Web access permission denied

Got problems with your B2 or B3? Share and get helped!
Post Reply
amishorn
Posts: 21
Joined: 29 Feb 2012, 12:32
Location: Switzerland

Web access permission denied

Post by amishorn » 29 Feb 2012, 12:52

Hello everybody

As I have already written in title am I no more able to get access to my b3 by web access. However I am still able to establish an ssh connection.
What I actually tried is to set user (user is xyz) permissions to a folder /home/xyz so that the corresponding user is not able to get access to all the other folders they are in /home. Therefore, since the user xyz belongs to the group "users", I created a new group (yyy) and set all permissions of the /home directory to yyy with the following command lines:
chgrp -R yyy /home
chmod -R o-rx /home

Unfortunately, the resulting effect was not as expected, since the user xyz could not access to any folder (over ftp:// connection -> login incorrect or so s.th. was mentioned) and I can even not anymore connect to my B3 using the web interface.
I am pretty sure there is a failure with the access rights, however, what are the default permissions for the /home folder?

Thank you very much for any help.

Regards,
Amishorn

rog
Posts: 22
Joined: 22 Sep 2011, 00:19

Re: Web access permission denied

Post by rog » 29 Feb 2012, 23:56

I think you might have your permissions mixed up. I'm not an expert on this, but I don't think it's wrx, but rather rwx, or read write execute.

My home dir, which is set to the default permissions, are set thusly:

Code: Select all

drwxr-xr-x   7 root root  4096 Sep 19 11:50 home
Curious why you would change the permissions to /home, rather than /home/xyz only, and why you did it with chgrp instead of chown?

Gordon
Posts: 1388
Joined: 10 Aug 2011, 03:18

Re: Web access permission denied

Post by Gordon » 01 Mar 2012, 08:37

Probably the damage to the web interface will be limited to the webserver not being able to read the index.html file - if you go to http://b3/admin it should be fine.

But yes, you did create somewhat of a mess here. The factory provided rights were created this way for a reason - they are required to allow certain services to access specific files.

Here's mine (and note that this one is far from normal)

Code: Select all

root@b3:/home# ls -l
total 38
drwxr-xr-x   3 admin    admin  4096 Feb 28 11:15 admin
drwxrwxr-x+  4 nobody   users  4096 Jan  5 12:54 ftp
drwx--x--x+ 17 gordon   users  4096 Feb  3 19:30 gordon
drwx------   2 root     root  16384 Aug 17  2033 lost+found
drwxrwsrwx+  7 root     users  4096 Feb 10 15:07 storage
drwxrwxr-x+  5 root     users  4096 Jan 13 13:38 web
drwxrwsr-x   5 www-data users  4096 Dec  5 14:25 web.org
This is still work in progress because I too do not have a full picture of which account should be able to access what. I renamed the original web folder and left the admin account the way it was, but with all the other folders you see a plus-sign attached to the standard rights. Here's why:

Code: Select all

root@b3:/home# getfacl gordon
# file: gordon
# owner: gordon
# group: users
user::rwx
group::--x
other::--x
default:user::rwx
default:user:gordon:rwx
default:group::r-x
default:mask::rwx
default:other::r-x
This is the way to go if you want to change the rights structure in /home. For this you'll need to get and install the acl package AND you need to add the acl mount option to /dev/mapper/bubba-storage.

ryz
Posts: 183
Joined: 12 Feb 2009, 06:03

Re: Web access permission denied

Post by ryz » 01 Mar 2012, 10:53

Why did you not just remove the group "user" from xyz that would have been much simpler.

amishorn
Posts: 21
Joined: 29 Feb 2012, 12:32
Location: Switzerland

Re: Web access permission denied

Post by amishorn » 07 Mar 2012, 16:12

Hi @ all

First I would like to appologize for my late reply!
Thanks a lot for all responses. I figured out that I am still able to connect to my b3 over webinterface, however, not with my netbook. Thereby, it does have no impact whether I connected my netbook via lan-cable (via router) to my b3 or over WLAN (router). I am really glad about this behaviour, but it shows as well that it is really a permission issue.
Currently are my /home permissions are like following:

Code: Select all

root@messiebox:/home/hiroshima# cd ..
root@messiebox:/home# ls -l
total 36
drwxr-x---  2 admin     users  4096 Jan  8  2000 admin
drwxr-x---  6 hiroshima users  4096 Dec 21 22:34 hiroshima
drwx------  2 root      users 16384 Jan  8  2000 lost+found
drwxr-x---  5 malaysia  users  4096 Feb 28 19:31 malaysia
drwxrws-w- 10 root      users  4096 Feb 27 22:46 storage
drwxrws---  2 root      users  4096 Jan  8  2000 web
root@messiebox:/home# 
My observations relating to your posts are that I have no more a root or admin group but only the users group.
I actually wanted to configure all folders like Gordon, that means:
admin -> admin
users -> hiroshima
root -> lost+found
users -> malaysia
root -> storage
root -> web

However, as I tried to change the group of the folder /admin I got always the error message that it would not be a file or folder. What did I wrong? Any hints?

Code: Select all

root@messiebox:/home# chgrp admin /admin
chgrp: cannot access `/admin': No such file or directory
root@messiebox:/home# 
Furthermore, I do not really know what the different between owner (chown) and group (chgrp) is. Can it someone explain me?

Thanks a lot for all your help!

Kind Regards,
Amishorn

amishorn
Posts: 21
Joined: 29 Feb 2012, 12:32
Location: Switzerland

Re: Web access permission denied

Post by amishorn » 08 Mar 2012, 13:03

Hi @ all

First I wanna appologize for my late reply and to thank for all answers.

Now I have good news, I am still able to connect to my b3 using the webinterface, however, not with my netbook. Therefore, I think that it is highly likely a permission problem.
Nevertheless, I tried to change the users of my subfolders in home directory, but, each time if I try to set the group of admin folder to admin i get an error that there would no file or folder be called admin .

following my commands I typed in:

Code: Select all

root@messiebox:/home# chgrp admin /admin
chgrp: cannot access `/admin': No such file or directory
root@messiebox:/home# 
Following still my current permissions of my homes subfolders:

Code: Select all

root@messiebox:/home# ls -l
total 36
drwxr-x---  2 admin     users  4096 Jan  8  2000 admin
drwxr-x---  6 hiroshima users  4096 Dec 21 22:34 hiroshima
drwx------  2 root      users 16384 Jan  8  2000 lost+found
drwxr-x---  5 malaysia  users  4096 Feb 28 19:31 malaysia
drwxrws-w- 10 root      users  4096 Feb 27 22:46 storage
drwxrws---  2 root      users  4096 Jan  8  2000 web
root@messiebox:/home# 
What did I wrong?
Thanks for every help in previous.

Regards,
aimless

Ubi
Posts: 1547
Joined: 17 Jul 2007, 09:01

Re: Web access permission denied

Post by Ubi » 08 Mar 2012, 15:19

its /home/admin or ./admin (note the . before the / ) when you are in /home. There is indeed currently no folder named /admin, although it is possible to make it.

This behaviour is actually not different in other OSes

amishorn
Posts: 21
Joined: 29 Feb 2012, 12:32
Location: Switzerland

Re: Web access permission denied

Post by amishorn » 19 Mar 2012, 16:49

Hi @ all

Thanks for all your help. I was able to solve this issue by means of changing the permissions as gordon and rog proposed. Super!

Regards,
amishorn

Post Reply