strange file-permission problem
Hello! I've encountered a problem, which went ahead most of the things I know about Unix file permissions: [EMAIL PROTECTED]:run/dovecot/login (10) ls -l ssl-parameters.dat -rw-r- 2 root dovecot 230 Apr 13 00:33 ssl-parameters.dat [EMAIL PROTECTED]:run/dovecot/login (11) groups dovecot [EMAIL PROTECTED]:run/dovecot/login (12) id uid=143(dovecot) gid=9005(dovecot) groups=9005(dovecot) [EMAIL PROTECTED]:run/dovecot/login (13) cat ssl-parameters.dat /dev/null cat: ssl-parameters.dat: Permission denied [EMAIL PROTECTED]:run/dovecot/login (14) ls -ld drwxr-x--- 2 root dovecot 512 Apr 15 14:44 . I had to set the mode of ssl-parameters.dat to 644 to allow dovecot-users to login, but it should not be needed -- the file should be readable by members of the group dovecot (such as user dovecot). And yet, when the user dovecot tried to open it, it got EPERM. Could somebody, please, explain? Thanks! -mi ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: strange file-permission problem
On Tuesday 15 April 2008 20:55:01 Mikhail Teterin wrote: I've encountered a problem, which went ahead most of the things I know about Unix file permissions: [EMAIL PROTECTED]:run/dovecot/login (10) ls -l ssl-parameters.dat -rw-r- 2 root dovecot 230 Apr 13 00:33 ssl-parameters.dat [EMAIL PROTECTED]:run/dovecot/login (11) groups dovecot [EMAIL PROTECTED]:run/dovecot/login (12) id uid=143(dovecot) gid=9005(dovecot) groups=9005(dovecot) [EMAIL PROTECTED]:run/dovecot/login (13) cat ssl-parameters.dat /dev/null cat: ssl-parameters.dat: Permission denied [EMAIL PROTECTED]:run/dovecot/login (14) ls -ld drwxr-x--- 2 root dovecot 512 Apr 15 14:44 . I had to set the mode of ssl-parameters.dat to 644 to allow dovecot-users to login, but it should not be needed -- the file should be readable by members of the group dovecot (such as user dovecot). Since the default GID for dovecot is 143, I suspect you have two dovecot groups. ls -ln should show you the numeric group id. -- Mel Problem with today's modular software: they start with the modules and never get to the software part. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: strange file-permission problem
вівторок 15 квітень 2008 03:55 по, Mel Ви написали: Since the default GID for dovecot is 143, I suspect you have two dovecot groups. ls -ln should show you the numeric group id. Yes, that was it. Thank you very much for the quick and accurate response! Yours, -mi ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: spamd permission problem
Beech Rintoul [EMAIL PROTECTED] writes: I've been getting the following on my mailserver. It started after an update: Feb 9 12:52:29 pinnacle spamd[89269]: spamd: could not create INET socket on 127.0.0.1:783: Permission denied Any ideas how to fix the permissions? Perhaps you have a stale script for starting it? I believe it's supposed to start as root and only drop to the spamd user after it has opened its sockets. Or maybe it's starting twice? You could check whether the port is already held... (using sockstat). Be well. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
spamd permission problem
I've been getting the following on my mailserver. It started after an update: Feb 9 12:52:29 pinnacle spamd[89269]: spamd: could not create INET socket on 127.0.0.1:783: Permission denied Any ideas how to fix the permissions? Beech -- --- Beech Rintoul - Sys. Administrator - [EMAIL PROTECTED] /\ ASCII Ribbon Campaign | Alaska Paradise Travel \ / - NO HTML/RTF in e-mail | 201 East 9Th Avenue Ste.310 X - NO Word docs in e-mail | Anchorage, AK 99501 / \ - Please visit Alaska Paradise - http://www.alaskaparadise.com --- pgpao34vV1Ufm.pgp Description: PGP signature
I've Created a Permission Problem which Baffles Me.
On this particular system, the /var and /var/tmp directories certainly look like they do on other FreeBSD systems that don't have this problem. Script started on Tue Sep 13 15:36:59 2005 bash-2.05b$ cd / bash-2.05b$ ls -ld var drwxr-xr-x 20 root wheel 512 Aug 31 14:44 var bash-2.05b$ ls -ld /var/tmp drwxrwxrwT 3 root wheel 512 Nov 11 2004 /var/tmp bash-2.05b$ cd /var bash-2.05b$ cd /var/tmp bash: cd: /var/tmp: Permission denied bash-2.05b$ exit exit Script done on Tue Sep 13 15:37:38 2005 For the life of me, everything looks like it should and like it does on other similar systems. I can even log in as me and cd to /var/tmp with no problem. If I su to the user ID whose shell the script was created in, however, /var/tmp is off limits which breaks vi. The userid in question is a normal UID and should have access to all the resources that any non-root user gets. Thank you for any help. Martin McCormick WB5AGZ Stillwater, OK OSU Information Technology Division Network Operations Group ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: I've Created a Permission Problem which Baffles Me.
Martin McCormick wrote: On this particular system, the /var and /var/tmp directories certainly look like they do on other FreeBSD systems that don't have this problem. Script started on Tue Sep 13 15:36:59 2005 bash-2.05b$ cd / bash-2.05b$ ls -ld var drwxr-xr-x 20 root wheel 512 Aug 31 14:44 var bash-2.05b$ ls -ld /var/tmp drwxrwxrwT 3 root wheel 512 Nov 11 2004 /var/tmp Looks to me like you've taken away x bit for other (otherwise the t would be lower case). x permission on directories allows you to search that directory. Try chmod o+x /var/tmp (as root). --Alex ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: I've Created a Permission Problem which Baffles Me.
Alex Zbyslaw writes: Looks to me like you've taken away x bit for other (otherwise the t would be lower case). x permission on directories allows you to search that directory. Try chmod o+x /var/tmp (as root). Thank you! I did and the T changed to t, fixing the permission problems. If I was teaching a UNIX class, that would be a good brain buster. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: apache permission problem please help
Ok as anyone reading this thread knows i have huge mess on hands. Have found that if i set the all the users dir to 701 chmod -R 701 home then go into each users home directory and set the the www directory to 751 cd /home/user chmod -R 751 www then change the group permissions of this folder to www chown -R :www www apache works again This is all great but what a pain there must be an easier way as i have many users and do not want to go through this process for all of them. This seems like a secure method i think or would the /usr/local/www/user with a symlink be more secure. I run a stock freebsd system and do not really what users poking around have heard about chrooting as an another option for this I am very confused need some guidance. side note I also have all my users in one directory and it is getting large would like to move some of them into new directories like maybe webclients and mailclients but i moved one and had to modify the permissions all over again and update the password database and oh what a nightmare will take me days. Nathan Kinkade wrote: On Tue, Aug 24, 2004 at 03:09:04PM -0600, RYAN vAN GINNEKEN wrote: SEE ERROR BELOW Was playing with permissions on my home dirs last night and changed everything to chmod 700 had some problem with users looking at and copying other users webpages. I have a directory in each users home dir named www where they keep there web files ie /usr/home/username/www so i guess when i changed everything to 700 apache was unable to use these files. Now i have tried the best i can to change everything back set to chmod to 655 and even tried moving a site to /usr/local/www/username in hope that apache could read it there but no luck what has happened please help. Wait now things have started to work, for the web site that i moved to /usr/local/www/username. There seems to be some lag after i make changes to the permissions and restart apache is this possible. I have a real mess on my hands now guess i will have to play with permissions and modes now to get all the sites backup. How do i set up home directories that are secure for each user ie other users on the system cannot read them but apache can. Should i move all web pages to the /usr/local/www dir. Also is there some way to automate this so that when i create a new user or modify a file things will work correctly. Have been using UNIX for many years finally got up the courage to play with modes and perms. Guess i shot myself in the foot like i have been warned about by many people and docs. snip A better approach would be to set each users home dir itself to 700 permissions, not necessarily all the files and directories in each users dir. Are you using a httpd.conf directive such as Directory /home/*/public_html to allow users to publish files from their home dir, or are you putting sym links in the web root? Nathan I am using the home directory no symlinks ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: apache permission problem please help
Apache (propably) runs as the 'www' user and group. So each file (and path) needs to be readable by - the www group OR the www users must be a member of the group of the diretory OR the world And each directory needs the 'x' access flag set. See the man pages for chmod, chown and chgrp for more details Example: drwxr-xr-x 10 dirkx staff512 Nov 12 2003 swad -rw-r--r-- 1 dirkx staff 711332 Sep 24 2003 tabellenWADI.pdf Can be seen by www (world readable and directory has x) drwxr-x-- 10 dirkx staff512 Nov 12 2003 swad -rw-r 1 dirkx staff 711332 Sep 24 2003 tabellenWADI.pdf Cannot be seen by www UNLESS www is a member of 'staff' (i.e. www is in the staff line in /etc/group). drwx 10 dirkx staff512 Nov 12 2003 swad -rw- 1 dirkx staff 711332 Sep 24 2003 tabellenWADI.pdf Can never be seen by the web server as it runs as 'www'. Note that the web server needs to traverse the entire path; so for a file ro dir /home/dirkx/public_html/index.html check: / /home /home/dirkx /home/dirkx/pulic_html for an x in world/other or the right group and the file /home/dirkx/public_html/index.html for read. If you want something different read the manual of apache, and in particular the SUID mode. See also the FAQ of apache. Dw. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
apache permission problem please help
SEE ERROR BELOW Was playing with permissions on my home dirs last night and changed everything to chmod 700 had some problem with users looking at and copying other users webpages. I have a directory in each users home dir named www where they keep there web files ie /usr/home/username/www so i guess when i changed everything to 700 apache was unable to use these files. Now i have tried the best i can to change everything back set to chmod to 655 and even tried moving a site to /usr/local/www/username in hope that apache could read it there but no luck what has happened please help. Wait now things have started to work, for the web site that i moved to /usr/local/www/username. There seems to be some lag after i make changes to the permissions and restart apache is this possible. I have a real mess on my hands now guess i will have to play with permissions and modes now to get all the sites backup. How do i set up home directories that are secure for each user ie other users on the system cannot read them but apache can. Should i move all web pages to the /usr/local/www dir. Also is there some way to automate this so that when i create a new user or modify a file things will work correctly. Have been using UNIX for many years finally got up the courage to play with modes and perms. Guess i shot myself in the foot like i have been warned about by many people and docs. PLEASE HELP Forbidden You don't have permission to access / on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. Apache/2.0.49 (Unix) PHP/4.3.5 mod_ssl/2.0.49 OpenSSL/0.9.7d Server at v2.computerking.ca Port 80 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
apache permission problem please help
SEE ERROR BELOW Was playing with permissions on my home dirs last night and changed everything to chmod 700 had some problem with users looking at and copying other users webpages. I have a directory in each users home dir named www where they keep there web files ie /usr/home/username/www so i guess when i changed everything to 700 apache was unable to use these files. Now i have tried the best i can to change everything back set to chmod to 655 and even tried moving a site to /usr/local/www/username in hope that apache could read it there but no luck what has happened please help. Wait now things have started to work, for the web site that i moved to /usr/local/www/username. There seems to be some lag after i make changes to the permissions and restart apache is this possible. I have a real mess on my hands now guess i will have to play with permissions and modes now to get all the sites backup. How do i set up home directories that are secure for each user ie other users on the system cannot read them but apache can. Should i move all web pages to the /usr/local/www dir. Also is there some way to automate this so that when i create a new user or modify a file things will work correctly. Have been using UNIX for many years finally got up the courage to play with modes and perms. Guess i shot myself in the foot like i have been warned about by many people and docs. PLEASE HELP Forbidden You don't have permission to access / on this server. Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. Apache/2.0.49 (Unix) PHP/4.3.5 mod_ssl/2.0.49 OpenSSL/0.9.7d Server at v2.computerking.ca Port 80 ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: apache permission problem please help
On Tue, Aug 24, 2004 at 03:09:04PM -0600, RYAN vAN GINNEKEN wrote: SEE ERROR BELOW Was playing with permissions on my home dirs last night and changed everything to chmod 700 had some problem with users looking at and copying other users webpages. I have a directory in each users home dir named www where they keep there web files ie /usr/home/username/www so i guess when i changed everything to 700 apache was unable to use these files. Now i have tried the best i can to change everything back set to chmod to 655 and even tried moving a site to /usr/local/www/username in hope that apache could read it there but no luck what has happened please help. Wait now things have started to work, for the web site that i moved to /usr/local/www/username. There seems to be some lag after i make changes to the permissions and restart apache is this possible. I have a real mess on my hands now guess i will have to play with permissions and modes now to get all the sites backup. How do i set up home directories that are secure for each user ie other users on the system cannot read them but apache can. Should i move all web pages to the /usr/local/www dir. Also is there some way to automate this so that when i create a new user or modify a file things will work correctly. Have been using UNIX for many years finally got up the courage to play with modes and perms. Guess i shot myself in the foot like i have been warned about by many people and docs. snip A better approach would be to set each users home dir itself to 700 permissions, not necessarily all the files and directories in each users dir. Are you using a httpd.conf directive such as Directory /home/*/public_html to allow users to publish files from their home dir, or are you putting sym links in the web root? Nathan -- PGP Public Key: pgp.mit.edu:11371/pks/lookup?op=getsearch=0xD8527E49 pgp8QHJ10Aiig.pgp Description: PGP signature
Re: Permission problem
The Prob is that your devices are rebuild by devfs at boot time. So set the following in file /etc/devfs.conf (create if necessary): perm fd0 0660 and your permissions will be kept after reboot. Frank Hi folks, FreeBSD 5.2 # chmod 660 /dev/fd0 then user can use floppy drive. But rebooting PC will cancel user's permission. Kindly advise how to create a permanent permission TIA B.R. Stephen Liu ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Permission problem
On Tuesday 16 March 2004 17:04, Frank Mueller wrote: The Prob is that your devices are rebuild by devfs at boot time. So set the following in file /etc/devfs.conf (create if necessary): perm fd0 0660 and your permissions will be kept after reboot. Hi Frank, Tks for your advice. Problem solved now. B.R. Stephen ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Permission problem
Hi folks, FreeBSD 5.2 # chmod 660 /dev/fd0 then user can use floppy drive. But rebooting PC will cancel user's permission. Kindly advise how to create a permanent permission TIA B.R. Stephen Liu ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
yet another sendmail permission problem
Well, I had been getting this error: Jul 23 14:02:18 juno sendmail[2386]: NOQUEUE: SYSERR(dsj): can not write to queue directory /var/spool/clientmqueue/ (RunAsGid=0, required=25): Permission denied until I recently copied the submit.mc file from /usr/src/contrib/yadayada to /etc/mail. Did a make submit.cf and restarted the sendmail daemon using make stop and make start I also double checked the permissions on various files and directories according to what I found in UPDATING and /etc/mail/README as well as in the archives. Now I've got an error I haven't seen before: Jul 23 14:46:29 juno sm-mta[2675]: g6NIkT53002675: SYSERR(root): collect: Cannot write ./dfg6NIkT53002675 (bfcommit, uid=0, gid=25): Permission denied I've done a locate sm-mta but can't find it (using several regex's). Also, $ for i in `locate collect|grep bin`; do ls -l $i done shows: -rw-r--r-- 1 root wheel 13436 Apr 27 22:42 /usr/obj/usr/src/usr.bin/mail/collect.o -rw-r--r-- 1 root wheel 14076 Apr 27 22:52 /usr/obj/usr/src/usr.sbin/sendmail/collect.o -rw-r--r-- 1 root wheel 16592 Mar 24 15:18 /usr/src/usr.bin/mail/collect.c None of these appears to have gid=25 or be in smmsp. Apr 27 was the last cvsup I did; before I do it again, I'd like to get this problem fixed. :-) Any ideas? -- David S. Jackson[EMAIL PROTECTED] =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= I'm not afraid of death -- I just don't want to be there when it happens. -- Woody Allen To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: yet another sendmail permission problem
On Tue, Jul 23, 2002 at 03:15:31PM -0400, David S. Jackson wrote: Well, I had been getting this error: Jul 23 14:02:18 juno sendmail[2386]: NOQUEUE: SYSERR(dsj): can not write to queue directory /var/spool/clientmqueue/ (RunAsGid=0, required=25): Permission denied until I recently copied the submit.mc file from /usr/src/contrib/yadayada to /etc/mail. Did a make submit.cf and restarted the sendmail daemon using make stop and make start I also double checked the permissions on various files and directories according to what I found in UPDATING and /etc/mail/README as well as in the archives. Now I've got an error I haven't seen before: Jul 23 14:46:29 juno sm-mta[2675]: g6NIkT53002675: SYSERR(root): collect: Cannot write ./dfg6NIkT53002675 (bfcommit, uid=0, gid=25): Permission denied I've done a locate sm-mta but can't find it (using several regex's). Also, $ for i in `locate collect|grep bin`; do ls -l $i done shows: -rw-r--r-- 1 root wheel 13436 Apr 27 22:42 /usr/obj/usr/src/usr.bin/mail/collect.o -rw-r--r-- 1 root wheel 14076 Apr 27 22:52 /usr/obj/usr/src/usr.sbin/sendmail/collect.o -rw-r--r-- 1 root wheel 16592 Mar 24 15:18 /usr/src/usr.bin/mail/collect.c None of these appears to have gid=25 or be in smmsp. Apr 27 was the last cvsup I did; before I do it again, I'd like to get this problem fixed. :-) Take a look at /var/spool/clientmqueue - the permissions should be 775, and the ownership should be root:smmsp. The sendmail binary is setgid, and the error you are seeing is because group smmsp does not have write access to that directory. # chown :smmsp /var/spool/clientmqueue # chmod g+w !$ and you should be set... You may need to do the same for /var/spool/mqueue. Dan -- Daniel Bye PGP Key: ftp://ftp.slightlystrange.org/pgpkey/dan.asc PGP Key fingerprint: 3D73 AF47 D448 C5CA 88B4 0DCF 849C 1C33 3C48 2CDC _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
