Re: chmod u+s
Le 24/08/2022 à 18:21, Gabriel Moreau a écrit : À ma connaissance, sous Linux, le chmod u+s sur un dossier ne sers à rien ! Ce qui sers sur un dossier est chmod g+s chmod o+t Le premier affecte tout nouveau fichier au groupe du dossier (pratique dans un partage puisque les personnes ne savent plus faire newgroup de nos jours et que les interfaces graphiques ne savent pas gérer ça). Le second interdit à une personne d'effacer un fichier qui ne lui appartient pas dans un dossier, même s'il a les droits d'écriture sur le dossier. Cela a été mis au point à l'origine principalement pour résoudre le problème du dossier /tmp partagé. En effet, sous UNIX, on a le droit d'effacer un fichier même si on n'a pas le droit d'écriture sur le fichier... puisque en pratique, on écrit dans la table d'index et non dans le fichier. Merci encore ;) Du coup, je ne comprends pas pourquoi est-ce que les mainteneurs du paquet transmission-daemon ont mis : drwsrwxr-x 51 debian-transmission debian-transmission 4096 23 août 13:30 downloads Qui semble du coup superflu :) alors que le comportement qui a été décrit, à savoir conserver le propriétaire, aurait été bien arrangeant. Bonne soirée, -- Patrick ZAJDA
Re: chmod u+s
Le 24/08/2022 à 18:12, Gabriel Moreau a écrit : Cela ne fonctionne que pour les exécutables binaires. Cela ne fonctionne pas pour les scripts. C'est une sécurité car un script est trop facilement modifiable. C'est la raison pour laquelle il y avait il y a longtemps perlsuid... et ainsi de suite Merci ! ;) Du coup je comprends mieux pourquoi ma mise en application ne fonctionnait pas et j'ai pu le voir à l’œuvre avec un binaire. -- Patrick ZAJDA
Re: chmod u+s
Sauf que je ne comprends pas ce que ça implique sur un dossier, en tout cas je n'arrive pas à appliquer ça pour m'en rendre compte. À ma connaissance, sous Linux, le chmod u+s sur un dossier ne sers à rien ! Ce qui sers sur un dossier est chmod g+s chmod o+t Le premier affecte tout nouveau fichier au groupe du dossier (pratique dans un partage puisque les personnes ne savent plus faire newgroup de nos jours et que les interfaces graphiques ne savent pas gérer ça). Le second interdit à une personne d'effacer un fichier qui ne lui appartient pas dans un dossier, même s'il a les droits d'écriture sur le dossier. Cela a été mis au point à l'origine principalement pour résoudre le problème du dossier /tmp partagé. En effet, sous UNIX, on a le droit d'effacer un fichier même si on n'a pas le droit d'écriture sur le fichier... puisque en pratique, on écrit dans la table d'index et non dans le fichier. gaby -- Gabriel Moreau - IR CNRShttp://www.legi.grenoble-inp.fr LEGI (UMR 5519) Laboratoire des Ecoulements Geophysiques et Industriels Domaine Universitaire, CS 40700, 38041 Grenoble Cedex 9, France mailto:gabriel.mor...@legi.grenoble-inp.fr tel:+33.476.825.015 smime.p7s Description: Signature cryptographique S/MIME
Re: chmod u+s
- Dans le cas d'un fichier, peut-être qu'un script bash ne permet pas d'appliquer mais changer son propriétaire et le chmod u+s ne m'a pas permis d'avoir les droits de l'utilisateur propriétaire. Cela ne fonctionne que pour les exécutables binaires. Cela ne fonctionne pas pour les scripts. C'est une sécurité car un script est trop facilement modifiable. C'est la raison pour laquelle il y avait il y a longtemps perlsuid... et ainsi de suite gaby En tant que chargé de la sécurité informatique, je suis parfois amené à envoyer des courriels en dehors des heures de bureau. Ceux-ci n’appellent pas de réponses immédiates (la déconnexion est un droit). -- Gabriel Moreau - IR CNRShttp://www.legi.grenoble-inp.fr LEGI (UMR 5519) Laboratoire des Ecoulements Geophysiques et Industriels Domaine Universitaire, CS 40700, 38041 Grenoble Cedex 9, France mailto:gabriel.mor...@legi.grenoble-inp.fr tel:+33.476.825.015 smime.p7s Description: Signature cryptographique S/MIME
Re: chmod u+s
Merci à tous pour vos réponses. J'ai bien lu, en tout cas la page man de chmod. Sauf que je ne comprends pas ce que ça implique sur un dossier, en tout cas je n'arrive pas à appliquer ça pour m'en rendre compte. Pire encore, je n'arrive même pas à appliquer ça pour un fichier. Du coup, en tentant d'appliquer ce que j'ai compris : - Dans le cas d'un dossier, si j'y crée un fichier en tant qu'un autre utilisateur, le propriétaire n'a pas plus de droit malgré le changement +s. - Dans le cas d'un fichier, peut-être qu'un script bash ne permet pas d'appliquer mais changer son propriétaire et le chmod u+s ne m'a pas permis d'avoir les droits de l'utilisateur propriétaire. Du coup, je n'ai certainement pas compris ce que ça implique exactement, ou mon approche pour vérifier que j'ai bien compris n'est pas la bonne mais avant d'écrire ici, je me suis bel et bien documenté ;) Le 24/08/2022 à 17:18, Jean-Pierre Giraud a écrit : Bonjour, Le 24/08/2022 à 17:07, Basile Starynkevitch a écrit : On 8/24/22 15:10, Patrick ZAJDA wrote: Hello, Quelqu'un pourrait-il, en des mots simple, m'expliquer à quoi sert le mode s pour un dossier ? J'aurais tendance à suggérer la lecture (en anglais) de : https://man7.org/linux/man-pages/man7/inode.7.html https://man7.org/linux/man-pages/man1/chmod.1.html C'est en effet un bon réflexe de commencer par lire par lire la page du manuel... J'en profite pour signaler que depuis 2020, l'équipe de traduction en français de Debian s'investit avec une forte intensité pour traduire ou mettre à jour les pages de manpages.debian.org, effort qui bénéficie aux d'autres distributions qui utilisent les mêmes sources pour construire leurs pages de manuel (Archlinux, Fédora, Mageia et Opensuse. et je cherche toujours des partenaires intéressés par RefPerSys <http://refpersys.org/>. Merci. -- Basile Starynkevitch (only mine opinions / les opinions sont miennes uniquement) 92340 Bourg-la-Reine, France web page: starynkevitch.net/Basile/ Amicalement, jipege -- Patrick ZAJDA
RE: chmod u+s
Le bit s sur un dossier permet au propriétaire du dossier d’avoir tous les droits sur tout ce qui s’y trouve. Dans ton cas, ça permet à l’instance de transmission d’accéder à tout, même si la combinaison user / group / mode ne l’autoriserait pas ! Nisar JAGABAR ,= ,-_-. =. ((_/)o o(\_)) `-'(. .)`-' \_/ From: Patrick ZAJDA Sent: mercredi 24 août 2022 15:10 To: Debian user french Subject: chmod u+s Hello, Quelqu'un pourrait-il, en des mots simple, m'expliquer à quoi sert le mode s pour un dossier ? Je le remarque entre autre sur le dossier download de transmission-remote. Hello, Quelqu'un pourrait-il, en des mots simple, m'expliquer à quoi sert le mode s pour un dossier ? Je le remarque entre autre sur le dossier download de transmission-remote. Après de nombreux tests, je ne saisi pas à quoi il sert, je pensais qu'on pouvait avec ça faire en sorte que les sous-répertoires de celui-ci appartiendraient au même propriétaire. En faisant chmod g+s j'ai bien le comportement que je pense, à savoir que le groupe est conservé même si c'est un autre utilisateur qui crée un sous-répertoire et le mode g+s est également mis sur le répertoire créé. Mais en faisant u+s, j'ai l'impression que ça ne change tout simplement rien. Bonne journée, -- Patrick ZAJDA
Re: chmod u+s
Bonjour, Le 24/08/2022 à 17:07, Basile Starynkevitch a écrit : On 8/24/22 15:10, Patrick ZAJDA wrote: Hello, Quelqu'un pourrait-il, en des mots simple, m'expliquer à quoi sert le mode s pour un dossier ? J'aurais tendance à suggérer la lecture (en anglais) de : https://man7.org/linux/man-pages/man7/inode.7.html https://man7.org/linux/man-pages/man1/chmod.1.html C'est en effet un bon réflexe de commencer par lire par lire la page du manuel... J'en profite pour signaler que depuis 2020, l'équipe de traduction en français de Debian s'investit avec une forte intensité pour traduire ou mettre à jour les pages de manpages.debian.org, effort qui bénéficie aux d'autres distributions qui utilisent les mêmes sources pour construire leurs pages de manuel (Archlinux, Fédora, Mageia et Opensuse. et je cherche toujours des partenaires intéressés par RefPerSys <http://refpersys.org/>. Merci. -- Basile Starynkevitch (only mine opinions / les opinions sont miennes uniquement) 92340 Bourg-la-Reine, France web page: starynkevitch.net/Basile/ Amicalement, jipege
Re: chmod u+s
Bonjour, Le 24/08/2022 à 16:43, Belaïd a écrit : Bonjour, Il me semble que c'est le sticky bit (chmod +t) qui fait ce que tu as expliqué et non u+s Le mer. 24 août 2022 à 16:35, Sébastien NOBILI <mailto:s-liste-debian-user-fre...@pipoprods.org>> a écrit : Bonjour, Le 2022-08-24 15:10, Patrick ZAJDA a écrit : > Quelqu'un pourrait-il, en des mots simple, m'expliquer à quoi sert le > mode s pour un dossier ? D'après la manpage de chmod en français, https://manpages.debian.org/testing/manpages-fr/chmod.1.fr.html u+s fait que quelque soit l'utilisateur du fichier (un autre utilisateur que le propriétaire du fichier ou un autre membre du groupe propriétaire) l'exécution apparaît comme effectuée par le propriétaire du fichier (et non par celui qui l'exécute). C'est le réglage du SetUID bit cf cette explication en anglais peut être plus explicite The SetUID bit enforces user ownership on an executable file. When it is set, the file will execute with the file owner's user ID, not the person running it. $ chmod u+s https://opensource.com/article/19/8/linux-chmod-command Amicalement, jipege
Re: chmod u+s
On 8/24/22 15:10, Patrick ZAJDA wrote: Hello, Quelqu'un pourrait-il, en des mots simple, m'expliquer à quoi sert le mode s pour un dossier ? J'aurais tendance à suggérer la lecture (en anglais) de : https://man7.org/linux/man-pages/man7/inode.7.html https://man7.org/linux/man-pages/man1/chmod.1.html et je cherche toujours des partenaires intéressés par RefPerSys <http://refpersys.org/>. Merci. -- Basile Starynkevitch (only mine opinions / les opinions sont miennes uniquement) 92340 Bourg-la-Reine, France web page: starynkevitch.net/Basile/
Re: chmod u+s
Le 2022-08-24 16:43, Belaïd a écrit : Il me semble que c'est le sticky bit (chmod +t) qui fait ce que tu as expliqué et non u+s En effet, confusion de ma part… "Sticky", "+t", "+s"… Merci d'avoir relevé. Sébastien
Re: chmod u+s
Bonjour, Il me semble que c'est le sticky bit (chmod +t) qui fait ce que tu as expliqué et non u+s Le mer. 24 août 2022 à 16:35, Sébastien NOBILI < s-liste-debian-user-fre...@pipoprods.org> a écrit : > Bonjour, > > Le 2022-08-24 15:10, Patrick ZAJDA a écrit : > > Quelqu'un pourrait-il, en des mots simple, m'expliquer à quoi sert le > > mode s pour un dossier ? > > Ça interdit la suppression d'éléments du dossier par quiconque autre que > le propriétaire. > C'est également utilisé dans le dossier /tmp > > Tout le monde peut y créer des choses, seul le propriétaire des choses > en question peut les > supprimer. > > Sébastien > >
Re: chmod u+s
Bonjour, Le 2022-08-24 15:10, Patrick ZAJDA a écrit : Quelqu'un pourrait-il, en des mots simple, m'expliquer à quoi sert le mode s pour un dossier ? Ça interdit la suppression d'éléments du dossier par quiconque autre que le propriétaire. C'est également utilisé dans le dossier /tmp Tout le monde peut y créer des choses, seul le propriétaire des choses en question peut les supprimer. Sébastien
chmod u+s
Hello, Quelqu'un pourrait-il, en des mots simple, m'expliquer à quoi sert le mode s pour un dossier ? Je le remarque entre autre sur le dossier download de transmission-remote. Après de nombreux tests, je ne saisi pas à quoi il sert, je pensais qu'on pouvait avec ça faire en sorte que les sous-répertoires de celui-ci appartiendraient au même propriétaire. En faisant chmod g+s j'ai bien le comportement que je pense, à savoir que le groupe est conservé même si c'est un autre utilisateur qui crée un sous-répertoire et le mode g+s est également mis sur le répertoire créé. Mais en faisant u+s, j'ai l'impression que ça ne change tout simplement rien. Bonne journée, -- Patrick ZAJDA
Re: Where to change default chmod of /dev/pts/* ???
On 2015-11-20 15:56 +0100, Decstasy wrote: > Hello, > > since there is systemd some things have changed... Anyway I hope > someone here can help me :) > > I want to change the default chmod of /dev/pts/* from 620 to 660. Are you sure you want to this? Reasonable values are 620 and 600, depending on whether you want to allow users to write(1) messages to each other's terminal's. What's the point of giving read access to the tty group? > In > the past it can be changed by /etc/defaults/devpts > But it does not work at all. I could not find any entry in /etc/fstab > or a mount unit from systemd. Mounting of /dev/pts and various other API filesystems is hardcoded in systemd, look into src/core/mount-setup.c if you're curious. > Where the .... can I change the default chmod? In the file that provides the API for mounting filesystems, i.e. /etc/fstab - see systemd-remount-fs.service(8). There is no entry for /dev/pts by default, so you create your own, like this: devpts /dev/pts devpts defaults,gid=5,mode=660 0 0 Cheers, Sven
Where to change default chmod of /dev/pts/* ???
Hello, since there is systemd some things have changed... Anyway I hope someone here can help me :) I want to change the default chmod of /dev/pts/* from 620 to 660. In the past it can be changed by /etc/defaults/devpts But it does not work at all. I could not find any entry in /etc/fstab or a mount unit from systemd. I have also checked /etc/init.d/udev and /etc/init.d/mountdevsubfs.sh root@minecraft ~ # cat /etc/issue; uname -a Debian GNU/Linux 8 \n \l Linux minecraft 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt11-1+deb8u6 (2015-11-09) x86_64 GNU/Linux root@minecraft ~ # find /etc/systemd -name '*mount' root@minecraft ~ # find /etc/systemd -name '*.device' root@minecraft ~ # find /var/lib/systemd -name '*mount' root@minecraft ~ # find /var/lib/systemd -name '*.device' root@minecraft ~ # grep -ri pts /var/lib/systemd 1 root@minecraft ~ # grep -ri pts /etc/systemd :( 1 root@minecraft ~ # grep -ri pts /etc/udev :( 1 root@minecraft ~ # mount | grep pts :( devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000) root@minecraft ~ # cat /etc/default/devpts # GID of the `tty' group TTYGRP=5 # Set to 600 to have `mesg n' be the default TTYMODE=660 Where the can I change the default chmod? Thanks in advance and best regards, Dennis
Re: su chmod -755 /usr
Cheers Bob :) Uuummm - work files yes, system configs/settings not really. Any top tips, like where are the permission file/s? On 12 June 2015 at 22:07, Bob Proulx b...@proulx.com wrote: Julian Brooks wrote: All seems well, valuable lesson(s) learnt. Seriously thought it was terminal, appreciate the wisdom people. Glad to hear you solved your problem. In the future with a similar problem you would be able to restore your current system permissions from your backup. Not the entire backup files. But by using the permissions stored on the backup files you could reset the permissions on the live files. You do have a backup plan, right? :-) Bob
Re: su chmod -755 /usr
Julian Brooks wrote: All seems well, valuable lesson(s) learnt. Seriously thought it was terminal, appreciate the wisdom people. Glad to hear you solved your problem. In the future with a similar problem you would be able to restore your current system permissions from your backup. Not the entire backup files. But by using the permissions stored on the backup files you could reset the permissions on the live files. You do have a backup plan, right? :-) Bob signature.asc Description: Digital signature
Re: su chmod -755 /usr
Julian Brooks wrote: Cheers Bob :) Uuummm - work files yes, system configs/settings not really. Any top tips, like where are the permission file/s? I think you are asking what backup software would be recommended? There are many different ones. Let me point to a reference. https://wiki.debian.org/BackupAndRecovery Personally I always used to use rsync scripts for years. These days I am enjoying using BackupPC. But isn't to say that amanda or bacula or any of the others are not good too. They are all the same and all different. But you ask about permission files. I think perhaps I wasn't clear enough. For example I could run 'find' down the backup tree and print the file modes of the files there. cd /path/to/backup find . -type l -prune -o -printf chmod %m %p\n There are no whitespace in most files in /usr and therefore the above would print out a series of commands such as: chmod 755 . chmod 755 ./bin chmod 755 ./bin/vnc4server chmod 755 ./bin/xkbevd chmod 755 ./bin/pavucontrol chmod 755 ./bin/sg_dd chmod 755 ./bin/glxgears chmod 755 ./bin/sensors-conf-convert chmod 755 ./bin/etags.emacs24 chmod 755 ./bin/qemu-armeb ... chmod 4755 ./bin/sudo ... chmod 2755 ./games/hack Could then inspect the output for anything strange such as whitespace in filenames. Then run it as a script, perhaps after editing it. Bob signature.asc Description: Digital signature
Re: su chmod -755 /usr
Many thanks for the replies. (I did say I'm sketchy here) I was attempting to alter permissions on a folder. I then read that all folders leding up to it must also have permission altered. So I then mistakenly actually ran 'sudo chmod -755 /usr/lib/TheFolderIMeantToAlter' and all folders leading up to it /usr the [-] being the culprit (of course!!). Got to watch these late night system alterations. At some point sudo said NO. And I,being a schmuck, jumped to su to force the issue. All seems well, valuable lesson(s) learnt. Seriously thought it was terminal, appreciate the wisdom people. Many thanks, Julian On 10 June 2015 at 05:26, Mikael Flood the...@gmail.com wrote: Helllo Julian, Should just be to revert the change with 'chmod 755 /usr'. On 10 June 2015 at 05:40, Julian Brooks jbee...@gmail.com wrote: Hey all, Yes I'm an idiot... Not very experienced user here - 1st post: I mistakenly ran 'chmod -755 /usr'. How can I fix my permissions? Haven't rebooted yet, too scared. Currently getting around as root. Would prefer to avoid reinstall if possible. Cheers, Julian -- //Yours sincerely Mikael Flood
su chmod -755 /usr
Hey all, Yes I'm an idiot... Not very experienced user here - 1st post: I mistakenly ran 'chmod -755 /usr'. How can I fix my permissions? Haven't rebooted yet, too scared. Currently getting around as root. Would prefer to avoid reinstall if possible. Cheers, Julian
Re: su chmod -755 /usr
Julian Brooks jbee...@gmail.com writes: Hey all, Yes I'm an idiot... Not very experienced user here - 1st post: I mistakenly ran 'chmod -755 /usr'. How can I fix my permissions? Run 'chmod 755 /usr'. All your command did was remove permissions from the /usr directory. Just set them back the default. No need to reboot. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/48fc.5577ba04.18...@xdna.net
Re: su chmod -755 /usr
Helllo Julian, Should just be to revert the change with 'chmod 755 /usr'. On 10 June 2015 at 05:40, Julian Brooks jbee...@gmail.com wrote: Hey all, Yes I'm an idiot... Not very experienced user here - 1st post: I mistakenly ran 'chmod -755 /usr'. How can I fix my permissions? Haven't rebooted yet, too scared. Currently getting around as root. Would prefer to avoid reinstall if possible. Cheers, Julian -- //Yours sincerely Mikael Flood
chmod 777 e chown 777 acidentais
Caros, Tenho uma máquina aqui onde acidentalmente foi feito um chmod -R 777 /var e chown -R 777 /var (isso mesmo. chown. fazer as coisas com presa é uma merda. mas depois o cabra foi corrigindo) eu fiz um ls -lR /var desta máquina e de outra máquina e comparei os dois com o kdiff3, mas tem muita coisa diferente e acho que manualmente vai demorar demais. teria como o dpkg me listar o que está errado, pelo menos nos arquivos que o dpkg controla? Ou alguma outra sugestão? Fred -- To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/capr829nwqdwg6djc5rorbtpmqaevb9tttrxmiddb9btmbt0...@mail.gmail.com
Re: chmod 777 e chown 777 acidentais
Fred, boa noite! Eu acho que vc deve verificar quais programas em seu servidor esta rodando e gera log, ex: apache é o usuário www-data e assim por diante. Ou duvida vc rodou como root ou deu um sudo? Fabiano Enviado via iPhone Em 10/12/2012, às 16:55, Fred Maranhão fred.maran...@gmail.com escreveu: Caros, Tenho uma máquina aqui onde acidentalmente foi feito um chmod -R 777 /var e chown -R 777 /var (isso mesmo. chown. fazer as coisas com presa é uma merda. mas depois o cabra foi corrigindo) eu fiz um ls -lR /var desta máquina e de outra máquina e comparei os dois com o kdiff3, mas tem muita coisa diferente e acho que manualmente vai demorar demais. teria como o dpkg me listar o que está errado, pelo menos nos arquivos que o dpkg controla? Ou alguma outra sugestão? Fred -- To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/capr829nwqdwg6djc5rorbtpmqaevb9tttrxmiddb9btmbt0...@mail.gmail.com -- To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/8284e373-0aa8-48b0-a49d-4faa22432...@gmail.com
Re: chmod 777 e chown 777 acidentais
Em 10 de dezembro de 2012 20:53, Fabiano fabiano.santo...@gmail.com escreveu: Fred, boa noite! Eu acho que vc deve verificar quais programas em seu servidor esta rodando e gera log, ex: apache é o usuário www-data e assim por diante. Ou duvida vc rodou como root ou deu um sudo? como root. mas tem alguma diferença? Fabiano Enviado via iPhone Em 10/12/2012, às 16:55, Fred Maranhão fred.maran...@gmail.com escreveu: Caros, Tenho uma máquina aqui onde acidentalmente foi feito um chmod -R 777 /var e chown -R 777 /var (isso mesmo. chown. fazer as coisas com presa é uma merda. mas depois o cabra foi corrigindo) eu fiz um ls -lR /var desta máquina e de outra máquina e comparei os dois com o kdiff3, mas tem muita coisa diferente e acho que manualmente vai demorar demais. teria como o dpkg me listar o que está errado, pelo menos nos arquivos que o dpkg controla? Ou alguma outra sugestão? Fred -- To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/capr829nwqdwg6djc5rorbtpmqaevb9tttrxmiddb9btmbt0...@mail.gmail.com -- To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/capr829negvpuan5ljiyhoykrwcwlxx8upq3oxovaj_z6cd5...@mail.gmail.com
Re: kök dizinde hatalı chmod kullanımı
Merhaba, eminim daha doğru cevaplar veren kişiler olacaktır. Fakat ben bir forumda buna benzer bir soru görmüştüm verilen cevaplar arasında sisteminizi yeniden kurun gibi seçenekler de vardı. Forum şuydu sanırım.http://www.linuxquestions.org/questions/linux-general-1/restore-all-default-file-permissions-345624/ Forumda birisi şu linki kullanarak düzeltebilirsiniz demiş. Bir okuyun isterseniz. Gerçi çözüm RH için ama farklı çözümler de var devamında. http://www.cyberciti.biz/tips/reset-rhel-centos-fedora-package-file-permission.html On 19-03-2012 23:24, yalçın karagöz wrote: Merhaba arkadaşlar Bir nokta koymayı unuttum ve yanlışlıkla aşağıdaki komutu root olarak çalıştırdım; chmod -R 777 /* Hata yaptıgımı ekranda birçok yazının hızlıca geçmesinden sonra anladım ve komutu durdurdum. Tabii jetonun düşmesi biraz geç oldu. Şimdi sudo yapınca şu hata çıkıyor; y@debian:~$ sudo -s sudo: /etc/sudoers is mode 0777, should be 0440 sudo: no valid sudoers sources found, quitting sudo: unable to initialize policy plugin Sistem çalışmasında bir sorun yok, ama root olarak oturum açamıyorum, safe mode olarak boot ettiğimde de root konsoluna düşmüyor, oturum açılmıyor. Yapabileceğim bir şey var mı? Bu dosyanın izinini yaptıktan sonra başka herhangi bir risk olur mu? (ev kullanıcısı için) Cevaplarınız için teşekkürler. -- To UNSUBSCRIBE, email to debian-user-turkish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/blu0-smtp1541ced5a3176073e730d53eb...@phx.gbl
Re: kök dizinde hatalı chmod kullanımı
sudo için gerekli izin değişikliğini CD'den açılış yaparak gerçekleştirebilirsiniz. Diğer sorunlar hakkında bir bilgim yok, umarım hata mesajlarını veya ilgili kayıt dosyalarını inceleyerek sorunları adım adım çözebilirsiniz... 19 Mart 2012 23:22 tarihinde yalçın karagöz yalcin...@gmail.com yazdı: Merhaba arkadaşlar Bir nokta koymayı unuttum ve aşağıdaki komutu root olarak çalıştırdım; chmod -R 777 /* Hata yaptıgımı ekranda birçok yazının hızlıca geçmesinden sonra anladım ve komutu durdurdum. Tabii jetonun düşmesi biraz geç oldu. Şimdi sudo yapınca şu hata çıkıyor; y@debian:~$ sudo -s sudo: /etc/sudoers is mode 0777, should be 0440 sudo: no valid sudoers sources found, quitting sudo: unable to initialize policy plugin Sistem çalışmasında bir sorun yok, ama root olarak oturum açamıyorum, safe mode olarak boot ettiğimde de root konsoluna düşmüyor, oturum açılmıyor. Yapabileceğim bir şey var mı? Bu dosyanın izinini yaptıktan sonra başka herhangi bir risk olur mu? (ev kullanıcısı için) Cevaplarınız için teşekkürler. -- Saygılarımızı sunuyor, esenlikler diliyoruz Webyeri.com Destek Ekibi [des...@webyeri.com] __ Web için ihtiyacınız ne varsa, burada yeriniz hazır... Seçeneklerimiz için sitemizi ziyaret edin. www.webyeri.com : Yer sağlayıcınız... Hosting, Reseller, Master Reseller, VPS, Domain ve tasarım... Webyeri.com | Web'deki yeriniz... -- To UNSUBSCRIBE, email to debian-user-turkish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cal1ey_nx_adkryndobiyoefpzdkzfw5q2vbggou2k0e2...@mail.gmail.com
Re: kök dizinde hatalı chmod kullanımı
Merhaba, Sistemi yeniden kurmani oneririm. Sayet yeniden kurma sorun olacaksa, onemli programlari asagidaki gibi yeniden yukletebilirsin. Ornek; apt-get install --reinstall base-passwd passwd hangi pakete ait oldugunu bilmedigin program/dosta icinde dpkg -S dosya-paket-adi seklinde arama yapabilirsin. root olmak icinde acilista single mode yada gruba parametre olarak init=/bin/bash faydalanabilirsin. Gecmis olsun. On Tuesday, March 20, 2012 05:24 AM, yalçın karagöz wrote: Merhaba arkadaşlar Bir nokta koymayı unuttum ve yanlışlıkla aşağıdaki komutu root olarak çalıştırdım; chmod -R 777 /* Hata yaptıgımı ekranda birçok yazının hızlıca geçmesinden sonra anladım ve komutu durdurdum. Tabii jetonun düşmesi biraz geç oldu. Şimdi sudo yapınca şu hata çıkıyor; y@debian:~$ sudo -s sudo: /etc/sudoers is mode 0777, should be 0440 sudo: no valid sudoers sources found, quitting sudo: unable to initialize policy plugin Sistem çalışmasında bir sorun yok, ama root olarak oturum açamıyorum, safe mode olarak boot ettiğimde de root konsoluna düşmüyor, oturum açılmıyor. Yapabileceğim bir şey var mı? Bu dosyanın izinini yaptıktan sonra başka herhangi bir risk olur mu? (ev kullanıcısı için) Cevaplarınız için teşekkürler. -- To UNSUBSCRIBE, email to debian-user-turkish-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4f6819e9.6070...@gmail.com
Problem with chmod
Hi. I have got Ubuntu 11.04 installed on my pendrive. In /ME folder I have got some files.bin to upgrade the BIOS an so. The problem is that I can't execute them. It says I have no permissions.These are 7001 (last number refers back to the sticky bit) I'm trying to set 'sudo chmod 777 *', but I can't. Any idea? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/014f01cc0f02$042497c0$0c6dc740$@yahoo.es
Re: Problem with chmod
Go to the parent directory. Run sudo chmod -R 777 * On Tue, May 10, 2011 at 4:34 PM, Gorka gorkali...@yahoo.es wrote: Hi. I have got Ubuntu 11.04 installed on my pendrive. In /ME folder I have got some files.bin to upgrade the BIOS an so. The problem is that I can't execute them. It says I have no permissions.These are 7001 (last number refers back to the sticky bit) I'm trying to set 'sudo chmod 777 *', but I can't. Any idea? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/014f01cc0f02$042497c0$0c6dc740$@yahoo.es -- Wishing you the very best of everything, always!!! Kousik Maiti(কৌশিক মাইতি) Registered Linux User #474025 Registered Ubuntu User # 28654
RE: Problem with chmod
Parent directory is / Aparently it changes permissions to 777, but suddenly they turn into 7001 again. There is some kind of persistency. Chown works well, but chmod works so. De: Kousik Maiti [mailto:kousiks...@gmail.com] Enviado el: martes, 10 de mayo de 2011 13:17 Para: Gorka CC: LINUX EN Asunto: Re: Problem with chmod Go to the parent directory. Run sudo chmod -R 777 * On Tue, May 10, 2011 at 4:34 PM, Gorka gorkali...@yahoo.es wrote: Hi. I have got Ubuntu 11.04 installed on my pendrive. In /ME folder I have got some files.bin to upgrade the BIOS an so. The problem is that I can't execute them. It says I have no permissions.These are 7001 (last number refers back to the sticky bit) I'm trying to set 'sudo chmod 777 *', but I can't. Any idea? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/014f01cc0f02$042497c0$0c6dc740$@yahoo.es -- Wishing you the very best of everything, always!!! Kousik Maiti(কৌশিক মাইতি) Registered Linux User #474025 Registered Ubuntu User # 28654
Re: Problem with chmod
Gorka gorkali...@yahoo.es wrote: I have got Ubuntu 11.04 installed on my pendrive. In /ME folder I have got some files.bin to upgrade the BIOS an so. The problem is that I can't execute them. It says I have no permissions.These are 7001 (last number refers back to the sticky bit) I'm trying to set 'sudo chmod 777 *', but I can't. What filesystem have you put on the pendrive? Chris -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/tmqn98xii6@news.roaima.co.uk
RE: Problem with chmod
De: robo...@news.nic.it [mailto:robo...@news.nic.it] En nombre de Chris Davies Enviado el: martes, 10 de mayo de 2011 15:21 Gorka gorkali...@yahoo.es wrote: I have got Ubuntu 11.04 installed on my pendrive. In /ME folder I have got some files.bin to upgrade the BIOS an so. The problem is that I can't execute them. It says I have no permissions.These are 7001 (last number refers back to the sticky bit) I'm trying to set 'sudo chmod 777 *', but I can't. What filesystem have you put on the pendrive? Chris I have formated with FAT32 and then followed these instructions ... http://www.ubuntu.com/download/ubuntu/download ... to install bootable Ubuntu 11.04 on it. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/018d01cc0f22$4fa96cf0$eefc46d0$@yahoo.es
Re: Problem with chmod
On Tue, May 10, 2011 at 10:55 AM, Gorka gorkali...@yahoo.es wrote: De: robo...@news.nic.it [mailto:robo...@news.nic.it] En nombre de Chris Davies Enviado el: martes, 10 de mayo de 2011 15:21 Gorka gorkali...@yahoo.es wrote: I have got Ubuntu 11.04 installed on my pendrive. In /ME folder I have got some files.bin to upgrade the BIOS an so. The problem is that I can't execute them. It says I have no permissions.These are 7001 (last number refers back to the sticky bit) I'm trying to set 'sudo chmod 777 *', but I can't. What filesystem have you put on the pendrive? Chris I have formated with FAT32 and then followed these instructions ... http://www.ubuntu.com/download/ubuntu/download ... to install bootable Ubuntu 11.04 on it. check your mount options. (or post the output of 'mount') -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/banlktikvrnnl5a2g32lvulvsswb66u3...@mail.gmail.com
Re: Problem with chmod
On 05/10/2011 05:18 AM, Gorka wrote: Parent directory is / Aparently it changes permissions to 777, but suddenly they turn into 7001 again. There is some kind of persistency. Chown works well, but chmod works so. --deleted other suggestions for brevity-- Try creating a new directory somewhere else, copy the files into it and see if you can change the permissions there. Since you've created a bootable setup on a pendrive, it is possible that the root is a ram disk and this could (I suppose) be an issue. So you may want to run 'mount' with no arguments to see what devices are associated with mount points, and choose one that points to the pendrive itself. Or, if the pendrive is not mounted, you may be able to mount it manually and then do the mkdir/copy. -- Bob McGowan -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4dc95ffe.7050...@symantec.com
Re: Problem with chmod
Gorka gorkali...@yahoo.es wrote: I have got Ubuntu 11.04 installed on my pendrive. In /ME folder I have got some files.bin to upgrade the BIOS an so. The problem is that I can't execute them. It says I have no permissions.These are 7001 (last number refers back to the sticky bit) I'm trying to set 'sudo chmod 777 *', but I can't. Gorka gorkali...@yahoo.es wrote: I have formated with FAT32 and then followed these instructions ... http://www.ubuntu.com/download/ubuntu/download There's nothing in there, that I can see, that refers to upgrading the BIOS. The filesystem containing /ME is FAT. On FAT filesystems chmod doesn't do what many people expect - and that's what's happening in this case. Permission bits are mostly faked, so you either need to remount the filesystem to provide execute permission (see mount(1) and its mode keyword) or else copy the files out of the /ME filesystem onto a fully functional filesystem, such as one built as ext3. Chris -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/hhno98xnnd@news.roaima.co.uk
Re: Problemas com permissões chmod
Em Mon, 11 Jan 2010 23:51:43 -0200 gunix gustavo.gru...@gmail.com escreveu: Porem se eu de uma maquina linux ou até mesmo no serivodr se eu mandar criar um arquivo com o comando toutch e permissão não é dada para o grupo. O grupo fica com direito apenas de leitura, sendo que preciso que fique com permissão gravação. Gunix, tente usar umask 0002. Se quiser aplicar o umask para todos os usuários, talvez você queira ver o man pam_umask. -- To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Problemas com permissões chmod
Galera, tenho um servidor de arquivos, com samba e NFS rodando. Tenho um diretorio comum a um grupo de trabalho e com permissão, 770. drwsrws--- 13 root G_TI 4096 Jan 11 23:33 public_ti Setei o bit +s para que ao gravar o arquivo seja respeitado o grupo do diretorio e nao o grupo principal do usuário. Quanto a isso funciona bem. Porem se eu estiver naestação windows o arquivo na psata é travado corretamente, comn permissão 770. Ex: -rwxrwx--- 1 root G_TI 628168704 Jan 7 16:11 SW_CD_Windows_XP Porem se eu de uma maquina linux ou até mesmo no serivodr se eu mandar criar um arquivo com o comando toutch e permissão não é dada para o grupo. O grupo fica com direito apenas de leitura, sendo que preciso que fique com permissão gravação. ex: -rw-r--r-- 1 gcrocha G_TI0 Jan 11 23:39 teste Desta forma as demias pessoas do grupo não estão conseguindo alterar a permissão do arquivo. Como devo proceder para que a permissão seja dada. Testei = + - s 770 7770 MAs nada funciona. Aguardo quem puder me ajudar. att Gunix
Chmod
Alguém sabe de alguma forma para dar um chmod em uma lista de arquivos resultante de um ls? Queria fazer isso em linha de comando sem jogar o resultado do ls em um arquivo temporário. Abs -- To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Chmod
Olá, 2009/4/16 Fernando Xavier fernando.xav...@gmail.com: Alguém sabe de alguma forma para dar um chmod em uma lista de arquivos resultante de um ls? Não sei se funciona no seu caso mas você já deu uma olhada no xargs? Queria fazer isso em linha de comando sem jogar o resultado do ls em um arquivo temporário. Abs Abraço, -- Gunther Furtado Curitiba - Paraná - Brasil gunfurt...@gmail.com ...agora, só nos sobrou o futuro..., visto em www.manuchao.net -- To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Chmod
Perfeito! Era isso que precisava. Executei algo mais ou menos assim: find diretorio -mtime -1 -type f -print | xargs chmod 755 Muito obrigado! abs 2009/4/16 Gunther Furtado gunfurt...@gmail.com: Olá, 2009/4/16 Fernando Xavier fernando.xav...@gmail.com: Alguém sabe de alguma forma para dar um chmod em uma lista de arquivos resultante de um ls? Não sei se funciona no seu caso mas você já deu uma olhada no xargs? Queria fazer isso em linha de comando sem jogar o resultado do ls em um arquivo temporário. Abs Abraço, -- Gunther Furtado Curitiba - Paraná - Brasil gunfurt...@gmail.com ...agora, só nos sobrou o futuro..., visto em www.manuchao.net -- To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org -- To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Chmod
Em 16/4/2009 10:46, Fernando Xavier escreveu:
Alguém sabe de alguma forma para dar um chmod em uma lista de arquivos
resultante de um ls?
Queria fazer isso em linha de comando sem jogar o resultado do ls em
um arquivo temporário.
Abs
Você pode usar os coringas do shell se for algo simpes.
Ex:
# chmod 755 *
# chmod 640 *.txt
Também pode usar uma o find
# find ./ -type f -exec chmod 700 {} \;
Para casos mais complexos pode usar uma estrutura de repetição simples
# for i in `ls | egrep ^[0-9]`; do chmod 600 $i; done
Ou até mesmo utilizar o xargs para pegar a saída de qualquer outro
aplicativo e enfileirar como lista de parâmetros para outro aplicativo
# cat lista | xargs chmod 750
(ps.: onde lista seria um arquivo contendo uma lista de arquivos,
nesse caso)
A[]'s
--
To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: Chmod
Ainda prefiro um jeito mais fácil: chmod -vR 755 DIRETORIO tudo que tiver dentro desse diretório vaireceber os parâmetros tb. depois é só aplicar permissões especiais pra algumas pastas específicas 2009/4/16 Fernando Xavier fernando.xav...@gmail.com Perfeito! Era isso que precisava. Executei algo mais ou menos assim: find diretorio -mtime -1 -type f -print | xargs chmod 755 Muito obrigado! abs 2009/4/16 Gunther Furtado gunfurt...@gmail.com: Olá, 2009/4/16 Fernando Xavier fernando.xav...@gmail.com: Alguém sabe de alguma forma para dar um chmod em uma lista de arquivos resultante de um ls? Não sei se funciona no seu caso mas você já deu uma olhada no xargs? Queria fazer isso em linha de comando sem jogar o resultado do ls em um arquivo temporário. Abs Abraço, -- Gunther Furtado Curitiba - Paraná - Brasil gunfurt...@gmail.com ...agora, só nos sobrou o futuro..., visto em www.manuchao.net -- To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org -- To UNSUBSCRIBE, email to debian-user-portuguese-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: problem with chmod
On Fri, Apr 03, 2009 at 12:22:49AM +0800, Bret Busby wrote: bretnewworkstation:~# ls -l /data total 780 -rw-r--r-- 1 bret bret 382652 2009-04-03 00:03 *.* -rw-r--r-- 1 bret bret 382652 2009-04-03 00:04 WonkyAcerWebPage_Iceape.jpg That looks a bit suspicious. -- Chris. == I contend that we are both atheists. I just believe in one fewer god than you do. When you understand why you dismiss all the other possible gods, you will understand why I dismiss yours. -- Stephen F Roberts -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
problem with chmod
I have created a new data partition for a Ubuntu/Debian dual boot system, using gparted from the Debian 4 installation. Now I have to figure out how to make the new data partition accessible. chmod (from the Debian system) seems to be designed to frustrate. it used to be that using a syntax like chmod 777 target would make a file/directory able to be written to and read from (and executed) by anyone. I know that is how the syntax used to be, because I remember a person (on a UNIX system) losing his account, when he accidentally entered chmod . , which changed his . file permissions to zero, and not even the sysadmin could save his account, so he had to be issued with a new account. And, I have used the numbers for permissions in Linux, when I have previously had to change permissions, when FTP'ing files up to web sites. Now, it seems, that doesn't work anymore, and I can't figure out how to make chmod work. I have tried using what I understand to be the required syntax from man chmod for Debian 4, but I can't get it to work. It returns errors for the syntax. If I use the format above, no error is returned; it just doesn't do anything. chmod 777 /data bretnewworkstation:~# ls -l /data total 16 drwx-- 2 root root 16384 2009-04-02 17:34 lost+found Attempts: bretnewworkstation:~# chmod 777 /data bretnewworkstation:~# ls -l /data total 16 drwx-- 2 root root 16384 2009-04-02 17:34 lost+found bretnewworkstation:~# chmod rwxXstugoa /data chmod: invalid mode: `rwxXstugoa' Try `chmod --help' for more information. bretnewworkstation:~# chmod +rwxXstugoa /data chmod: invalid mode: `+rwxXstugoa' Try `chmod --help' for more information. bretnewworkstation:~# chmod --help Usage: chmod [OPTION]... MODE[,MODE]... FILE... or: chmod [OPTION]... OCTAL-MODE FILE... or: chmod [OPTION]... --reference=RFILE FILE... Change the mode of each FILE to MODE. -c, --changes like verbose but report only when a change is made --no-preserve-root do not treat `/' specially (the default) --preserve-root fail to operate recursively on `/' -f, --silent, --quiet suppress most error messages -v, --verbose output a diagnostic for every file processed --reference=RFILE use RFILE's mode instead of MODE values -R, --recursive change files and directories recursively --help display this help and exit --version output version information and exit Each MODE is of the form `[ugoa]*([-+=]([rwxXst]*|[ugo]))+'. Report bugs to bug-coreut...@gnu.org. bretnewworkstation:~# chmod ugoa*+ rwx /data chmod: invalid mode: `ugoa*+' Try `chmod --help' for more information. bretnewworkstation:~# chmod ugoa*+ rwx /dev/hda8 chmod: invalid mode: `ugoa*+' Try `chmod --help' for more information. The current status of the partition is: ls -l /data total 16 drwx-- 2 root root 16384 2009-04-02 17:34 lost+found The Debian fstab entry (I edited the fstab file, to incorporate the partition, from the Debian side) is /dev/hdc8 /data ext3defaults0 0 Any helpful suggestions would be appreciated. -- Bret Busby Armadale West Australia .. So once you do know what the question actually is, you'll know what the answer means. - Deep Thought, Chapter 28 of Book 1 of The Hitchhiker's Guide to the Galaxy: A Trilogy In Four Parts, written by Douglas Adams, published by Pan Books, 1992 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: problem with chmod
On Thu, Apr 02, 2009 at 07:55:59PM +0800, Bret Busby wrote: I have created a new data partition for a Ubuntu/Debian dual boot system, using gparted from the Debian 4 installation. [snip] chmod 777 /data I think when you use octects you have to prefix with 0 so try chmod 0777 /data bretnewworkstation:~# ls -l /data total 16 drwx-- 2 root root 16384 2009-04-02 17:34 lost+found Attempts: bretnewworkstation:~# chmod 777 /data bretnewworkstation:~# ls -l /data total 16 drwx-- 2 root root 16384 2009-04-02 17:34 lost+found bretnewworkstation:~# chmod rwxXstugoa /data can't have xX on the same option chmod: invalid mode: `rwxXstugoa' Try `chmod --help' for more information. bretnewworkstation:~# chmod +rwxXstugoa /data chmod: invalid mode: `+rwxXstugoa' Try `chmod --help' for more information. bretnewworkstation:~# chmod --help Usage: chmod [OPTION]... MODE[,MODE]... FILE... or: chmod [OPTION]... OCTAL-MODE FILE... or: chmod [OPTION]... --reference=RFILE FILE... Change the mode of each FILE to MODE. -c, --changes like verbose but report only when a change is made --no-preserve-root do not treat `/' specially (the default) --preserve-root fail to operate recursively on `/' -f, --silent, --quiet suppress most error messages -v, --verbose output a diagnostic for every file processed --reference=RFILE use RFILE's mode instead of MODE values -R, --recursive change files and directories recursively --help display this help and exit --version output version information and exit Each MODE is of the form `[ugoa]*([-+=]([rwxXst]*|[ugo]))+'. Report bugs to bug-coreut...@gnu.org. bretnewworkstation:~# chmod ugoa*+ rwx /data chmod: invalid mode: `ugoa*+' Try `chmod --help' for more information. bretnewworkstation:~# chmod ugoa*+ rwx /dev/hda8 chmod: invalid mode: `ugoa*+' Try `chmod --help' for more information. maybe try chmod u=rwx,g=rwx,o=rwx /data or chmod ugo=rwx /data that should work The current status of the partition is: ls -l /data total 16 drwx-- 2 root root 16384 2009-04-02 17:34 lost+found The Debian fstab entry (I edited the fstab file, to incorporate the partition, from the Debian side) is /dev/hdc8 /data ext3defaults0 0 Any helpful suggestions would be appreciated. -- Q: How many hardware engineers does it take to change a light bulb? A: None. We'll fix it in software. Q: How many system programmers does it take to change a light bulb? A: None. The application can work around it. Q: How many software engineers does it take to change a light bulb? A: None. We'll document it in the manual. Q: How many tech writers does it take to change a light bulb? A: None. The user can figure it out. signature.asc Description: Digital signature
Re: problem with chmod
Bret Busby wrote: I have created a new data partition for a Ubuntu/Debian dual boot system, using gparted from the Debian 4 installation. Now I have to figure out how to make the new data partition accessible. chmod (from the Debian system) seems to be designed to frustrate. it used to be that using a syntax like chmod 777 target would make a file/directory able to be written to and read from (and executed) by anyone. I know that is how the syntax used to be, because I remember a person (on a UNIX system) losing his account, when he accidentally entered chmod . , which changed his . file permissions to zero, and not even the sysadmin could save his account, so he had to be issued with a new account. And, I have used the numbers for permissions in Linux, when I have previously had to change permissions, when FTP'ing files up to web sites. Now, it seems, that doesn't work anymore, and I can't figure out how to make chmod work. I have tried using what I understand to be the required syntax from man chmod for Debian 4, but I can't get it to work. It returns errors for the syntax. If I use the format above, no error is returned; it just doesn't do anything. chmod 777 /data bretnewworkstation:~# ls -l /data total 16 drwx-- 2 root root 16384 2009-04-02 17:34 lost+found Attempts: bretnewworkstation:~# chmod 777 /data bretnewworkstation:~# ls -l /data total 16 drwx-- 2 root root 16384 2009-04-02 17:34 lost+found bretnewworkstation:~# chmod rwxXstugoa /data chmod: invalid mode: `rwxXstugoa' Try `chmod --help' for more information. bretnewworkstation:~# chmod +rwxXstugoa /data chmod: invalid mode: `+rwxXstugoa' Try `chmod --help' for more information. bretnewworkstation:~# chmod --help Usage: chmod [OPTION]... MODE[,MODE]... FILE... or: chmod [OPTION]... OCTAL-MODE FILE... or: chmod [OPTION]... --reference=RFILE FILE... Change the mode of each FILE to MODE. -c, --changes like verbose but report only when a change is made --no-preserve-root do not treat `/' specially (the default) --preserve-root fail to operate recursively on `/' -f, --silent, --quiet suppress most error messages -v, --verbose output a diagnostic for every file processed --reference=RFILE use RFILE's mode instead of MODE values -R, --recursive change files and directories recursively --help display this help and exit --version output version information and exit Each MODE is of the form `[ugoa]*([-+=]([rwxXst]*|[ugo]))+'. Report bugs to bug-coreut...@gnu.org. bretnewworkstation:~# chmod ugoa*+ rwx /data chmod: invalid mode: `ugoa*+' Try `chmod --help' for more information. bretnewworkstation:~# chmod ugoa*+ rwx /dev/hda8 chmod: invalid mode: `ugoa*+' Try `chmod --help' for more information. The current status of the partition is: ls -l /data total 16 drwx-- 2 root root 16384 2009-04-02 17:34 lost+found The Debian fstab entry (I edited the fstab file, to incorporate the partition, from the Debian side) is /dev/hdc8 /data ext3defaults0 0 Any helpful suggestions would be appreciated. -- Bret Busby Armadale West Australia .. So once you do know what the question actually is, you'll know what the answer means. - Deep Thought, Chapter 28 of Book 1 of The Hitchhiker's Guide to the Galaxy: A Trilogy In Four Parts, written by Douglas Adams, published by Pan Books, 1992 Is your partition mounted rw? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: problem with chmod
Bret Busby wrote: I have created a new data partition for a Ubuntu/Debian dual boot system, using gparted from the Debian 4 installation. Now I have to figure out how to make the new data partition accessible. chmod (from the Debian system) seems to be designed to frustrate. it used to be that using a syntax like chmod 777 target would make a file/directory able to be written to and read from (and executed) by anyone. I know that is how the syntax used to be, because I remember a person (on a UNIX system) losing his account, when he accidentally entered chmod . , which changed his . file permissions to zero, and not even the sysadmin could save his account, so he had to be issued with a new account. This has nothing to do with the problem, but even if all files under the user's home had been chmod'ed to no access at all, it should be possible to recover. Unless there is a backup, it would be hard to get the exact permissions, but under a user's home there shouldn't be many cases where specific permissions are needed. Adding read and write permissions to file, and read-write-execute to directories should allow him to logon and later fix manually other permissions, such as adding execute permissions to scripts. And, I have used the numbers for permissions in Linux, when I have previously had to change permissions, when FTP'ing files up to web sites. Now, it seems, that doesn't work anymore, and I can't figure out how to make chmod work. I have tried using what I understand to be the required syntax from man chmod for Debian 4, but I can't get it to work. It returns errors for the syntax. If I use the format above, no error is returned; it just doesn't do anything. chmod 777 /data You're changing the permissions of the directory... bretnewworkstation:~# ls -l /data total 16 drwx-- 2 root root 16384 2009-04-02 17:34 lost+found ... but looking at the contents of the directory. To check the permissions on /data itself, try ls -l -d /data To chmod what's inside the directory, you can use the -R option, but since it's empty, there's no need to do that. Anyway, what happens if you try to write something under /data? -- I am a jelly donut. I am a jelly donut. Eduardo M KALINOWSKI edua...@kalinowski.com.br -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: problem with chmod
On Thu, Apr 2, 2009 at 6:55 AM, Bret Busby b...@busby.net wrote:
I know that is how the syntax used to be, because I remember a person (on a
UNIX system) losing his account, when he accidentally entered
chmod .
, which changed his . file permissions to zero, and not even the sysadmin
could save his account, so he had to be issued with a new account.
While this isn't specific to your issue (as I feel other responses in this
thread have answered your question adequately), there is nothing a user can
do with chmod to his or her home directory that the root account can't
recover. For your friend's account, the following could have been performed
to get him started:
# find /home/username -type d -exec chmod 711 {} \;
# find /home/username -type f -exec chmod 640 {} \;
While this may not have set up everything exactly as your friend would have
preferred it, it would have made his account accessible to him again. He
could then add appropriate permissions to things he wanted to grant public
access to (for example a public_html directory).
--
Chris
Re: problem with chmod
On Thu, 2 Apr 2009, Alex Samad wrote: On Thu, Apr 02, 2009 at 07:55:59PM +0800, Bret Busby wrote: I have created a new data partition for a Ubuntu/Debian dual boot system, using gparted from the Debian 4 installation. [snip] chmod 777 /data I think when you use octects you have to prefix with 0 so try chmod 0777 /data bretnewworkstation:~# chmod 0777 /data bretnewworkstation:~# ls -l /data total 16 drwx-- 2 root root 16384 2009-04-02 17:34 lost+found That didn't work. bretnewworkstation:~# ls -l /data total 16 drwx-- 2 root root 16384 2009-04-02 17:34 lost+found Attempts: bretnewworkstation:~# chmod 777 /data bretnewworkstation:~# ls -l /data total 16 drwx-- 2 root root 16384 2009-04-02 17:34 lost+found bretnewworkstation:~# chmod rwxXstugoa /data can't have xX on the same option chmod: invalid mode: `rwxXstugoa' Try `chmod --help' for more information. bretnewworkstation:~# chmod +rwxXstugoa /data chmod: invalid mode: `+rwxXstugoa' Try `chmod --help' for more information. bretnewworkstation:~# chmod --help Usage: chmod [OPTION]... MODE[,MODE]... FILE... or: chmod [OPTION]... OCTAL-MODE FILE... or: chmod [OPTION]... --reference=RFILE FILE... Change the mode of each FILE to MODE. -c, --changes like verbose but report only when a change is made --no-preserve-root do not treat `/' specially (the default) --preserve-root fail to operate recursively on `/' -f, --silent, --quiet suppress most error messages -v, --verbose output a diagnostic for every file processed --reference=RFILE use RFILE's mode instead of MODE values -R, --recursive change files and directories recursively --help display this help and exit --version output version information and exit Each MODE is of the form `[ugoa]*([-+=]([rwxXst]*|[ugo]))+'. Report bugs to bug-coreut...@gnu.org. bretnewworkstation:~# chmod ugoa*+ rwx /data chmod: invalid mode: `ugoa*+' Try `chmod --help' for more information. bretnewworkstation:~# chmod ugoa*+ rwx /dev/hda8 chmod: invalid mode: `ugoa*+' Try `chmod --help' for more information. maybe try chmod u=rwx,g=rwx,o=rwx /data That didn't work; bretnewworkstation:~# chmod u=rwx,g=rwx,o=rwx /data bretnewworkstation:~# ls -l /data total 16 drwx-- 2 root root 16384 2009-04-02 17:34 lost+found or chmod ugo=rwx /data that should work bretnewworkstation:~# chmod ugo=rwx /data bretnewworkstation:~# ls -l /data total 16 drwx-- 2 root root 16384 2009-04-02 17:34 lost+found That also didn't work. The current status of the partition is: ls -l /data total 16 drwx-- 2 root root 16384 2009-04-02 17:34 lost+found The Debian fstab entry (I edited the fstab file, to incorporate the partition, from the Debian side) is /dev/hdc8 /data ext3defaults0 0 Any helpful suggestions would be appreciated. Thank you anyway, for the suggestions. -- Bret Busby Armadale West Australia .. So once you do know what the question actually is, you'll know what the answer means. - Deep Thought, Chapter 28 of Book 1 of The Hitchhiker's Guide to the Galaxy: A Trilogy In Four Parts, written by Douglas Adams, published by Pan Books, 1992 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: problem with chmod
On Thu, 2 Apr 2009, Eduardo M KALINOWSKI wrote: If I use the format above, no error is returned; it just doesn't do anything. chmod 777 /data You're changing the permissions of the directory... bretnewworkstation:~# ls -l /data total 16 drwx-- 2 root root 16384 2009-04-02 17:34 lost+found ... but looking at the contents of the directory. To check the permissions on /data itself, try ls -l -d /data bretnewworkstation:~# ls -l -d /data drwxrwxrwx 3 root root 4096 2009-04-02 17:34 /data To chmod what's inside the directory, you can use the -R option, but since it's empty, there's no need to do that. Anyway, what happens if you try to write something under /data? bretnewworkstation:~# ls -l /data total 780 -rw-r--r-- 1 bret bret 382652 2009-04-03 00:03 *.* drwxr-xr-x 5 bret bret 4096 2009-02-28 10:35 Downloads drwx-- 2 root root 16384 2009-04-02 17:34 lost+found -rw-r--r-- 1 bret bret 382652 2009-04-03 00:04 WonkyAcerWebPage_Iceape.jpg bretnewworkstation:~# du -sh /data 2.4G/data Something, of all of the actions attempted, has worked. Which, I do not know. The File Browser window had been left open, through all of the attempts to change the protections, and the padlock icon at the data entry in the filesystem tree, had remained, as had the permissions in the Properties window for the /data listing. When I refreshed the File Browser window, after having run the ls -l -d /data command, the padlock icon disappeared, and the permissions showed the partition to be writable, and so I copied the data across to that partition; first a single file, and then, a directory (Downloads). So, thank you to everyone for your help, and, it is probable that my It didn't work responses, were completely wrong, so, unfortunately, I do not know what did work, and what did not work. I apologise for the time that I would have caused people to waste, through my not using the correct ls command. -- I am a jelly donut. I am a jelly donut. And that about says how intelligent I feel. :| -- Bret Busby Armadale West Australia .. So once you do know what the question actually is, you'll know what the answer means. - Deep Thought, Chapter 28 of Book 1 of The Hitchhiker's Guide to the Galaxy: A Trilogy In Four Parts, written by Douglas Adams, published by Pan Books, 1992 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: problem with chmod
On Thu, 2 Apr 2009, Christofer C. Bell wrote:
On Thu, Apr 2, 2009 at 6:55 AM, Bret Busby b...@busby.net wrote:
I know that is how the syntax used to be, because I remember a person (on a
UNIX system) losing his account, when he accidentally entered
chmod .
, which changed his . file permissions to zero, and not even the sysadmin
could save his account, so he had to be issued with a new account.
While this isn't specific to your issue (as I feel other responses in this
thread have answered your question adequately), there is nothing a user can
do with chmod to his or her home directory that the root account can't
recover. For your friend's account, the following could have been performed
to get him started:
# find /home/username -type d -exec chmod 711 {} \;
# find /home/username -type f -exec chmod 640 {} \;
While this may not have set up everything exactly as your friend would have
preferred it, it would have made his account accessible to him again. He
could then add appropriate permissions to things he wanted to grant public
access to (for example a public_html directory).
What our understanding was at the time, and this is going back about
20-odd years, now, and just starting to learn about UNIX, was that what
the student had done (we were then students at a technical college,
named in some countries, a polytechnic), was that he, by using
chmod . CR
had set the permissions on the . file of his account, to 000, and, as
such, had made the . file on his account, completely inaccessible to
everyone, including the superuser, and, as the . file is the root of the
account, he had effectively made his account, totally inaccessible to
everyone, including the superuser.
From memory, it was on a SCO UNIX System V system, running on a LabTam
minicomputer (it was a comparatively small technical college). The
technical college also had a PDP 11/44, but that ran RSTS/e and, on
occasion, RTS (I think it was), and was connected to the network of
technical colleges, and to the VAX11/750, running VAX VMS (for FORTRAN
and COBOL programming). I think that the network porotocol; was DECnet.
--
Bret Busby
Armadale
West Australia
..
So once you do know what the question actually is,
you'll know what the answer means.
- Deep Thought,
Chapter 28 of Book 1 of
The Hitchhiker's Guide to the Galaxy:
A Trilogy In Four Parts,
written by Douglas Adams,
published by Pan Books, 1992
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: problem with chmod
In pine.lnx.4.64.0904030026100.14...@bretnewworkstation.busby.net, Bret Busby wrote: had set the permissions on the . file of his account, to 000, and, as such, had made the . file on his account, completely inaccessible to everyone, including the superuser, and, as the . file is the root of the account, he had effectively made his account, totally inaccessible to everyone, including the superuser. Outside of enhanced access controls like SELinux and AppArmor, processes with the euid of 0 ignore permission bits. Even if you chmod 000 a file on purpose, a superuser can chmod it to whatever they like, read the entire contents (and commit them to memory), replace the contents with half-truths about your love-life--basically whatever they want. From memory, it was on a SCO UNIX System V system, running on a LabTam While I haven't logged in to a SCO UNIX system, ever, I highly doubt that they would prevent the superuser from changing permissions on a file, even if it was chmod 000. -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/\_/ signature.asc Description: This is a digitally signed message part.
Re: problem with chmod
On Thu, Apr 02, 2009 at 09:42:38AM -0300, Eduardo M KALINOWSKI wrote: Bret Busby wrote: [snip] ... but looking at the contents of the directory. To check the permissions on /data itself, try ls -l -d /data how easy it is to miss the simple things ... [snip] -- You can't cheat the phone company. signature.asc Description: Digital signature
Re: NTFS: 3g won't shut up on chmod/chown errors
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dexter Filmore wrote: Won't do me good, lots of subdirs where I need to copy selections. Will mount on another machine and copy over 100MBit, will have to do. Filed a bug report, we'll see. In the meantime you could have a look at rsync. It has multiple options of including or excluding certain subdirectories or files (based on names with wild cards, etc.). 'man rsync' is a rather long read, but it's really a powerful tool to copy or sync directories on the same computer or over a network. It normally runs over ssh, so it is secure as well. HTH, Johannes -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkklcTYACgkQC1NzPRl9qEXcQwCeNGITGmg222By0YJD7WLRhhB0 gbcAn1loop8sL+8yD9PTNylqwmci/U7H =vXiN -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: NTFS: 3g won't shut up on chmod/chown errors
Dexter Filmore wrote: I use these options to mount an NTFS partition: users,gid=fuse,umask=0002,silent,utf8,locale=de_DE.utf8 Now silent is supposed to suppress warnings on chmod/chown errors, each time a copy operation is completed I get couldn't change permissions on XY I need to copy a pretty big range of files to that disk soon and really can't take konqueror throwing an error dialog at me for each and every operation. Whatever is wrong with good old 'cp'? You can just add a redirect to /dev/null if the warnings bother you. In another well known debian spinoff this works alright so what do I have here? Bug in ntfs-3g? Dex -- If you can't explain it simply, you don't understand it well enough. -- Albert Einstein -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: NTFS: 3g won't shut up on chmod/chown errors
Am Mittwoch, 19. November 2008 09:02:03 schrieb Raj Kiran Grandhi: Dexter Filmore wrote: I use these options to mount an NTFS partition: users,gid=fuse,umask=0002,silent,utf8,locale=de_DE.utf8 Now silent is supposed to suppress warnings on chmod/chown errors, each time a copy operation is completed I get couldn't change permissions on XY I need to copy a pretty big range of files to that disk soon and really can't take konqueror throwing an error dialog at me for each and every operation. Whatever is wrong with good old 'cp'? You can just add a redirect to /dev/null if the warnings bother you. What's wrong with the driver working as supposed to? -- -BEGIN GEEK CODE BLOCK- Version: 3.12 GCS d--(+)@ s-:+ a C UL++ P+++ L+++ E-- W++ N o? K- w--(---) !O M+ V- PS+ PE Y++ PGP t++(---)@ 5 X+(++) R+(++) tv--(+)@ b++(+++) DI+++ D- G++ e* h++ r* y? --END GEEK CODE BLOCK-- http://www.vorratsdatenspeicherung.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: NTFS: 3g won't shut up on chmod/chown errors
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dexter Filmore wrote: Am Mittwoch, 19. November 2008 09:02:03 schrieb Raj Kiran Grandhi: Whatever is wrong with good old 'cp'? You can just add a redirect to /dev/null if the warnings bother you. What's wrong with the driver working as supposed to? Nothing. Raj just tried to help with a work around. Cheers, Johannes -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkkYsUACgkQC1NzPRl9qEVybwCeJRyKccbQ1e3Vi4aVjI8xAhIu GZUAn3jgKEbBxbEU1BTjuTWJJX4ekl9q =G1Rc -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: NTFS: 3g won't shut up on chmod/chown errors
Am Mittwoch, 19. November 2008 20:02:33 schrieb Johannes Wiedersich: Dexter Filmore wrote: Am Mittwoch, 19. November 2008 09:02:03 schrieb Raj Kiran Grandhi: Whatever is wrong with good old 'cp'? You can just add a redirect to /dev/null if the warnings bother you. What's wrong with the driver working as supposed to? Nothing. Raj just tried to help with a work around. Won't do me good, lots of subdirs where I need to copy selections. Will mount on another machine and copy over 100MBit, will have to do. Filed a bug report, we'll see. -- -BEGIN GEEK CODE BLOCK- Version: 3.12 GCS d--(+)@ s-:+ a C UL++ P+++ L+++ E-- W++ N o? K- w--(---) !O M+ V- PS+ PE Y++ PGP t++(---)@ 5 X+(++) R+(++) tv--(+)@ b++(+++) DI+++ D- G++ e* h++ r* y? --END GEEK CODE BLOCK-- http://www.vorratsdatenspeicherung.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
NTFS: 3g won't shut up on chmod/chown errors
I use these options to mount an NTFS partition: users,gid=fuse,umask=0002,silent,utf8,locale=de_DE.utf8 Now silent is supposed to suppress warnings on chmod/chown errors, each time a copy operation is completed I get couldn't change permissions on XY I need to copy a pretty big range of files to that disk soon and really can't take konqueror throwing an error dialog at me for each and every operation. In another well known debian spinoff this works alright so what do I have here? Bug in ntfs-3g? Dex -- -BEGIN GEEK CODE BLOCK- Version: 3.12 GCS d--(+)@ s-:+ a C UL++ P+++ L+++ E-- W++ N o? K- w--(---) !O M+ V- PS+ PE Y++ PGP t++(---)@ 5 X+(++) R+(++) tv--(+)@ b++(+++) DI+++ D- G++ e* h++ r* y? --END GEEK CODE BLOCK-- http://www.vorratsdatenspeicherung.de -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: chmod, or better solutions ?
Jochen Schulz wrote:
The only idea that pops into my mind would be chroots for every user.
But I don't see a point in doing that.
Maybe just one chroot with absolute minimal software available for all users
or perhaps use ${YOUR_FAVOURITE_VIRTUALIZATION_SOFTWARE_HERE}?
--
Juha Tuuna
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: chmod, or better solutions ?
Shams Fantar wrote:
Hi all,
I'd like to know if it's very fine and clean to chmod -R 700 / ; Or
are there any better solutions ? My purpose beeing that local users
can't access/read any file which isn't in their own home directory.
Regards,
Isn't it enough to just secure the home dirs? You probably want the
users to execute programs in /usr. Then I would just do
find /home -type d -exec chmod 700 {} \;
find /home -type f -exec chmod 600 {} \;
so that all files in /home are only accessible to the user. Then, of
course, you need to change the default umask to 0077 to make sure all
new files have the right permissions.
Sjoerd
signature.asc
Description: OpenPGP digital signature
chmod, or better solutions ?
Hi all, I'd like to know if it's very fine and clean to chmod -R 700 / ; Or are there any better solutions ? My purpose beeing that local users can't access/read any file which isn't in their own home directory. Regards, -- http://snurf.info Civil Engineering section project : http://civil-e-section.org « A book is like a garden carried in the pocket. » -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: chmod, or better solutions ?
Shams Fantar: I'd like to know if it's very fine and clean to chmod -R 700 / ; This will prevent non-root users from reading *any* file on the system. If user 'shams' wants to list his home directory /home/shams, he has to have permissions to list / and /home as well. Or are there any better solutions ? My purpose beeing that local users can't access/read any file which isn't in their own home directory. The only idea that pops into my mind would be chroots for every user. But I don't see a point in doing that. J. -- Driving behind lorries carrying hazardous chemicals makes me wish for a simpler life. [Agree] [Disagree] http://www.slowlydownward.com/NODATA/data_enter2.html signature.asc Description: Digital signature
Re: chmod, or better solutions ?
Shams Fantar wrote: Hi all, I'd like to know if it's very fine and clean to chmod -R 700 / ; Or are there any better solutions ? My purpose beeing that local users can't access/read any file which isn't in their own home directory. No, this is definitely wrong approach - risk to get broken system is very high. What task do you want to do? -- Eugene V. Lyubimkin aka JackYF, Ukrainian C++ developer. signature.asc Description: OpenPGP digital signature
Re: chmod, or better solutions ?
On Sun, Oct 12, 2008 at 03:56:09PM +0200, Shams Fantar wrote: Hi all, I'd like to know if it's very fine and clean to chmod -R 700 / ; Or are there any better solutions ? My purpose beeing that local users can't access/read any file which isn't in their own home directory. Most likely it is not what you want and very bad idea. What will you gain by doing this in cool mind. (This will probably provide broken system to users since he can not even access /bin/bash :-) You should read: http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: chmod, or better solutions ?
Osamu Aoki wrote: On Sun, Oct 12, 2008 at 03:56:09PM +0200, Shams Fantar wrote: Hi all, I'd like to know if it's very fine and clean to chmod -R 700 / ; Or are there any better solutions ? My purpose beeing that local users can't access/read any file which isn't in their own home directory. Most likely it is not what you want and very bad idea. What will you gain by doing this in cool mind. (This will probably provide broken system to users since he can not even access /bin/bash :-) You should read: http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html Thank you, I'm going to read these pages. I'll come back if I don't have the answers I want. ;-) See you, -- http://snurf.info Civil Engineering section project : http://civil-e-section.org « A book is like a garden carried in the pocket. » -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: chmod, or better solutions ?
Eugene V. Lyubimkin wrote: Shams Fantar wrote: Hi all, I'd like to know if it's very fine and clean to chmod -R 700 / ; Or are there any better solutions ? My purpose beeing that local users can't access/read any file which isn't in their own home directory. No, this is definitely wrong approach - risk to get broken system is very high. What task do you want to do? My purpose beeing that local users can't access/read any file which isn't in their own home directory. :P -- http://snurf.info Civil Engineering section project : http://civil-e-section.org « A book is like a garden carried in the pocket. » -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: chmod, or better solutions ?
Jochen Schulz wrote: Shams Fantar: I'd like to know if it's very fine and clean to chmod -R 700 / ; This will prevent non-root users from reading *any* file on the system. If user 'shams' wants to list his home directory /home/shams, he has to have permissions to list / and /home as well. Or are there any better solutions ? My purpose beeing that local users can't access/read any file which isn't in their own home directory. The only idea that pops into my mind would be chroots for every user. But I don't see a point in doing that. J. Yes, this is what I was thinking. -- http://snurf.info Civil Engineering section project : http://civil-e-section.org « A book is like a garden carried in the pocket. » -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: chmod, or better solutions ?
Shams Fantar writes: I'd like to know if it's very fine and clean to chmod -R 700 / That would be a very, very, very bad idea. It would cripple your system and you would probably end up reinstalling. My purpose beeing that local users can't access/read any file which isn't in their own home directory. Then they would not be able to run any programs. What are you trying to achieve? You can easily arrange for them not to be able to access each other's files. -- John Hasler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: chmod, or better solutions ?
On 10/12/08 08:56, Shams Fantar wrote: Hi all, I'd like to know if it's very fine and clean to chmod -R 700 / ; Or are there any better solutions ? My purpose beeing that local users can't access/read any file which isn't in their own home directory. As others have said, this is pretty much guaranteed to break your system. Here's something that will *mostly* work, and is restricted to simply adding the Read bit to All users. # chmod -R a+r /home The problem is that this command is also a bit broad, and you'll have to go back and fix everyone's ~/.gnupg plus maybe some others that I can't think of at the moment. -- Ron Johnson, Jr. Jefferson LA USA Help a man when he is in trouble and he will remember you when he is in trouble again. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: chmod, or better solutions ?
John Hasler wrote: Shams Fantar writes: My purpose beeing that local users can't access/read any file which isn't in their own home directory. Then they would not be able to run any programs. What are you trying to achieve? You can easily arrange for them not to be able to access each other's files. Just to complement, even if you give access to /bin, /usr/bin and other places where there are programs, these programs may need other files to work, sometimes even system files. The innocent 'ls', for example, needs access to /etc/passwd in order to map numerical user ids to their names in long listings. -- Stellar rays prove fibbing never pays. Embezzlement is another matter. Eduardo M KALINOWSKI [EMAIL PROTECTED] http://move.to/hpkb -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: chmod, or better solutions ?
On Sun, Oct 12, 2008 at 03:56:09PM +0200, Shams Fantar wrote: Hi all, I'd like to know if it's very fine and clean to chmod -R 700 / ; Or are there any better solutions ? My purpose beeing that local users can't access/read any file which isn't in their own home directory. So they can't ls or vim? or do you mean documentation under /usr/share/doc/... Can you give an example of what goes wrong and the error message(s)? -- Chris. == I contend that we are both atheists. I just believe in one fewer god than you do. When you understand why you dismiss all the other possible gods, you will understand why I dismiss yours. -- Sir Stephen Henry Roberts -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Apache+PHP-suPHP+Suhosin = chmod Problems
Hi! I'm running a local setup using Debian Etch 4.0, Apache 2.2, PHP 5.2.0 (suPHP+Suhosin) - all are the default Debian Packages, as my development system. The problem I'm having is that all files created by PHP Skript are only chmoded to 600, so only the user who created them has read access and the Apache user can't access and deliver them. I think this might have something to do with Suhosin. The files created are fine on all the system where I host my files (webhosting accounts). I've already tried to find out by searching around the web and looking at my config files, but can't come up with the cause. Does anyone have an idea? Thanks, Jan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: chmod 670
On Tue, Nov 13, 2007 at 01:25:35PM -0300, Patricio Rojo wrote: - If you try 'ls', then its contents are shown Yes, because you have read permission. - If you try 'cd' to it, you get permission denied. Yes, because you do not have search (x) permission. - If you try 'ls -l', you get many interrogation signs (?) instead of the properties of the file. Yes, because you do not have search (x) permission, so ls can not get the requested information, but it still has to display _something_. - If the user is changed to someone other than you, but the group remains the same, then you get full access. Yes, because group permission bits are used only if you are _not_ the owner of the file. Anyways, getting many '' is very awkward. No, specifying rw- rights for a directory what is awkward. You get what you've asked for. Gabor -- - MTA SZTAKI Computer and Automation Research Institute Hungarian Academy of Sciences - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: chmod 670
On Wed, Nov 14, 2007 at 02:08:12PM +1100, Owen Townend wrote: On Tue, 2007-11-13 at 12:49 -0800, Andrew Sackville-West wrote: . can you provide the exact output from ls -l? Usually, ??? indicates some kind of filesystem damage. . I'm running Ubuntu 7.10 and was able to reproduce the behaviour. Also got the same result on my Etch box. yeah, I was wrong. Others have provided good explanations in this thread. A signature.asc Description: Digital signature
chmod 670
Hi, I don't know whether this is a bug or it is expected behavior. If this is a bug I would appreciate someone telling me who to report it to:D... I recently noticed that strange things happen if you do 'chmod 670' on a directory that you own, and whose group is set to one you belong. - If you try 'ls', then its contents are shown - If you try 'cd' to it, you get permission denied. - If you try 'ls -l', you get many interrogation signs (?) instead of the properties of the file. - If the user is changed to someone other than you, but the group remains the same, then you get full access. Since the permissions are set to full access to the group, and I'm part of that group, shouldn't I get full access to the directory? Anyways, getting many '' is very awkward. Thank you very much! Patricio -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: chmod 670
On Tue, 2007-11-13 at 13:25 -0300, Patricio Rojo wrote: Hi, I don't know whether this is a bug or it is expected behavior. If this is a bug I would appreciate someone telling me who to report it to:D... I recently noticed that strange things happen if you do 'chmod 670' on a directory that you own, and whose group is set to one you belong. - If you try 'ls', then its contents are shown - If you try 'cd' to it, you get permission denied. - If you try 'ls -l', you get many interrogation signs (?) instead of the properties of the file. - If the user is changed to someone other than you, but the group remains the same, then you get full access. Since the permissions are set to full access to the group, and I'm part of that group, shouldn't I get full access to the directory? Anyways, getting many '' is very awkward. Thank you very much! Patricio Hey, It's my understanding that it is a linear check for permission. UID, then GID, then world permissions stopping at a match rather than aggregating the three. This would explain the behaviour. cheers, Owen. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: chmod 670
On Wed, Nov 14, 2007 at 07:22:45AM +1100, Owen Townend wrote: On Tue, 2007-11-13 at 13:25 -0300, Patricio Rojo wrote: Hi, I don't know whether this is a bug or it is expected behavior. If this is a bug I would appreciate someone telling me who to report it to:D... I recently noticed that strange things happen if you do 'chmod 670' on a directory that you own, and whose group is set to one you belong. - If you try 'ls', then its contents are shown - If you try 'cd' to it, you get permission denied. - If you try 'ls -l', you get many interrogation signs (?) instead of the properties of the file. can you provide the exact output from ls -l? Usually, ??? indicates some kind of filesystem damage. A signature.asc Description: Digital signature
Re: chmod 670
Patricio Rojo wrote: Hi, I don't know whether this is a bug or it is expected behavior. If this is a bug I would appreciate someone telling me who to report it to:D... I recently noticed that strange things happen if you do 'chmod 670' on a directory that you own, and whose group is set to one you belong. - If you try 'ls', then its contents are shown - If you try 'cd' to it, you get permission denied. - If you try 'ls -l', you get many interrogation signs (?) instead of the properties of the file. - If the user is changed to someone other than you, but the group remains the same, then you get full access. Since the permissions are set to full access to the group, and I'm part of that group, shouldn't I get full access to the directory? Anyways, getting many '' is very awkward. Is there some reason why you would chmod 670 and not chmod 770? -- Raj Kiran Grandhi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: chmod 670
On Tue, 2007-11-13 at 12:49 -0800, Andrew Sackville-West wrote: On Wed, Nov 14, 2007 at 07:22:45AM +1100, Owen Townend wrote: On Tue, 2007-11-13 at 13:25 -0300, Patricio Rojo wrote: Hi, I don't know whether this is a bug or it is expected behavior. If this is a bug I would appreciate someone telling me who to report it to:D... I recently noticed that strange things happen if you do 'chmod 670' on a directory that you own, and whose group is set to one you belong. - If you try 'ls', then its contents are shown - If you try 'cd' to it, you get permission denied. - If you try 'ls -l', you get many interrogation signs (?) instead of the properties of the file. can you provide the exact output from ls -l? Usually, ??? indicates some kind of filesystem damage. A Hey, I'm running Ubuntu 7.10 and was able to reproduce the behaviour. Also got the same result on my Etch box. [EMAIL PROTECTED]:~/TMP$ mkdir one; touch one/a one/b one/c; [EMAIL PROTECTED]:~/TMP$ ls -l total 8 drwxr-xr-x 3 owen owen 4096 2007-09-02 00:29 one [EMAIL PROTECTED]:~/TMP$ ls -l one total 4 -rw-r--r-- 1 owen owen0 2007-09-02 00:29 a -rw-r--r-- 1 owen owen0 2007-09-02 00:29 b -rw-r--r-- 1 owen owen0 2007-09-02 00:29 c [EMAIL PROTECTED]:~/TMP$ chmod 670 one [EMAIL PROTECTED]:~/TMP$ ls -l one total 0 ?- ? ? ? ?? one/a ?- ? ? ? ?? one/b ?- ? ? ? ?? one/c [EMAIL PROTECTED]:~/TMP$ ls -l total 8 drw-rwx--- 3 owen owen 4096 2007-09-02 00:29 one [EMAIL PROTECTED]:~/TMP$ uname -a Linux mattimeo 2.6.22-14-generic #1 SMP Sun Oct 14 23:05:12 GMT 2007 i686 GNU/Linux For kicks I booted a FreeBSD 6.2 VM and the behaviour was similar: $ ls -l one ls: a: Permission denied ls: b: Permission denied ls: c: Permission denied total 0 cheers, Owen. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: chmod 670
Owen Townend [EMAIL PROTECTED]: On Tue, 2007-11-13 at 13:25 -0300, Patricio Rojo wrote: I recently noticed that strange things happen if you do 'chmod 670' on a directory that you own, and whose group is set to one you belong. - If you try 'ls', then its contents are shown - If you try 'cd' to it, you get permission denied. You need execute permission on a dir to do anything to it. Without it, you can still access files in it if you know the files' names. - If you try 'ls -l', you get many interrogation signs (?) instead of the properties of the file. - If the user is changed to someone other than you, but the group remains the same, then you get full access. Since the permissions are set to full access to the group, and I'm part of that group, shouldn't I get full access to the directory? Anyways, getting many '' is very awkward. It's my understanding that it is a linear check for permission. UID, Agreed. User (ugo) doesn't have x, fail. then GID, then world permissions stopping at a match rather than aggregating the three. This would explain the behaviour. -- Any technology distinguishable from magic is insufficiently advanced. (*)http://blinkynet.net/comp/uip5.html Linux Counter #80292 - -http://www.faqs.org/rfcs/rfc1855.htmlPlease, don't Cc: me. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: chmod 670
Raj Kiran Grandhi [EMAIL PROTECTED]: Is there some reason why you would chmod 670 and not chmod 770? To cause filesystem breakage? :-) It's not a bright thing to do. Users do a lot of not bright things. We should know what's going to happen when they do this. It's interesting phenomena, so far, apparently repeatable by others. I await further reports. -- Any technology distinguishable from magic is insufficiently advanced. (*)http://blinkynet.net/comp/uip5.html Linux Counter #80292 - -http://www.faqs.org/rfcs/rfc1855.htmlPlease, don't Cc: me. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How to chmod files in my web server
Thank Wei Chen, you solved all my doubts. I am using Drupal as CMS, it is great. I recommend you to use it. So long, and thanks very much Jordi R Cardona -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How to chmod files in my web server
Just one last question Wei Chen: And the files inside that folders are ok chmoded that way? Jordi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How to chmod files in my web server
On 19 Mar 2007 04:18:27 -0700, Jordi [EMAIL PROTECTED] wrote: Just one last question Wei Chen: And the files inside that folders are ok chmoded that way? Thanks for your recommendation. Yes. All files can be set 644 and all directories can be set 755 except that the upload directory should be set 777. I guess the permissions for most of them should have already been set up correctly when they are extracted from the package. BTW, drupal is included in sarge and sid. You may simply install the debian package and have nothing to worry about if you are using either of them. -- Cheers, Wei http://www.acplex.com/people/wchen/
Re: How to chmod files in my web server
Thanks Wei Chen!! Jordi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
How to chmod files in my web server
Hello I have a web server in my PC. I need to chmod the files correctly so I don't have a security risk. I am using a CMS for the website. I have full access to my pc, as it is in my house, and I can manipulate it through keyboard, so I have no problem to change the chmod to the most restrictive ones. I have these: 1) The config file, wich I chmod 444. This way is readable for all, but can't be executed or writen. What does this mean? People can read the password and user and other data there? Should I chmod that to 400 ? So no one, except me, can read it? 2) The folders that users need to write to. For example where they upload the images or files that are public. I should chmod them to 777. Is this right? 3) The rest of the website folders. I think they are well chmod 755. This means I can write, and the other can open or execute. I think this is not a good setup. Maybe, I can do a more restrictive setup that permits all people look the website, use it. Remember, I have those 3 pieces: the config, the users folders and the rest. Are those chmod ok? Should I do a different chmod for files and folders? How? Thanks Jordi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How to chmod files in my web server
On 18 Mar 2007 09:16:35 -0700, Jordi [EMAIL PROTECTED] wrote: Hello I have a web server in my PC. I need to chmod the files correctly so I don't have a security risk. I am using a CMS for the website. I have full access to my pc, as it is in my house, and I can manipulate it through keyboard, so I have no problem to change the chmod to the most restrictive ones. I have these: 1) The config file, wich I chmod 444. This way is readable for all, but can't be executed or writen. What does this mean? People can read the password and user and other data there? Should I chmod that to 400 ? So no one, except me, can read it? Usually the Web server is others if porperly set up, so its accessibility to the files that are owned by you is controlled by the third digest. So the permission of the config file should be set to 444 (or 644) if it is to be read by the Web server. The password should be in the script. It will be read and parsed by the interpreter so the Web users cannot see it if the CMS is properly written. 2) The folders that users need to write to. For example where they upload the images or files that are public. I should chmod them to 777. Is this right? Right. The third digest should be 7 so that the Web server can write to it. 3) The rest of the website folders. I think they are well chmod 755. This means I can write, and the other can open or execute. I think 755 is all right. The execute bit for a directory means the permission of going into the directory. I think this is not a good setup. Maybe, I can do a more restrictive setup that permits all people look the website, use it. Remember, I have those 3 pieces: the config, the users folders and the rest. Are those chmod ok? Should I do a different chmod for files and folders? How? Thanks Jordi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Cheers, Wei http://www.acplex.com/people/wchen/
Re: How to chmod files in my web server
Hi Wei Chen, Thanks for that excelent info. I think 755 is all right. The execute bit for a directory means the permission of going into the directory. And what about setting the files to chmod 744 ? That way will be better? Or not? Jordi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How to chmod files in my web server
On 18 Mar 2007 13:24:54 -0700, Jordi [EMAIL PROTECTED] wrote: Hi Wei Chen, Thanks for that excelent info. I think 755 is all right. The execute bit for a directory means the permission of going into the directory. And what about setting the files to chmod 744 ? That way will be better? Or not? Hi, directories should be set to 755 as I said. For files, if your CMS is written in for example PHP, then the execute bit is not needed since the script is interpreted by the php interpreter, not directly executed by the OS, so the files can be set 644. If the CMS runs as CGI using Perl or C programs for example, then they should be set 755. Jordi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Cheers, Wei http://www.acplex.com/people/wchen/
Re: setuid(UID) and chmod 4550 misbehaving
Hi: I know it's already pretty late to try to provide some hints on this issue, but didn't like to miss the chance in case some other people might hit same issue in the future. Provided plugin for Squirrelmail + Cyrus + SASL uses, as per code, a call to saslpasswd2 binary. In fact, it's writing a Berkely DB file, usually /etc/sasldb2. Depending upon your configuration, by default: XXX:/var/log/httpd # ls -l /etc/sasldb2 -rw-r--r-- 1 root root 45056 Oct 20 20:00 /etc/sasldb2 Well, with such permissons and ownership, cyrus will not be able to run saslpasswd2 successfully. cyrus user belongs in default installations to group mail, as well as root, but notice root:root assign! This causes saslpasswd2 to fail. Try then: XXX:/var/log/httpd # ls -l /etc/sasldb2 -rw-rw-r-- 1 root mail 45056 Oct 20 20:00 /etc/sasldb2 This has worked for me. But: [EMAIL PROTECTED]:/XXX_DIR ./chgsaslpasswd -p foo oof chgsaslpasswd: generic failure It makes sense, right? XXX:/XXX # usermod -G 12 wwwrun XXX:/XXX # su wwwrun [EMAIL PROTECTED]:/XXX id uid=30(wwwrun) gid=8(www) groups=8(www),12(mail) [EMAIL PROTECTED]:/XXX ./chgsaslpasswd -p foo oof , and it works! At least for me. Of course, it implies a risk for your system security. You could use sudo to try to reduce the impact. Hope this might help anyone else. P.D.: As a matter of fact, wwwrun's shell is set to /bin/false by default. Had to temporarily to runnable shell.
Re: setuid(UID) and chmod 4550 misbehaving
On Fri, Oct 20, 2006 at 08:25:03PM +0200, Eugenio Jordán González wrote: Hi: I know it's already pretty late to try to provide some hints on this issue, but didn't like to miss the chance in case some other people might hit same issue in the future. Provided plugin for Squirrelmail + Cyrus + SASL uses, as per code, a call to saslpasswd2 binary. In fact, it's writing a Berkely DB file, usually /etc/ sasldb2. Depending upon your configuration, by default: XXX:/var/log/httpd # ls -l /etc/sasldb2 -rw-r--r-- 1 root root 45056 Oct 20 20:00 /etc/sasldb2 Well, with such permissons and ownership, cyrus will not be able to run saslpasswd2 successfully. cyrus user belongs in default installations to group mail, as well as root, but notice root:root assign! This causes saslpasswd2 to fail. Try then: XXX:/var/log/httpd # ls -l /etc/sasldb2 -rw-rw-r-- 1 root mail 45056 Oct 20 20:00 /etc/sasldb2 This has worked for me. But: [EMAIL PROTECTED]:/XXX_DIR ./chgsaslpasswd -p foo oof chgsaslpasswd: generic failure It makes sense, right? XXX:/XXX # usermod -G 12 wwwrun XXX:/XXX # su wwwrun [EMAIL PROTECTED]:/XXX id uid=30(wwwrun) gid=8(www) groups=8(www),12(mail) [EMAIL PROTECTED]:/XXX ./chgsaslpasswd -p foo oof , and it works! At least for me. Of course, it implies a risk for your system security. You could use sudo to try to reduce the impact. Hope this might help anyone else. P.D.: As a matter of fact, wwwrun's shell is set to /bin/false by default. Had to temporarily to runnable shell. Hi Eugenio, Have you filed this information and fix as a bug report against sasl and/or squirrelmain, because this would appear to be very important and valueable info for the maintiners! cheers, Kev -- | .''`. == Debian GNU/Linux == | my web site: | | : :' : The Universal | debian.home.pipeline.com | | `. `' Operating System| go to counter.li.org and | | `-http://www.debian.org/ |be counted! #238656 | | my keysever: pgp.mit.edu | my NPO: cfsg.org | signature.asc Description: Digital signature
Re: setuid(UID) and chmod 4550 misbehaving
On Fri, Oct 20, 2006 at 11:38:12PM -0400, Kevin Mark wrote: On Fri, Oct 20, 2006 at 08:25:03PM +0200, Eugenio Jordán González wrote: Hi: I know it's already pretty late to try to provide some hints on this issue, but didn't like to miss the chance in case some other people might hit same issue in the future. Provided plugin for Squirrelmail + Cyrus + SASL uses, as per code, a call to saslpasswd2 binary. In fact, it's writing a Berkely DB file, usually /etc/ sasldb2. Depending upon your configuration, by default: XXX:/var/log/httpd # ls -l /etc/sasldb2 -rw-r--r-- 1 root root 45056 Oct 20 20:00 /etc/sasldb2 Well, with such permissons and ownership, cyrus will not be able to run saslpasswd2 successfully. cyrus user belongs in default installations to group mail, as well as root, but notice root:root assign! This causes saslpasswd2 to fail. Try then: XXX:/var/log/httpd # ls -l /etc/sasldb2 -rw-rw-r-- 1 root mail 45056 Oct 20 20:00 /etc/sasldb2 This has worked for me. But: [EMAIL PROTECTED]:/XXX_DIR ./chgsaslpasswd -p foo oof chgsaslpasswd: generic failure It makes sense, right? XXX:/XXX # usermod -G 12 wwwrun XXX:/XXX # su wwwrun [EMAIL PROTECTED]:/XXX id uid=30(wwwrun) gid=8(www) groups=8(www),12(mail) [EMAIL PROTECTED]:/XXX ./chgsaslpasswd -p foo oof , and it works! At least for me. Of course, it implies a risk for your system security. You could use sudo to try to reduce the impact. Hope this might help anyone else. P.D.: As a matter of fact, wwwrun's shell is set to /bin/false by default. Had to temporarily to runnable shell. Hi Eugenio, Have you filed this information and fix as a bug report against sasl and/or squirrelmain, because this would appear to be very important and valueable info for the maintiners! Hmm. I am part of the cyrus-sasl maintenance team and we are desperately trying to get away from the current packages since they have essentially been unmaintained for over two years. We just uploaded the new 2.1.22 packages to experimental about 24 hours ago. Anyhow, on my system, /etc/sasldb2 has mode 660 and ownership root:sasl. Though, I don't use cyrus for mail anymore since having switched to courier. Anyhow, I seem to recall that cyrus was in group sasl or you had to add to it manually since it was a security risk. Out of curiousity, what/who is user wwwrun and where did it come from? Regards, -Roberto -- Roberto C. Sanchez http://people.connexer.com/~roberto http://www.connexer.com signature.asc Description: Digital signature
Re: setuid(UID) and chmod 4550 misbehaving
On Fri, Oct 20, 2006 at 11:51:03PM -0400, Roberto C. Sanchez wrote: snip Hmm. I am part of the cyrus-sasl maintenance team and we are desperately trying to get away from the current packages since they have essentially been unmaintained for over two years. We just uploaded the But would I be correct in saying that they are going into Etch? new 2.1.22 packages to experimental about 24 hours ago. Anyhow, on my And would I be correct in saying that these are not going to be in Etch? system, /etc/sasldb2 has mode 660 and ownership root:sasl. Though, I don't use cyrus for mail anymore since having switched to courier. So YOUR version, not his appears to be working. Would it make sense/possible to 'backport' it, if the older version is bound for etch? Anyhow, I seem to recall that cyrus was in group sasl or you had to add to it manually since it was a security risk. Out of curiousity, what/who is user wwwrun and where did it come from? I have never seen 'wwwrun' but then I dont use cyrus. My message was just ment to get a bug reported, if that would help improve the old version. cheers, Kev -- | .''`. == Debian GNU/Linux == | my web site: | | : :' : The Universal | debian.home.pipeline.com | | `. `' Operating System| go to counter.li.org and | | `-http://www.debian.org/ |be counted! #238656 | | my keysever: pgp.mit.edu | my NPO: cfsg.org | signature.asc Description: Digital signature
Re: setuid(UID) and chmod 4550 misbehaving
On Sat, Oct 21, 2006 at 12:22:47AM -0400, Kevin Mark wrote: On Fri, Oct 20, 2006 at 11:51:03PM -0400, Roberto C. Sanchez wrote: snip Hmm. I am part of the cyrus-sasl maintenance team and we are desperately trying to get away from the current packages since they have essentially been unmaintained for over two years. We just uploaded the But would I be correct in saying that they are going into Etch? new 2.1.22 packages to experimental about 24 hours ago. Anyhow, on my And would I be correct in saying that these are not going to be in Etch? Hopefully the new version will go into Etch. Once we pass NEW processing, then we need the openldap maintainers to upload into experimental to build against the new cyrus-sasl and then we can re-upload to experimental to rebuild against the new openldap. Once that is done, we can upload to Sid. Assuming this happens relatively quickly, we may make into Etch. system, /etc/sasldb2 has mode 660 and ownership root:sasl. Though, I don't use cyrus for mail anymore since having switched to courier. So YOUR version, not his appears to be working. Would it make sense/possible to 'backport' it, if the older version is bound for etch? The version I am using on that particular machine is the version from Sarge. Though, I don't recall if that sasldb2 was created with the Sarge or the Woody version before I upgraded. If the new version does not make it into Etch, though, we will certainly backport. Anyhow, I seem to recall that cyrus was in group sasl or you had to add to it manually since it was a security risk. Out of curiousity, what/who is user wwwrun and where did it come from? I have never seen 'wwwrun' but then I dont use cyrus. My message was just ment to get a bug reported, if that would help improve the old version. Even when I had cyrus installed, I don't recall seeing wwwrun. I think that part of the problem may be that squirrelmail, by virtue of being web based, runs as the webserver user (usually www-data on Debian systems). I'm not sure what else to tell you. Regards, -Roberto -- Roberto C. Sanchez http://people.connexer.com/~roberto http://www.connexer.com signature.asc Description: Digital signature
Re: [OT] Executar CHMOD via gFTP
Olá, Muito provavelmente alguém fez alterações na configuração do servidor FTP não permitindo que você altere a permissões dos arquivos. Procure o administrador desse servidor e pergunte a ele se ele não modificou algo. Até mais, Paulo Estrela - Original Message - From: Marcelo Luiz de Laia [EMAIL PROTECTED] To: debian-user-portuguese@lists.debian.org Sent: Wednesday, August 16, 2006 11:07 AM Subject: [OT] Executar CHMOD via gFTP Pessoal, Estamos ajustando um servidor web em um freeBSD com essas configuracoes: FreeBSD 6.1-RC FreeBSD 6.1-RC #0 Apache/2.0.55 (FreeBSD) PHP/5.1.2 Eu estou acessando esse server via meu Debian Testing com gFTP 2.0.18 Ontem eu estava conseguindo mudar as permissoes dos arquivos dentro da pasta root do site por meio do gFTP. Mas, hoje, quando loguei la, nao consegui mais. Da erro: SITE CHMOD 777 phpinfo.php 550 phpinfo.php: Permission denied Alguem teria alguma sugestao sobre o assunto? O que eu teria feito no meu gFTP para que isso tornasse impossivel de realizar? Ou seria algo no servidor freeBSD? Obrigado -- Marcelo Luiz de Laia Ph.D Candidate São Paulo State University (http://www.unesp.br/eng/) School of Agricultural and Veterinary Sciences Department of Technology Via de Acesso Prof.Paulo Donato Castellane s/n 14884-900 Jaboticabal - SP - Brazil Fone: +55-016-3209-2675 Cell: +55-016-97098526 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [OT] Executar CHMOD via gFTP
Paulo Estrela - UNIFACS wrote: Olá, Muito provavelmente alguém fez alterações na configuração do servidor FTP não permitindo que você altere a permissões dos arquivos. Procure o administrador desse servidor e pergunte a ele se ele não modificou algo. Ola Paulo e demais, Com relacao a seguranca do servidor isso interfere em alguma coisa grave? Ou seja, eu preciso de argumentos para tentar alterar isso, caso seja realmente isso (alteracao pelo administrador) que tenha acontecido. Obrigado -- Marcelo Luiz de Laia Ph.D Candidate São Paulo State University (http://www.unesp.br/eng/) School of Agricultural and Veterinary Sciences Department of Technology Via de Acesso Prof.Paulo Donato Castellane s/n 14884-900 Jaboticabal - SP - Brazil Fone: +55-016-3209-2675 Cell: +55-016-97098526 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
[OT] Executar CHMOD via gFTP
Pessoal, Estamos ajustando um servidor web em um freeBSD com essas configuracoes: FreeBSD 6.1-RC FreeBSD 6.1-RC #0 Apache/2.0.55 (FreeBSD) PHP/5.1.2 Eu estou acessando esse server via meu Debian Testing com gFTP 2.0.18 Ontem eu estava conseguindo mudar as permissoes dos arquivos dentro da pasta root do site por meio do gFTP. Mas, hoje, quando loguei la, nao consegui mais. Da erro: SITE CHMOD 777 phpinfo.php 550 phpinfo.php: Permission denied Alguem teria alguma sugestao sobre o assunto? O que eu teria feito no meu gFTP para que isso tornasse impossivel de realizar? Ou seria algo no servidor freeBSD? Obrigado -- Marcelo Luiz de Laia Ph.D Candidate São Paulo State University (http://www.unesp.br/eng/) School of Agricultural and Veterinary Sciences Department of Technology Via de Acesso Prof.Paulo Donato Castellane s/n 14884-900 Jaboticabal - SP - Brazil Fone: +55-016-3209-2675 Cell: +55-016-97098526 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
[Off] chmod recursivo em arquivos e diretórios
Pessoal, Tenho uma partição com 24G de arquivos em vários diretórios que está a maior bagunça em relação a permissões de acesso. Gostaria de dar um chmod 755 para todos os diretórios/subdirs e chmod 644 para todos os arquivos, mas não tenho idéia de como fazer. -- Fabio. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
