I have kubernetes pod with a PHP & Nginx containers , mounting an NFS share v4.1, as /var/www/html/"webcontent" When I access the application from browser throws the error "You need to grant write permissions for PHP on the following directory: /var/www/html" The NFS server is a Sinology NAS, no mapping enabled, so it should default to use UID=33 GID=33 . Both are synced in the NFS server and every ...

I'm been running postgres as a Docker Container for quite awhile. Initially, the TZ and PGTZ were not set, so I think it was defaulting to UTC. On my dev system I tried the following in docker-compose.yml:

  postgres:
    image: postgres:13
    ports: ["5557:5432"]
    restart: unless-stopped
    volumes:
       - ./Index:/var/lib/postgresql/data
    environment:
       TZ: "America/Cayman"
      ...

I have a java spring boot application that I authenticate through our exchange servers. The from address included in the email is the same address associated with the authenticated user.

When I point the connection URL directly at one of the exchange servers it will authenticate and send email successfully. However when I point it at the (I think it's called a relay) [URL that points at either se ...

I have a directory called /workspace that looks like this:

[root@machine workspace]# ls -al
total 7
drwxr-s---. 7 root workspace 4651468242 Nov 16 14:41 .
dr-xr-xr-x. 22 root root 4096 Nov 15 11:36 ..
(I left out its subdirectories. You can see that /workspace belongs to the group workspace)

Then there's a user yang whose id is as follows:
[root@machine workspace]# id yang
uid=563(yang)  ...

On my laptop I have a directory which contains a subdirectory, which in turn contains a bunch of HTML files. It looks like this:

% ls -lR 2000-09
2000-09:
total 12
drwxrwxr-x 2 skip skip 12288 Nov 18 07:42 html

2000-09/html:
total 648
-rw-r--r-- 1 skip skip 18489 Dec  4  2019 index.html
-rw-r--r-- 1 skip skip 18489 Dec  4  2019 maillist.html
-rw-r--r-- 1 skip skip  3468 Dec  4  2019 msg00000.html
 ...

Hi so I am in the process of setting up a dockerized samba server and for the most part it's setup however I can't/don't have permission to write to the server from a windows 10 machine. I tried changing permissions on the directories but it seems docker doesnt really like that because as soon as I do the permissions/owners, basically all the info about the permissions of the files becomes corrupt and  ...

I did install some of my aspnet core apps on Linux before using CentOS8. This time I used CentOS8-Stream. I dont know if that contributes to the issue.

The facts:

1. I could not make apache use certificates. Everything was as I did before and yet it didnt work. Finally I found some obscure link on the internet which used ls -lrtZ /etc/pki/tls/certs to display security context (I didnt even know it exists).  ...

Both server and client are cent os 7.0

My data VM has a exports file:

/data   10.75.0.0/24(rw,sync,no_subtree_check) 10.50.1.0/24(rw,sync,no_subtree_check,no_root_squash) 

My client has a fstab:

10.50.1.248:/data/archive/images /export/images nfs rsize=32768,wsize=32768,actimeo=0,bg,intr

Sure enough that client whose user is arc can ls /export/images but if I try to cd into there and touch a file:

I have a setup with many users, who can host their personal webpage (served by apache via mod_userdir), located under public_html in their homes. php support is also enabled in apache.

At the moment I have the following configuration in /etc/apache2/mods-enabled/userdir.conf

<IfModule mod_userdir.c>
        UserDir <home basedir>/*/public_html
        UserDir disabled root

        <Dire ...

While all our end user mailboxes are still on our on-prem Exchange 2016 environment, I have moved a few room mailboxes to EXO. When I view these mailboxes in the calendar view in Outlook, I can see the details of the appointments as I have reviewer access on those calendars. However, when I create a meeting invitation and I go to the scheduling assistant and add that meeting room, I get a message that t ...

I'm setting up a testing environment for permissions and I'm trying to understand what's going on here.

I have a Windows Server 2016 where my admin account used for testing is both a member of the local administrators group as well as the Domain Admins group. I have a folder where both the user, and the Domain Admins group, have Full Control. If I remove the user, but leave the Domain Admins with ...

I did run into the situation that I lost all my public folder permissions which were assigned via groups.

Before the migration started from our MSEX2016 server to Office 365, all the permissions got exported to a XML file, what I think (described on this Microsoft page) happened with the following command:

Get-PublicFolder -Recurse -ResultSize Unlimited | Get-PublicFolderClientPermission | Select-Object ...

I have hard times connecting my local PC through SSH to another remote PC. I set the public key on both machines in the authorized_keys folder following this tutorial : https://help.ubuntu.com/community/SSH/OpenSSH/Keys but i get

permission denied (interactive board, public key)

type of error. I read that possible solution could be : /home/<user> or ~/.ssh/authorized_keys permissions are to ...

I work on a CentOS 7 server where I frequently have to manually grant specific users access to specific files or directories. We do this using file ACLs, but I often run into an issue where I have set the ACLs on the file, but the user still cannot access it because they don't have permission to cd into the directory containing the file and/or any number of its parent directories. What follows is a tedi ...

So our servers are set-up like this:
Folder structure

/asic is our grand project's folder, /200T is a subproject of that grand project, and folders right under /200T such as /lbh are each worker's personal directories who are working on the subproject. /asic, /200T, /lbh were all created by root and then had their properties reconfigured by root via chmod -R and chown -R. /asic and /200T are owned by

We have a sshfs mounted on the host, that is also a volume inside a docker container.

1. sshfs is called with gid+uidfile for correct mapping to www-data. That is what we need. This is working and looking good.

2. Now we are going inside our container. The destination for the sshfs-mount inside the container is /var/www/html/data. If I do stat /var/www/html/data with user root everything is looking l ...

A colleague is having issues getting a node web service hosted on azure to be able to access a file server on premise. There must be a vpn tunnel setup b/c if you remote onto the azure server using our azure admin login, we can browse to the files without any issue and have told it to remember the connection which adds it to the Credentials Manager in Windows Control Panel. In my experience, in order  ...

Setup:

• Windows Server 2008 R2 with updates.
• Filezilla FTP Server 0.9.60 (for LAN use only)

Clients:

• Total Commander 10
• WinSCP 5.17

I have two files in the same folder. I can overwrite one of them via FTP and the other one I can't. I get error 550 "Could not open file for writing" in both clients.

I compared file permissions with icacls and they are exactly the same. The user on behalf of which Fil ...

Description

I installed Openstack Wallaby using OpenStack Installation Guide, all command and configuration is on my Github. This LAB is running on VirtualBox and I have another LAB with the same configuration and Openstack version on ESXi without any problem.

At this point one controller with two compute node.

In the below section improve database permission confgured correctly

Databases are cre ...

We have a Google Cloud project on my team and the owner has since left the organization.

We still have access to the project because someone on my team in an editor but editors cannot give others access. She is leaving the team and we are trying to give someone else access.

If there is no owner listed and the editor can't give access does that mean there is no way to give anyone else access or assig ...

I'm trying to achieve rootless PHP-FPM pod running in Kubernetes.

I tried simply running process in Kubernetes pod via init script that does php-fpm -FO as www-data user but it complaints about not having permissions to access /dev/stderr (log output location). Adding www-data user to the tty group also didn't help.

I tried specifying another location like /proc/self/fd/2 and even /dev/pts/1 as log  ...

I am having issues with my self hosted wordpress installation running on Ubuntu server, with Nginx. I am using buddyboss plugin with buddyx theme.

The issue is that when a user uploads an image, we can only see a link to it in his profile, but the image is blank. When I open the user's page, the console is showing me an error message 404:

/wp-content/uploads/bb-platform-previews/b9014e776e469ca6d ...

I have a CentOS Samba server that is domain joined to an Active Directory domain controller for authentication.

My understanding is setting the sticky bit on a directory will prevent any children from being moved or deleted by anyone except root and the owner.

This configuration behaves as expected when accessed by local users. E.g. A non-root, non-owner attempting to delete or move a file inside th ...

We have AWS accounts for dev, staging, and prod. We use AWS SSO via Okta, and define groups like "Developers" and "Support" in Okta.

Developer group should have broad access to our AWS dev account, but limited access in staging and prod. Support group should have AWS access as well, but also different permissions by account.

How can I allow group members to log in, then have suitable permissions dep ...

Using chmod, I accidentally changed everything in a bin folder and now sudo/su doesn't work.

I know rpm -q --whatprovides can provide which RPM provides a specific file. and rpm --setperms can restore everything provided by a RPM.

Is there a way to restore the permissions of all the files in a folder using rpm?

I'm having some serious trouble getting the official BigQuery client (in Python 3) to a different project in the same organization authorized from a Cloud Run service.

The Cloud Run service is in Project Main, and I'm trying to access a table in Project Other -- both of these projects are in the same organization.

The service account was a user-created service account created in Project Main (not th ...

I have some specific group/permissions set for my fail2ban.sock file to make Zabbix able to monitor Fail2ban as described here https://github.com/hermanekt/zabbix-fail2ban-discovery-

I added the following lines to systemd service configuration to make sure the permissions will be correct after service restart:

[Service]
ExecStartPost=/bin/sh -c "while ! [ -S /run/fail2ban/fail2ban.sock ]; do slee ...

Hi so I have a rewrite rule in order to control access to the admin page of a service behind a reverse proxy. I only want local ip's to be able to access it. So essentially if the condition does NOT match then we follow the rule and restrict access. However it seems the rewrite condition either never gets evaluated or doesn't match and I'm not sure which it is or how to check.

At the moment I h ...

It is easy to start a process at background or make it as systemd service.

However, if I want to start a process that monitors activities on the Linux machine, it fells to the target of attacks. If any user want to do something bad it will first kill this process, even if they are only sudoers or wheel users, by simply executing kill or systemctl stop.

Is there a way to enforce a process that only  ...

Consider you have a freshly installed Linux distro (maybe a new EC2 instance) and you are going to run a git clone on the /srv folder to host a website (maybe a PHP one).

How should you run the git clone so every created files and folder have the correct permission/groups? You are going to use an HTTP Server similar to Nginx to serve the website.

In this post the author has suggested this:

# 0. se ...