Hello everybody
As I have already written in title am I no more able to get access to my b3 by web access. However I am still able to establish an ssh connection.
What I actually tried is to set user (user is xyz) permissions to a folder /home/xyz so that the corresponding user is not able to get access to all the other folders they are in /home. Therefore, since the user xyz belongs to the group "users", I created a new group (yyy) and set all permissions of the /home directory to yyy with the following command lines:
chgrp -R yyy /home
chmod -R o-rx /home
Unfortunately, the resulting effect was not as expected, since the user xyz could not access to any folder (over ftp:// connection -> login incorrect or so s.th. was mentioned) and I can even not anymore connect to my B3 using the web interface.
I am pretty sure there is a failure with the access rights, however, what are the default permissions for the /home folder?
Thank you very much for any help.
Regards,
Amishorn
New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !
Web access permission denied
Re: Web access permission denied
I think you might have your permissions mixed up. I'm not an expert on this, but I don't think it's wrx, but rather rwx, or read write execute.
My home dir, which is set to the default permissions, are set thusly:
Curious why you would change the permissions to /home, rather than /home/xyz only, and why you did it with chgrp instead of chown?
My home dir, which is set to the default permissions, are set thusly:
Code: Select all
drwxr-xr-x 7 root root 4096 Sep 19 11:50 home
Re: Web access permission denied
Probably the damage to the web interface will be limited to the webserver not being able to read the index.html file - if you go to http://b3/admin it should be fine.
But yes, you did create somewhat of a mess here. The factory provided rights were created this way for a reason - they are required to allow certain services to access specific files.
Here's mine (and note that this one is far from normal)
This is still work in progress because I too do not have a full picture of which account should be able to access what. I renamed the original web folder and left the admin account the way it was, but with all the other folders you see a plus-sign attached to the standard rights. Here's why:
This is the way to go if you want to change the rights structure in /home. For this you'll need to get and install the acl package AND you need to add the acl mount option to /dev/mapper/bubba-storage.
But yes, you did create somewhat of a mess here. The factory provided rights were created this way for a reason - they are required to allow certain services to access specific files.
Here's mine (and note that this one is far from normal)
Code: Select all
root@b3:/home# ls -l
total 38
drwxr-xr-x 3 admin admin 4096 Feb 28 11:15 admin
drwxrwxr-x+ 4 nobody users 4096 Jan 5 12:54 ftp
drwx--x--x+ 17 gordon users 4096 Feb 3 19:30 gordon
drwx------ 2 root root 16384 Aug 17 2033 lost+found
drwxrwsrwx+ 7 root users 4096 Feb 10 15:07 storage
drwxrwxr-x+ 5 root users 4096 Jan 13 13:38 web
drwxrwsr-x 5 www-data users 4096 Dec 5 14:25 web.org
Code: Select all
root@b3:/home# getfacl gordon
# file: gordon
# owner: gordon
# group: users
user::rwx
group::--x
other::--x
default:user::rwx
default:user:gordon:rwx
default:group::r-x
default:mask::rwx
default:other::r-x
Re: Web access permission denied
Why did you not just remove the group "user" from xyz that would have been much simpler.
Re: Web access permission denied
Hi @ all
First I would like to appologize for my late reply!
Thanks a lot for all responses. I figured out that I am still able to connect to my b3 over webinterface, however, not with my netbook. Thereby, it does have no impact whether I connected my netbook via lan-cable (via router) to my b3 or over WLAN (router). I am really glad about this behaviour, but it shows as well that it is really a permission issue.
Currently are my /home permissions are like following:
My observations relating to your posts are that I have no more a root or admin group but only the users group.
I actually wanted to configure all folders like Gordon, that means:
admin -> admin
users -> hiroshima
root -> lost+found
users -> malaysia
root -> storage
root -> web
However, as I tried to change the group of the folder /admin I got always the error message that it would not be a file or folder. What did I wrong? Any hints?
Furthermore, I do not really know what the different between owner (chown) and group (chgrp) is. Can it someone explain me?
Thanks a lot for all your help!
Kind Regards,
Amishorn
First I would like to appologize for my late reply!
Thanks a lot for all responses. I figured out that I am still able to connect to my b3 over webinterface, however, not with my netbook. Thereby, it does have no impact whether I connected my netbook via lan-cable (via router) to my b3 or over WLAN (router). I am really glad about this behaviour, but it shows as well that it is really a permission issue.
Currently are my /home permissions are like following:
Code: Select all
root@messiebox:/home/hiroshima# cd ..
root@messiebox:/home# ls -l
total 36
drwxr-x--- 2 admin users 4096 Jan 8 2000 admin
drwxr-x--- 6 hiroshima users 4096 Dec 21 22:34 hiroshima
drwx------ 2 root users 16384 Jan 8 2000 lost+found
drwxr-x--- 5 malaysia users 4096 Feb 28 19:31 malaysia
drwxrws-w- 10 root users 4096 Feb 27 22:46 storage
drwxrws--- 2 root users 4096 Jan 8 2000 web
root@messiebox:/home#
I actually wanted to configure all folders like Gordon, that means:
admin -> admin
users -> hiroshima
root -> lost+found
users -> malaysia
root -> storage
root -> web
However, as I tried to change the group of the folder /admin I got always the error message that it would not be a file or folder. What did I wrong? Any hints?
Code: Select all
root@messiebox:/home# chgrp admin /admin
chgrp: cannot access `/admin': No such file or directory
root@messiebox:/home#
Thanks a lot for all your help!
Kind Regards,
Amishorn
Re: Web access permission denied
Hi @ all
First I wanna appologize for my late reply and to thank for all answers.
Now I have good news, I am still able to connect to my b3 using the webinterface, however, not with my netbook. Therefore, I think that it is highly likely a permission problem.
Nevertheless, I tried to change the users of my subfolders in home directory, but, each time if I try to set the group of admin folder to admin i get an error that there would no file or folder be called admin .
following my commands I typed in:
Following still my current permissions of my homes subfolders:
What did I wrong?
Thanks for every help in previous.
Regards,
aimless
First I wanna appologize for my late reply and to thank for all answers.
Now I have good news, I am still able to connect to my b3 using the webinterface, however, not with my netbook. Therefore, I think that it is highly likely a permission problem.
Nevertheless, I tried to change the users of my subfolders in home directory, but, each time if I try to set the group of admin folder to admin i get an error that there would no file or folder be called admin .
following my commands I typed in:
Code: Select all
root@messiebox:/home# chgrp admin /admin
chgrp: cannot access `/admin': No such file or directory
root@messiebox:/home#
Code: Select all
root@messiebox:/home# ls -l
total 36
drwxr-x--- 2 admin users 4096 Jan 8 2000 admin
drwxr-x--- 6 hiroshima users 4096 Dec 21 22:34 hiroshima
drwx------ 2 root users 16384 Jan 8 2000 lost+found
drwxr-x--- 5 malaysia users 4096 Feb 28 19:31 malaysia
drwxrws-w- 10 root users 4096 Feb 27 22:46 storage
drwxrws--- 2 root users 4096 Jan 8 2000 web
root@messiebox:/home#
Thanks for every help in previous.
Regards,
aimless
Re: Web access permission denied
its /home/admin or ./admin (note the . before the / ) when you are in /home. There is indeed currently no folder named /admin, although it is possible to make it.
This behaviour is actually not different in other OSes
This behaviour is actually not different in other OSes
Re: Web access permission denied
Hi @ all
Thanks for all your help. I was able to solve this issue by means of changing the permissions as gordon and rog proposed. Super!
Regards,
amishorn
Thanks for all your help. I was able to solve this issue by means of changing the permissions as gordon and rog proposed. Super!
Regards,
amishorn