I'm running nextCloud on my own Virtual Private Server with Ubuntu 16 + Plesk. I have a weird behavior which I suspect is related to files access rights:
- Configured an external storage (secondary HDD, mounted in /media as /diskext) as the "shared company repository". All users should have access to this repository.
- Verified that the shared NC folder has the proper rights by chown ncadmin:psacln, where pascln is Plesk default execution group.
- When accessing nextCloud from my desktop, I have access to the shared repository.
- Other colleagues with the same privileges have no access!
Therefore I'd like to determine what are the user/group used by nextCloud when trying to access the repository as user1, user2 or user15. I have a root SSH access to the server, so can run command line...
Thanks in advance for any help.
Nextcloud uses the user under which the PHP process runs to access the filesystem.
E.g. when you are using Apache and mod_php on ubuntu this is www-data.
To check which user this is on your system create the file phpinfo.php in /var/www/html with the following contents:
<?php
phpinfo();
Then go to the http://<ip-address-here>/phpinfo.php url, you will find the user under Environment.
Then you can change the user of the disk by running chown -R user:psacln.
Make sure to remove the phpinfo.php file since this may contain some sensitive values.
Related
This is a follow on from op - Moving Vobs between Win and AIX
Due to the aix and win vob servers sharing resources (common CC reg & Common Admin PVOB on the Aix box) we need to amalgamate these vob servers onto the AIX server as a precursor to our ultimate move to new servers at CC8.
on the Win VOb Server we have locked the vob, run vob_siddump then a reformat dump of the vob.
Then using xcopy we copied the dumped vob.vbs from Windows to AIX vob server run the fix_prot on the new server.
But when we run the reformatvob -load it goes through it's steps Shows "Loader Done" then shows the following errors
Error from vob database /vobstore/vobs/vobname.vbs.
Error Trouble Opening the VOB Database /vobstore/vobs/vobname.vbs,
Error Trouble Loading versioned object base /vobstore/vobs/vobname.vbs.
Because of the shared registry is this due to the existing registry entry and we need to unregister and then rmtag before registering and tagging fresh or do we need to do anything further?
Clearcase logs on aix vob server show:
DB Log - Error process not running on registery specified hostname (old win vob server)
Vob Log - shows unix UID and GID messange and Warning unable to verify mount options in vob tag registry Clearcase Object not found
David, there are a few things you need to do here:
unregister the VOB and remove all the tags that refer to the old server
reregister and retag the vobs at the new location.
If you can't register the VOB, run fix_prot -r -root ... to reset the ownership and try again.
run vob_sidwalk to remap object ownership.
run it again with -recover_filesystem to reset container ownership. Alternatively run checkvob -pool -protections -fix -force {vob storage dir}.
The last step really needed to be started on the Windows side before this started. Essentially, you needed a sid dump file to turn into the map file that the sidwalk needs (unless you want to remap everything to the VOB owner...)
The complete procedure to follow is at Moving VOBs between Operating system types You may want to start fresh from there if you still have the VOB located in the old location.
I'm writing a WPF .NET application (fwk 4.0) which references log4Net and must be installed in the 'Program Files(x86)' directory on a Windows 7/8/10 64bits OS.
The application logs created by the application are .txt files created in the installation sub-directory of the 'Program Files(x86)'
This application also uses on the SQL Server CE 4.0 in the same subdirectory.
C:\Program Files(x86)\MYAPP\APP1\APP1.txt
C:\Program Files(x86)\MYAPP\APP1\CEDatabase.sdf
The application is installed by a local administrator.
To start the application, a standard user is prompted by UAC to start with an elevated acess token (admin privileges) to run the application because it won't start otherwise (I think ACL not granted to create and write logs).
The WPF application build holds no application manifest.
My client is frustrated by the fact that a standard user can not start the application without the UAC elevation. Moreover, it wants to keep on installing in the 'Program Files (x86)'.
What can I do to manage this situation?
I'd strongly suggest not writing the log files to the same location as you install your application, but instead to one of the standard public locations, which you can access by environment variables.
See this link for more details on how to set this in Log4Net : How to specify common application data folder for log4net?
The two common locations to log to which avoid UAC restrictions are:
CommonApplicationData (https://msdn.microsoft.com/en-us/library/windows/desktop/aa367992(v=vs.85).aspx) which is a location where all users can write to, so you might want to use this if you want a common logging location regardless of who is logged on to Windows and running your application.
LocalAppData (https://msdn.microsoft.com/en-us/library/windows/desktop/aa369768(v=vs.85).aspx) which is a location specified to your currently logged on user. This would allow you to keep your log files from different Windows users separate from each other.
I'm not sure off the top of my head whether you'd have the same issue with writes to the SQL Server CE database. The pattern I've followed in the past to work with UAC is to install all static files under Program Files, then all data under one of the above 2 mentioned folders depending on whether the application data and logging was per-user or per-installation.
I did an install of SQL SErver 2008 and the client wanted to have the data file at the root of the hard disk, and the log file at the root of another hard disk.
Prior to me doing install I could browse those harddisks because I am a member of the local admins. After the install I got permission denied.
To get around this, I had to grant myself the ability to take ownership of hard disks, which I went to security and set myself as the owner, and then give myself specific rights to each of the harddisks, even though there was local admins already assigned the rights to do everything.
So is there something I don't know about installing sql server data directories to the root directory that affects the permissions? There were files there before and after the install.
It seems to be done to prevent data and log files from being modified by users. Details are in the following article from MSDN:
Securing Data and Log Files
I am trying to automate the Account Creation process in Active Directory and I want to create the user home directory on a server and then I want it to become a shared folder with some user permissions.
I can create folder on that machine (remote machine) but I cannot convert it to a shared folder. Is there a way I can do that. Note I can create shared folder locally and can set permissions but cannot do that when the machine is different.
Which language are you using to script ?
You can do exactly what you are doing localy, on a remote computer using psExec from SysInternals. You'll find at th end of this post how to do it in ldap mixed in with WMI.
I am trying to run a batch file to copy a backup file from one location to other.
I keep on getting the error:
Invalid drive specification
My path is as follows:
\\server\drive:\folder\folder\folder\*.bak drive:\folder\.bak
That typically doesn't work out too well. You'll want this:
cp \\server\C$\folder\folder\folder\copy.bak C:\folder\copied.bak
This presupposes that you actually have access to the folder \\server\C$\folder\folder\folder from your box. If you do not, then you need to configure permissions correctly on the server to give you access.
You only have access to administrative shares (\\server\C$ <- the $ denotes an admin share) if you have administrative rights on the server. If you don't you need to actively share the folder in question, i.e. on the server, navigate to drive:\folder\folder\folder and share it (context menu of the folder, menu item Sharing and Security). Note that you need at least temporary admin rights on the server in order to create a share.
Do not forget to configure the permissions for the share you create, so that the limited account you are using for the copy process has read rights.
Once this is et up, you should be able to copy the files using
Copy \\Server\NewShareName\*.bak c:\folder\.bak
If you have problems with the files being in use by another process, have a look at robocopy instead of the copy command.