If I run fuser -n tcp 80 on ubuntu 14.0.4 which is running in a docker image, I get:
Cannot stat file /proc/25/fd/0: Permission denied
Cannot stat file /proc/25/fd/1: Permission denied
Cannot stat file /proc/25/fd/2: Permission denied
Cannot stat file /proc/25/fd/3: Permission denied
Cannot stat file /proc/25/fd/4: Permission denied
Cannot stat file /proc/25/fd/5: Permission denied
etc.
80/tcp: 24
If I run whoami it returns root.
Why can I not run this command?
That should be because of AppArmor.
It is a Linux Security Module implementation of name-based access controls. AppArmor confines individual programs to a set of listed files and posix 1003.1e draft capabilities.
You can see various workarounds in issue 7276 or issue 6800.
docker run -itd --cap-add=SYS_PTRACE --security-opt=apparmor:unconfined mytomcat7image
Related
I wonder how one investigates the cause of denied access in a case like that:
uid=0(root) gid=0(root) groups=0(root)
root#host:/tmp# chown root .mount_app
chown: cannot access '.mount_app': Permission denied
root#host:/tmp# ls -la .mount_flameshot
ls: cannot access '.mount_app': Permission denied
root#host:/tmp# stat -c "%U" .mount_app
stat: cannot stat '.mount_app': Permission denied
Addiotional Info:
In this specific case the file is somehow related to snap.
I run a WordPress site on AWS EC2 with Litespeed.
When I log in via FTP I cannot delete anything, neither plugin nor theme files. FileZilla shows a rm /path/to/file permission denied error:
These are due to permissions issue, as you are trying to delete the files while loggged in from user that is not the owner of those files.That www-data is server user, ask your server provider to remove those files or change the owner of files.
For this issue, you need to change the owner of the files.
This command will work for you
sudo chown -R www-data:www-data /var/www/html
Run this command from your ssh and try again.
Regards
Trying to install JFrog Xray on a CentOS machine, using the Docker installer.
I've created a /opt/xray directory, where I've downloaded the install file into.
Then ran chmod +x xray on this file.
When I try to install using sudo "./xray install", I get the following output:
[root#xray xray]# sudo ./xray install
INFO: Using XRAY_MOUNT_ROOT=/root/.jfrog/xray
Verifying Xray prerequisites ...
WARNING: Running with 3GB Total RAM
WARNING: Running with 1 CPU Cores
The System resources are not aligned with Xray minimal prerequisites, Do you want to proceed with the process? [Y
touch: cannot touch '/data/installer.info': Permission denied
Are you adding this node to an existing cluster? (not relevant for the first cluster node) [Y/n]: n
mkdir: cannot create directory '/xray_global_mount_root/xray': Permission denied
./wrapper.sh: line 583: /xray_global_mount_root/xray/ha/ha-node.properties: No such file or directory
./wrapper.sh: line 586: /data/installer.info: Permission denied
./wrapper.sh: line 589: /data/installer.info: Permission denied
./wrapper.sh: line 592: /data/installer.info: Permission denied
ERROR: Installation failed
Any ideas what may be causing this?
I had a similar issue on RHEL and it was selinux getting in the way. To fix it, change the following line in the xray script: -
XRAY_VOLUMES="-v ${XRAY_MOUNT_ROOT}/xray-installer:/data -v ${XRAY_MOUNT_ROOT}:/xray_global_mount_root"
To this: -
XRAY_VOLUMES="-v ${XRAY_MOUNT_ROOT}/xray-installer:/data:z -v ${XRAY_MOUNT_ROOT}:/xray_global_mount_root:z"
(basically adding :z to each volume).
This makes sure the folder is labelled to be used by multiple containers in selinux.
Im using codeship for deployment and it provides a way to access the build machine with ssh:
ssh rof#1.2.3.4 -p 65503
This works fine and I get into the machine. Now I want to copy a file from the remote machine to my local machine. Im trying:
sudo scp -p 65503 -v -i ~/.ssh/id_rsa rof#1.2.3.4:~/home/rof/cache/app.js /
And I get a whole host of errors:
cp: 65503: No such file or directory
cp: -v: No such file or directory
cp: -i: No such file or directory
rof#23.20.112.101: Permission denied (publickey).
I dont know why it's saying No such file or directory for each argument.
id_rsa exists and is in ~/.ssh/ directory.
The Permission Denied error appears to be a separate issue.
Any ideas?
The first problem I see from looking at the documentation:
man scp:
-P port
Specifies the port to connect to on the remote host. Note that
this option is written with a capital āPā, because -p is
already reserved for preserving the times and modes of the
file.
-p Preserves modification times, access times, and modes from the
original file.
So scp -p is taken to mean "copy while preserving timestamps" and 65503 is the name of (one of the) source file(s).
Try scp -P 65503 instead.
I have a single "partition" ZFS pool mounted to a directory inside /jails/www/usr/local/www/stuff (that is served by nginx) and from inside that jail I have chown'd that directory to a particular user. I have rsync periodically updating that directory from a remote server. Files are syncing fine, however there is a persistent error:
rsync: failed to set times on "/usr/local/www/stuff/file": Operation not permitted
What am I missing here?
Wasn't aware that chown doesn't touch symlinks themselves by default. Doing chown -hR /usr/local/www/stuff solved it.