app.
setfacl -m u:youruserid:rwx file.txt
to know more about ACL, check here.
I Never get the chance to set ACL on mac file but I believe it will work same as it work in GNU/Linux.
I'm having a lot of issues with PHP and Apache while using os-x mountain lion. Basically my plugin needs wordpress to move some files but it always ask for ftp server credential, like if apache doesn't have permission to write those directories.
Apache is running with
User daemon
Group daemon
if i do
ls -lad htdocs/
i get
drwxrwxr-x 7 root staff 238 13 Ago 21:51 htdocs/
i'm using zend server ce 5.6. What should i do to make sure that apache has full rights to do everything? I would give it root access (it' my dev machine and i must get things working, so i don't care about security issues, but i don't know how to that, if i can do it in a cleaner why i'd be happy but i need this to work )
Your htdocs directory is owned by root, and in the group staff. User permissions on it are rwx, group permission are rwx, and world permissions are rx. So apache needs to be run as either user root or group staff to have full read/write/execute permissions. Otherwise change the owner and/or group of your htdocs directory to daemon and apache will have full rwx permissions. If you really don't care about security at all, just do chmod 777 htdocs (not recommended).
WordPress isn't really checking if it has the right to write in a directory (it's the same for plugin installation), it's only checking if the user and group it's running through Apache is the same that the parent folder.
So the only way is indeed to chmod the folder to your Apache user/group
At the moment I'm working with a git repo, locally so I don't to change any permissions before I push the files.
I'm using MAMP on OSX 10.6.8. I'm sure there must be something that I'm doing wrong. I would like the web pages to be able to write to folders while maintaining 755 permissions on the folders.
NB: MAMP is installed in Applications, but I have the root directory in a folder on my user folder.
What is user of process running Apache?
You must change user or group to apache process and You will have access to files and
apache process to.
Example:
$ ls -ld incomming
drwxrwxr-x 42 john apache 4096 May 20 07:33 incomming
This folder onwner is John, and his have full write permmissions. Also this folder is writable by group apache, which is supposed to be apache process group.