I have few data sets whose write access needs to be transferred to another user.I am aware about chmod command, but if i am using that then i am giving write permission to all other users. I just want file owner write access be transferred or be given to another single user.
Instead of CHMOD, use CHOWN:
chown command changes the user and/or group ownership of for given file. The syntax is:
chown owner-user file
chown owner-user:owner-group file
chown owner-user:owner-group directory
chown options owner-user:owner-group file
Source: http://www.cyberciti.biz/faq/how-to-use-chmod-and-chown-command/
chmod allows you to grant file permissions to specific users via the use of Access Control Lists (ACLs). Without knowing more about your system it's difficult to advise on how to create one of these - e.g. Solaris is quite different from Linux in this regard.
Related
I'm trying to create files and directories and executing a script with a specific user instead of root user. How can I do that? I don't want to switch users from root user to another user; instead, I always want it to use a specific user, for example, wasadmin user.
Whenever I'm creating a new file or executing a script, this should be run as wasadmin user. Can you please help me with this?
It depends on how you create the file. As far as I know, it's not possible to do this when you use touch or echo, but depending on the way you create the file, there might be a possibility to add a user parameter.
In case this is not possible, you might use the chown command (change ownership), this command gives the possibility to modify the owner/group of an already created file (which obviously means that you can only do this after the file has already been created). I've been looking for an official chown reference, but I think that launching the command man chown can answer all questions you might have on this command.
Every time I upload my theme folder(WordPress) from my Mac OS to my hosting server(CPanel), I have lots of permission errors and I should fix the permissions again on our server.
Is there any way to fix permission on my Mac OS to be compatible with my server permissions (folders:775 & files:644 )?
A quick google search found this at macinstruct.
How to Modify Permissions with chmod
For total control over permissions, you can use two Unix commands - ls and chmod - to display permissions and modify them. Assume you want to find a folder’s current permissions and then change them to 755. This would give you as the owner read, write and execute permissions, and everyone else read and execute permissions.
Here’s how to find a folder’s current permissions and change them:
Open the Terminal application.
Once you direct yourself to where your files/folders are located...
Type ls –l, and then press Return. The symbolic permissions of the files and folders in your home directory are displayed, as shown below.
Type chmod 755 foldername, and then press Return. This changes the permissions of the folder to rwxr-xr-x.
When it comes to using the ls and chmod commands, practice makes perfect. Try modifying the permissions on a couple of sample files. If you need more help, use the man command to display the manual pages for these commands (e.g., man ls).
I have a user that I want to restrict to a certain number of files. Not a folder specific,but a given set of files (some .css, .js, etc). He can already log in using his private key but this is not yet working as he has full repo access to everything else. How exactly can I eliminate this global access and restrict only to certain files?
Use chown to set file owner and chmod to set file permission
example:
you want to restrict user2 to read write and execute the file script.js, but you want user1 to have full access on it. Then you have to execute this:
First set the file owner.
$ chown user1:user1 script.js
Then set the permission
$ chmod 700 script.js
This will restrict every other user from reading, writing and executing script.js except from user1 and users under the group of user1
If you already have a solution for specific folder use it for file type.Change the access mode of *.js or *.css.
I get this problem now and then, where I use an FTP account given to me by the host and use them in Wordpress FTP. But for some reason when updating themes for example, the new theme gets created under apache/apache and not user/psacln user name/group. So at that point I can't delete or do anything with those files as I am under psacln group.
I would like to find out more about why this may happen to avoid this problem - any suggestions are welcome!
Thanks in advance.
When you upload files via the wordpess admin page (like themes) the httpd process running as the apache user is actually creating them on your system--hence why they are owned by the apache user. I suggest this options to work around this:
Add yourself and apache to a new group called 'wordpress'
Use to change group ownership of your wordpress to the new group
Use set the sgid permission bit and the group write permission to all directories in the wordpress docroot.
The setting of the sgid bit will make all files added to a directory be the same group owner.
Assuming you've added yourself and apache to the same group, here's the linux commands to setup the directories to ensure files get created writable to all in the wordpress group:
chown -R :wordpress /path/to/wordpress/docroot/
chmod -R g+w /path/to/wordpress/docroot/
find /path/to/wordpress/docroot/ -type d -print | while read i; do SAVEIFS=$IFS; IFS=$(echo -en "\n\b");chmod g+s $i; IFS=$SAVEIFS; done
Additional thing that may be needed:
If you see apache creating files with group permissions without write, you may need to change the default umask for the apache user for creation of new files. By default it should be owner and group write allowed, but I know some accounts (like root user) have the default umask set to be group read only.
because apache's worker children run under apache's userid, and a "common user" on a unix system cannot make files be owned by some OTHER user. Only the root account can "give away" ownership.
Why? It'd be trivial for a normal user to make a file owned by root, or owned by another user. If a given system was running with user quotas, this would allow a user to completely subvert the quotas, or deny someone else access by "giving" them a bunch of huge files and exceeding that user's quota.
If you need access to those files, regardless of the unix ownership, you could look into using POSIX acls, which exist above/beyond the unix permissions.
I recently removed my ACL because my professor needed to copy certain files. Now I know I should have just granted his user permissions instead of removing it all using 'setfacl -b .' on my home directory.
So the question is how do I recover or set a new ACL to my home directory using setfacl/getfacl?
You can't 'recover' what you discarded in the way of ACLs. If you know what you had set previously, you can reinstate those remembered ACLs anew, carefully.
Basic Permissions
On a Unix system, the most important criteria for you are the group and other ones - they are not directly affected by ACLs, but they control the access not governed by ACLs, and you must get them right too. You need to decide what is appropriate in your environment. For many corporate settings, allowing group and others read access on files, execute on programs, and read and search (execute) on directories is appropriate:
chmod 644 file
chmod 755 program
chmod 755 directory
If you are not supposed to let other people borrow your course work, you would nail things down so that group and others are not allowed in at all:
chmod 600 file
chmod 700 program
chmod 700 directory
Or you can mix and match; allow flexibility and open access to your home directory, but restrict people underneath that. In some circumstances, you might allow group or other only execute permission on a directory (and only read on a file). Then other people cannot access the file unless they know its name, and they can only read the file, not modify it or the directory that holds it.
Don't forget to use an appropriate umask setting so files are created with the correct permissions by default. For many people, a umask of 022 is appropriate; neither group members nor others can write to the file or directory, but they can read files or execute programs.
Using ACLs
None of this requires ACLs. If you want to provide controlled access to certain groups or users and not to others, then you need to ensure you have the appropriate base-level permissions set, and you can then effectively add permissions for selected users or groups on the files or directories you choose.
The Solaris 10 man page for setfacl says that the command syntax is:
setfacl [-r] -s acl_entries file
setfacl [-r] -md acl_entries file
setfacl [-r] -f acl_file file
This does not mention the '-b' option mentioned in the question, so you may be using a different platform. Note that the ACL controls was going to be POSIX 1e, but was never actually standardized, so different platforms implement slightly different variants on the commands.
The Solaris 10 man page then goes on to explain how to set the 'acl_entries' part of the description, with a note that the default part can only be applied to a directory, but the default values will be used for files in the directory.
ACL Entry Description
u[ser]::perms File owner permissions.
g[roup]::perms File group owner permissions.
o[ther]:perms Permissions for users other than
the file owner or members of file
group owner.
m[ask]:perms The ACL mask. The mask entry indi-
cates the maximum permissions
allowed for users (other than the
owner) and for groups. The mask is
a quick way to change permissions
on all the users and groups.
u[ser]:uid:perms Permissions for a specific user.
For uid, you can specify either a
user name or a numeric UID.
g[roup]:gid:perms Permissions for a specific group.
For gid, you can specify either a
group name or a numeric GID.
d[efault]:u[ser]::perms Default file owner permissions.
d[efault]:g[roup]::perms Default file group owner permis-
sions.
d[efault]:o[ther]:perms Default permissions for users other
than the file owner or members of
the file group owner.
d[efault]:m[ask]:perms Default ACL mask.
d[efault]:u[ser]:uid:perms Default permissions for a specific
user. For uid, you can specify
either a user name or a numeric
UID.
d[efault]:g[roup]:gid:perms Default permissions for a specific
group. For gid, you can specify
either a group name or a numeric
GID.
You will need to decide who, apart from your professor, needs access to files. Maybe your lab partner does; maybe the teaching assistants do; maybe your whole year (but not the years below you - those above you probably already know what you know). But without any more information about your requirements for protection, no-one can help you more. And generally, it is easy to get the ACLs wrong - use sparingly, if at all, and use the standard Unix permissions as your main access control.
And next time, I suggest simply allowing your professor in by adding (not erasing) ACLs - or asking him where he wants you to copy the files to (putting the onus on him to sort out the permissions issues), or copying the files into a directory such as $HOME/tmp/prof.jones with 711 permission on the directory, 644 permissions on the files, and tell him which files are there for him to copy.