I have a default installation of joomla under ubuntu 10.04. I have also changed the permissions of index.php of template(apache user with read write permissions), so that I can change the index.php from administrator screen. Everything works fine till here.
But now when I change the file from admin screen and save the file, its changing the file permission and removing the write permission from the file. It does saves the changes though.
Now as the write permissions are removed, when I try to install the template it gives me error. So again I have to manually set the write permission for the apache user on index.php and install the template again, then it runs good.
Does anyone know if joomla is changing the file permissions, and any idea how I can tackle this problem.
Thanks,
Tanmay
You're possibly affected by a umask setting. Put umask(0133); in your configuration file (or anywhere you want, just make sure it comes before making files).
Background information:
r (read) has a value of 4 (binary value: 100)
w (write) has a value of 2 (binary value: 010)
x (execute) has a value of 1 (binary value: 001)
These permissions can be granted to the owner, group and everyone else ('other').
When a file is created in PHP, it adds the 666 to it by default. From this number, the umask value is removed using bitwise AND. It looks like you've a umask of 0333. The best way to show what happens is by demonstrating it:
PHP adds: rw-rw-rw- 0666
umask : -wx-wx-wx 0333
result : r--r--r-- 0444
And if you're using umask 0133:
PHP adds: rw-rw-rw- 0666
umask : --x-wx-wx 0133
result : rw-r--r-- 0644
Related
I have file placed at location /orabin/hrtst/TEST :
/orabin/hrtst/TEST$ ls -ltr Lookup_code.log
-rwxrwxrwx 1 xxhcmuser dba 0 Feb 25 15:08 Lookup_code.log
I want the -rwxrwxrwx permission to change to drwxrwxrwx
What command can I use ?
d, which you're talking about, is not a permission, but, it is a way of representing the nature of the file(which is directory in this case).
Lookup_code.log is a regular file. So, you see a - in the first place;just before the permissions(rwx-rwx-rwx).
As already mentioned, you need to create a directory with this name; only then you can see the desired d there.
Sorry mate,
The only way that that is going to change into a d is if you make that file into a directory.
Here is a good reading source: https://kb.iu.edu/d/abdb
That file has permission to be all of the things (except a directory).
Cheers.
Edit:
Here is a more indepth read:
https://www.mkssoftware.com/docs/man1/ls.1.asp
I want to chmod a directory to prevent any files inside that directory from being deleted or modified without my permission.
How can I achieve that, my directory is set to 777 now which I think is a issue. Could other users access and delete my file without permission if I set the permissions to 777? What permission should I set so that?
I want to be the only one who can write to my own directory, others should only be able to read my file.
Yes, with 777, anybody could delete files from the directory.
You should run chmod 0755 yourdir or chmod og-w yourdir.
You can see the contents (read), add or remove files (write) and "pass through" the folder (execute)
Members of the owning group and other users can see the contents of the folder (read) and "pass through" to child folders (execute). They cannot add or remote files (write).
This guide is a good discussion of *nix directory permissions.
Rather than thinking about it in terms of numeric codes, perhaps it's easier to use the symbolic names for permissions. For example, to remove the ability for "others" to "write" your files:
chmod o-w FILE...
You may also want g-w if you do not want members of your Unix group to write your files.
The removal of write (w) permissions is the same as "clearing bit 2" in the mode, so 7 becomes 5, but this is hard for most normal people to remember, and you don't entirely need to.
In my program, I have to make a file hidden in order to avoid removal or modification of the file.
PATH=/etc/
NAME = file
Is there a function in C that will allow me to do that?
You can just add a . to the front of the file name. Having said that if your goal is to not allow modification of the file change the permissions to something that can't be modified. Something like:
chmod 444 fileName
First: others argue with security arguments here. For those: Hidden files have nothing to do with security nor will it prevent somebody from deleting a file if he has propper permission and wants to do that.
Hidden means only that tools like ls, bash globs or a graphical file managers will not display the files with their default settings. This can be useful to prevent from accidents (see explanation below) or just to keep directory listings more clean. You may try the commands ls -l $HOME and ls -al $HOME in order to see the differences.
On GNU/Linux systems and UNIXs it is by convention that files which's name begins with a dot . will not being displayed by default meaning they are hidden. Like $HOME/.bashrc
Solution: Prefix the file name with a dot:
.file
About accidents. Hiding a file can prevent you from accidently removing it when you type something like:
rm *
The glob above will not list hidden files so they won't get deleted.
In LINUX Hidden file are start with .(DOT)
if you create files with starting .(DOT), those files are hidden.
You can use chmod to set permissions to the file.
if you set only read only then those cannot be modified in program
chmod 444 filename
if you want to use this from C-language use system() function to execute this command
if You use simple ls -alF you can see those files.
the below files are hidden files In LINUX
-rw------- 1 root root 27671 Sep 17 11:40 .bash_history
-rw-r--r-- 1 root root 3512 Jul 23 16:30 .bashrc
There are no hidden files on Linux. Some tools don't show files starting with . as others already mentioned.
Anyway, you can experiment with putting control characters like new-line into the filename. See Control characters in filenames are a terrible idea:
Some control characters, particularly the escape (ESC) character, can cause all sorts of display problems, including security problems. Terminals (like xterm, gnome-terminal, the Linux console, etc.) implement control sequences. Most software developers don’t understand that merely displaying filenames can cause security problems if they can contain control characters. The GNU ls program tries to protect users from this effect by default (see the -N option), but many people display filenames without getting filtered by ls — and the problem returns. H. D. Moore’s “Terminal Emulator Security Issues” (2003) summarizes some of the security issues; modern terminal emulators try to disable the most dangerous ones, but they can still cause trouble. A filename with embedded control characters can (when displayed) cause function keys to be renamed, set X atoms, change displays in misleading ways, and so on. To counter this, some programs modify control characters (such as find and ls) — making it even harder to correctly handle files with such names.
Your requirements are a bit vague: the program creates a file, wants to prevent its removal or modification. Do you expect other users (of your program? in general?) to be able to read it, but not find it easily, or modify or delete it?
Keep in mind that Unix-like systems don't really do hidden when the resource involved needs to remain visible (readable, presumably), as others have noted. Prepending a '.' to a file name helps in some important contexts (default ls(1) behavior and shell * globbing in particular) but only goes so far. But a few techniques might help obscure what and where your app is saving things, if that matters.
Consider two users doing some shell commands like the following in a directory with its sticky bit set (say /tmp). (Sorry to not write C, but I think the scenario is easier to demonstrate out in the shell.)
As Bob:
$ umask 066
$ mkdir /tmp/.hidden
$ umask 022
$ echo xyzzy > /tmp/.hidden/mysecret.txt
$ ls -la /tmp/.hidden
total 28
drwx--x--x 2 bob users 4096 Sep 17 11:19 .
drwxrwxrwt 27 root root 20480 Sep 17 11:26 ..
-rw-r--r-- 1 bob users 6 Sep 17 11:19 mysecret.txt
As Alice. Notice that attempts to search in /tmp/.hidden fail, but if she knows the name of a file in a directory with only execute but not read permissions set, she can read the file. She can't do much to mess with /tmp/.hidden, once it's properly created. If she'd been forced to guess the name of the secret file, that could also be a challenge depending on how the name is created.
$ ls /tmp | grep hidden
$ ls -a /tmp | grep hidden
.hidden
$ file /tmp/.hidden
/tmp/.hidden: directory
$ ls /tmp/.hidden
ls: cannot open directory /tmp/.hidden: Permission denied
$ echo /tmp/.hidden/*
/tmp/.hidden/*
$ file /tmp/.hidden/mysecret.txt
/tmp/.hidden/mysecret.txt: ASCII text
$ cat /tmp/.hidden/mysecret.txt
xyzzy
$ rm -f /tmp/.hidden/mysecret.txt
rm: cannot remove '/tmp/.hidden/mysecret.txt': Permission denied
$ mv /tmp/.hidden /tmp/Hidden_No_More
mv: cannot move '/tmp/.hidden' to '/tmp/Hidden_No_More': Operation not permitted
$ rm -rf /tmp/.hidden
rm: cannot remove '/tmp/.hidden': Permission denied
In this scenario, the presence of the hidden directory can be obscured, but ls -a reveals its name. Carefully chosen directory permissions prevent non-root and non-Bob users from listing or altering its contents. The use of a sticky-bit directory like /tmp prevents non-Bobs from renaming or removing the "hidden" directory. Anyone who knows the name of the "secret" file within the hidden directory can read it. But only Bob and root can change these "secret" files or the "hidden" directory.
You can do all the above in a C program; equivalents exist as library and system calls - see things like chmod(2), mkdtemp(3), umask(2), the mode argument to open(2), etc.
If you use a kernel >= 3.11, you might want to try the O_TMPFILE-flag. This kernel have been released on the 14.09.2013. Debian Jessie uses Kernel 3.16. so this feature should be available on all recent popular distributions.
The news about this sounds promising. The file will be unreachable from the outside. No other process or may access this file .. neither read nor write. But the file will be lost as soon as the handle gets closed. Or link it to a regular file. But then, it will be accessible as any other file.
If this is not an option for you (e.g. your file needs to be persistent): bad luck. There is no real "hidden" file in linux. You can hide your persistent files as secure as files on windows with the hidden attribute: prepend the name with a dot. As stated by others: ls -a will show them nevertheless.
Also, you can create a user specifically for your use and make the file read- and writable only for this user or put it in a folder, where only your user have rw-access. Other users may see this file but wont be able to access it. But if root comes along and want to look into it, you have lost.
Sure,you have to add '.' before filename and your file wouldn't be seen by user(except user will turn the hidden files show option on). You could change the attrybutes (chmod) to 755 and only user could rwx and others could rx.
hek2mgl - partially yes - it has. Try to remove via rm -rf * manner all of directory content. That's why for example .htaccess is hidden.
when I execute this code, I get the error Couldn't create backup sub-directory: Permission denied but I can't understand why since I give full permisions and I'm using a admin account on ubuntu.
umask(0777);
int folder_date_status = mkdir(filepath_W, 0777);
if(folder_date_status == -1){
perror("Couldn't create backup sub-directory");
return -1;
}
An admin account doesn't run with full privileges by default. This is so that programs you run don't unexpectedly act as privileged users (ie. you must explicitly give permission).
To give permission to the program to create a sub-directory in a directory which requires privileged access, try using sudo.
If the program name is called myprogram, try running:
sudo ./myprogram
Then type your password if it is requested.
Note that super-user access should only be required if it is trying to make a subdirectory in a write-restricted directory (eg. restricted directory owned by root, or another user). Also ensure that the parent directory exists (otherwise it could also throw an error).
Did you verify your filepath_w? Do you have permissio to read, write and execute on it? I suggest you to use a absolute pathname and point it to the tmp dir, something like this:
filepath_w = "/tmp/directory"
In our FreeBSD-environment where we have one server that acts as a file-server, we have a problem that our system administrator says can not be fixed.
All our files resides in a directory and we all have access to that directory, its sub-directories and files. The problem is that once a user in our group creates a file or directory, we have to chmod that directory or file to change the rights so that others in our group can access, read, write and delete. These are not files or sub-directories inside our home-directories, but in a directory where we are supposed to work with them on a daily basis.
Finding it difficult to believe that there is no good solution, I would request that someone assist me with a solution.
I think what you want is a setgid bit on the directories and umask. Then newly created there files and directories will have proper group and proper permissions to let others read abd write them.
find /your-files-are-rooted-here -type d -print0 | xargs -0 chmod ug+rw,g+s
and set umask to 002 (or whatever is appropriate). And, of course, you may want to fix permissions for existing files (the command above only takes care of directories).
One place to but the umask setting is "/etc/bashrc". Find "umask". Change "umask = 022" to "umask = 002". After doing this, when a new file created, every one in the same group with the file owner can write in this new file.
Note that this only works for files created from the shell, specifically bash.