|
|
Sponsored Content
Operating Systems
Linux
Ubuntu
Help, I created a permissions disaster with chown
Post 302522884 by alterego55 on Tuesday 17th of May 2011 01:45:28 AM
05-17-2011
Help, I created a permissions disaster with chown
Ubuntu 10.04, Drupal 7.0
I created a Linux instance on Amazon AWS using a bitnami Linux image, and had a website up and running using Drupal. Coming from a Windows background I wanted to use a GUI to manage files because it is much faster for me, I got Gnome running on TightVNC by tunnelling through ssh. (It took me a day to find out that the PuTTY private key is in a different format than the key AWS downloads - just a warning that others might find useful.)
The files I need to update in the website folder are created as root root, and I can't drag and drop into those folders from Gnome. So, I had this great idea. I would change the ownership of the files to "me". Knowing the pitfalls of chown (and obviously not all of them) I copied the directory and all of its contents to another directory as a precaution. I spot-checked that directory to make sure the group and owner remained as root root. I thought I was safe and could easily put things back to normal.
Well, changing ownership to "me" broke the permissions and the site. When I renamed the "mysite.bak" folder back to the original name, "mysite" I still had permissions issues. Here are the commands I executed.
sudo cp -r mysite mysite.bak *** to save my original files/permissions
ls -l *** to make sure mysite.bak still had root root ownership, and it did
sudo chown -R site me *** to change ownership
Trying to access the site through http, I got a permissions error:
Warning: include_once(/opt/site/apps/drupal/htdocs/sites/default/settings.php) [function.include-once]: failed to open stream: Permission denied in drupal_settings_initialize() (line 554 of /opt/mysite/apps/drupal/htdocs/includes/bootstrap.inc).
Warning: include_once() [function.include]: Failed opening '/opt/mysite/apps/drupal/htdocs/sites/default/settings.php' for inclusion (include_path='.:/opt/site/php/lib/php') in drupal_settings_initialize() (line 554 of /opt/mysite/apps/drupal/htdocs/includes/bootstrap.inc).
Then, trying to revert back to last known good, I renamed mysite.bak to mysite.
sudo mv mysite mysite.bad *** because it didn't work
sudo mv mysite.bak mysite *** to restore to the original files/permissions
The site still didn't work, returning the same error. I have no clue what is happening here. Any help is greatly appreciated.
---------- Post updated at 10:45 PM ---------- Previous update was at 10:21 PM ----------
Ok, the settings.php file had permissions set as -rw-r-----
So I ran
sudo chmod o+r settings.php
Now I have problems accessing the mysql database:
PDOException: SQLSTATE[HY000] [2002] Can't connect to local MySQL server through socket '/opt/mysite/mysql/tmp/mysql.sock' (13) in lock_may_be_available() (line 165 of /opt/mysite/apps/drupal/htdocs/includes/lock.inc).
I created a Linux instance on Amazon AWS using a bitnami Linux image, and had a website up and running using Drupal. Coming from a Windows background I wanted to use a GUI to manage files because it is much faster for me, I got Gnome running on TightVNC by tunnelling through ssh. (It took me a day to find out that the PuTTY private key is in a different format than the key AWS downloads - just a warning that others might find useful.)
The files I need to update in the website folder are created as root root, and I can't drag and drop into those folders from Gnome. So, I had this great idea. I would change the ownership of the files to "me". Knowing the pitfalls of chown (and obviously not all of them) I copied the directory and all of its contents to another directory as a precaution. I spot-checked that directory to make sure the group and owner remained as root root. I thought I was safe and could easily put things back to normal.
Well, changing ownership to "me" broke the permissions and the site. When I renamed the "mysite.bak" folder back to the original name, "mysite" I still had permissions issues. Here are the commands I executed.
sudo cp -r mysite mysite.bak *** to save my original files/permissions
ls -l *** to make sure mysite.bak still had root root ownership, and it did
sudo chown -R site me *** to change ownership
Trying to access the site through http, I got a permissions error:
Warning: include_once(/opt/site/apps/drupal/htdocs/sites/default/settings.php) [function.include-once]: failed to open stream: Permission denied in drupal_settings_initialize() (line 554 of /opt/mysite/apps/drupal/htdocs/includes/bootstrap.inc).
Warning: include_once() [function.include]: Failed opening '/opt/mysite/apps/drupal/htdocs/sites/default/settings.php' for inclusion (include_path='.:/opt/site/php/lib/php') in drupal_settings_initialize() (line 554 of /opt/mysite/apps/drupal/htdocs/includes/bootstrap.inc).
Then, trying to revert back to last known good, I renamed mysite.bak to mysite.
sudo mv mysite mysite.bad *** because it didn't work
sudo mv mysite.bak mysite *** to restore to the original files/permissions
The site still didn't work, returning the same error. I have no clue what is happening here. Any help is greatly appreciated.
---------- Post updated at 10:45 PM ---------- Previous update was at 10:21 PM ----------
Ok, the settings.php file had permissions set as -rw-r-----
So I ran
sudo chmod o+r settings.php
Now I have problems accessing the mysql database:
PDOException: SQLSTATE[HY000] [2002] Can't connect to local MySQL server through socket '/opt/mysite/mysql/tmp/mysql.sock' (13) in lock_may_be_available() (line 165 of /opt/mysite/apps/drupal/htdocs/includes/lock.inc).
Last edited by alterego55; 05-17-2011 at 02:29 AM..
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi, I'm new to unix -solaris.
I've just upgraded a third party software product and am testing
it to see if new files created in a test database directory were being created properly and they aren't. They're owned by the user that created the file, instead of poppa and the group of their files... (2 Replies)
Discussion started by: avisb
2 Replies
2. Cybersecurity
please tell me if this thinkin is correct, if not, please corret me:
disaster recovery means when something bad happens and you need to retrieved a backed up file, all you have to do is cd into the tape drive and then look for the file you want and extract it from the drive.
is this... (3 Replies)
Discussion started by: TRUEST
3 Replies
3. UNIX for Dummies Questions & Answers
how i could give to user permission(delete,execute and so on) and ownership to files?
Thanks (1 Reply)
Discussion started by: ithost
1 Replies
4. UNIX for Advanced & Expert Users
Can anyone tell me of what to expect? I've been nominated to join a team of unix admins to do a DR testing. we already have the guys who are gono be doing the restores. besides the restore, anybody know what else to look forward to?? (2 Replies)
Discussion started by: TRUEST
2 Replies
5. Solaris
Recovering Solaris to an alternate server
I was just wondering if anyone could give me some points on restoring a Solaris 9 backup to an alternate server. Basically, we use netbackup 6 and I was wondering what the best procedures are for doing this? What things do we need to take into... (3 Replies)
Discussion started by: aaron2k
3 Replies
6. UNIX for Dummies Questions & Answers
Whenever I create a new file the group name is "dnn" and the file permissions are "-rw-r--r--".
How do I get it so when I create files (with vi or other programs) that the default group is "sss" and the permissions are 770?
(I am running HP-UNIX)
Thanks,
GoldFish (2 Replies)
Discussion started by: goldfish
2 Replies
7. UNIX for Advanced & Expert Users
Hi,
Within a SQL file i am calling 5 shell scripts in back ground and redirecting their outputs to different log files in a specific directory.
Now when I observed is, the log files are created with different permissions even though i did not do any thing specific.
For example in... (2 Replies)
Discussion started by: steria_learner
2 Replies
8. UNIX for Dummies Questions & Answers
Hello All,
I am application admin. I need to clear all the temporary files cleared by the applications. I need help/suggestion that is there any way to create a file system such that every Dir created in by any user will have 775 permissions. So, that i can simply clear the temporary file which... (6 Replies)
Discussion started by: firestar
6 Replies
9. Shell Programming and Scripting
Hi,
I have used expdp for datapump. The .dmp file is created by the "oracle" user.
my requirement is to make a zipped file of this .dmp file.
What i am trying to do is change the permissions of this .dmp file from 0640 to 0644 and then do a gzip and zip it. Is there any way i can change... (3 Replies)
Discussion started by: qwertyu
3 Replies
10. Red Hat
Hello All,
I have an application that creates the log files and they created with 600 permissions instead of 644(default). How can I set the permissions so that files can be created with 644. I looked into the /etc/profile for the umask settings and it is set 002(if UID>199). And when I type... (5 Replies)
Discussion started by: s_linux
5 Replies
LEARN ABOUT DEBIAN
dacskey
DACSKEY(1) DACS Commands Manual DACSKEY(1) NAME
dacskey - generate encryption keys for DACS SYNOPSIS
dacskey [dacsoptions[1]] [-check | -gen | -priv | -private | -pub | -public] [-p | -pf passphrase-file] [-pem] [-vfs] [-rsa_key_bits number] [--] keyfile DESCRIPTION
This program is part of the DACS suite. The dacskey utility generates encryption keys for DACS that are cryptographically sound. Keys are represented externally as an XML document called a keyfile. The program can also validate a keyfile or display a key. Keys are created for at least three different purposes, although every keyfile has the same format: o Keys that are shared by all of the jurisdictions within the same DACS federation, identified by the virtual filestore item type federation_keys. It is through these "master" keys that any jurisdiction is able to decrypt and validate credentials created by any other jurisdiction within the same federation quickly and without any additional communication. These keys are generated initially by a designated federation administrator at the time a federation is created. These keys can be generated at any jurisdiction within the federation. Ideally, new keys should be generated at regular intervals and also whenever warranted to maintain security, such as when a jurisdiction leaves the federation or if a key may have been compromised. When a jurisdiction joins a federation, it must receive a copy of the current keys. There is currently no automated key management support; administrators must distribute these keys to all jurisdictions over a secure channel whenever they are changed. Besides using some method of encryption to ensure the keys remain private during distribution, take care not to mangle the XML document (e.g., through line breaks or truncation). o Keys that are used by a jurisdiction for its own purposes, identified by the virtual filestore item type jurisdiction_keys. These keys are kept private to the jurisdiction (they are not shared with any other jurisdiction) and are ordinarily generated at that jurisdiction. These keys should be regenerated periodically as a routine security measure. o Keys that are used by a DACS application at a particular jurisdiction for its own purposes (dacsgrid(1)[2], for instance). These keys should be regenerated periodically, but take care to retain the old keys so that they can be used for decryption before information is re-encrypted using the new keys. The program ordinarily uses OpenSSL's ssl(3)[3] library to acquire high-quality random material. In certain situations, an experienced administrator might find the -p and -pf options useful; others should avoid them, however. When keys are generated, the output is written to keyfile, which is either created or truncated. In this context, keyfile must be a pathname. Unless directly written to where federation_keys (or jurisdiction_keys) points, keyfile must be copied there. Assuming that the default site configuration file (conf/site.conf-std, which establishes default locations for these files) has been installed: % dacskey -u mysite.example.com -q fkeys % install -o root -g www -m 0640 fkeys /usr/local/dacs/federations/example.com/federation_keyfile % dacskey -u mysite.example.com -q jkeys % install -o root -g www -m 0640 jkeys /usr/local/dacs/federations/example.com/mysite/jurisdiction_keyfile The owner, group, and mode assigned to these files in this example are typical but are only suggestions. Security A keyfile generated by this command must be accessible (readable and writable) only by DACS web services and the DACS administrator. It must be kept unreadable and unwritable by all others. When not generating keys, by default keyfile is a pathname. If the -vfs flag is given, then keyfile is a DACS URI, item type, or absolute pathname. OPTIONS
In addition to the standard dacsoptions[1], dacskey recognizes these options: -gen Generate new keys. This is the default operation. -check Validate keyfile, an existing keyfile. The keyfile is expressed as a vfs-ref or an absolute filename (see dacs.conf(5)[4]). -priv -private Print the private key found in keyfile, an existing keyfile, to stdout. The private key is not encrypted. If the -pem flag is present, the PEM format is used, otherwise the DACS base-64 encoding is used (the latter is used when keys appear in XML attribute values). -pub -public Print the public key found in keyfile, an existing keyfile, to stdout. If the -pem flag is present, the PEM format is used, otherwise the DACS base-64 encoding is used (the latter is used when keys appear in XML attribute values). -p Rather than using the default source for generating random strings, derive the random strings from material read from the standard input. The user is prompted for input. This option should not be used under normal circumstances. -pem When printing a key, use the PEM format. -pf passphrase-file Rather than using the default source for generating random strings, derive the random strings from material read from passphrase-file. If the filename argument is "-", the standard input is read. This option should not be used under normal circumstances. -rsa_key_bits number This specifies the length of the RSA modulus, in bits, used for asymmetric key generation. Used as the num argument to RSA_generate_key(3)[5], the value must satisfy that function's constraints. -- This argument explicitly marks the end of the flags. DIAGNOSTICS
The program exits 0 if everything was fine, 1 if an error occurred. SEE ALSO
dacsauth(1)[6], dacsgrid(1)[2], dacsinit(1)[7], dacsrlink(1)[8] dacstoken(1)[9], dacs.install(7)[10], dacs_acs(8)[11] AUTHOR
Distributed Systems Software (www.dss.ca[12]) COPYING
Copyright2003-2012 Distributed Systems Software. See the LICENSE[13] file that accompanies the distribution for licensing information. NOTES
1. dacsoptions http://dacs.dss.ca/man/dacs.1.html#dacsoptions 2. dacsgrid(1) http://dacs.dss.ca/man/dacsgrid.1.html 3. ssl(3) http://www.freebsd.org/cgi/man.cgi?query=ssl&apropos=0&sektion=3&manpath=FreeBSD+9.0-RELEASE&format=html 4. dacs.conf(5) http://dacs.dss.ca/man/dacs.conf.5.html#VFS 5. RSA_generate_key(3) http://www.freebsd.org/cgi/man.cgi?query=RSA_generate_key&apropos=0&sektion=3&manpath=FreeBSD+9.0-RELEASE&format=html 6. dacsauth(1) http://dacs.dss.ca/man/dacsauth.1.html 7. dacsinit(1) http://dacs.dss.ca/man/dacsinit.1.html 8. dacsrlink(1) http://dacs.dss.ca/man/dacsrlink.1.html 9. dacstoken(1) http://dacs.dss.ca/man/dacstoken.1.html 10. dacs.install(7) http://dacs.dss.ca/man/dacs.install.7.html 11. dacs_acs(8) http://dacs.dss.ca/man/dacs_acs.8.html 12. www.dss.ca http://www.dss.ca 13. LICENSE http://dacs.dss.ca/man/../misc/LICENSE DACS 1.4.27b 10/22/2012 DACSKEY(1)