I am trying to configure an user account using one cloud-init yaml file that include a call to write_files module, like this:
write_files:
#passwd file for vncserver
- path: /home/ubuntu/.vnc/passwd
owner: ubuntu:ubuntu
permissions: '0600'
defer: true
encoding: b64
content: bmtzZGN1eQo=
The file is created as expected, but the problem is that the parent directory is owned by root, and not by ubuntu user.
$ ls -la .vnc/
total 12
drwxr-xr-x 2 root root 4096 Dec 20 16:24 .
drwxr-x--- 5 ubuntu ubuntu 4096 Dec 20 16:24 ..
-rw------- 1 ubuntu ubuntu 8 Dec 20 16:24 passwd
I tried to manually create the /home/ubuntu/.vnc/ directory prior to create the passwd file to be able to set the ownership of the directory, just to find that documentation of write_files does not explain how to create (empty) directories.
I know that I could do this using runcmd module to insert a command like this:
runcmd:
- mkdir --mode 0600 --parents /home/ubuntu/.vnc
- echo bmtzZGN1eQo | base64 -d > /home/ubuntu/.vnc/passwd
- chmod 0600 /home/ubuntu/.vnc/passwd
but this seems to be too complex to do such small task.
It is possible to use write_files module to create directories or change ownership/permission of existing directories?
Related
On my system, /home and /etc have exactly the same permissions:
$ ls -ld /home /etc
drwxr-xr-x 67 root root 4096 Nov 13 15:59 /etc
drwxr-xr-x 3 root root 4096 Oct 18 13:45 /home
However, Postgres can read one, but not the other:
test=# select count(*) from (select pg_ls_dir('/etc')) a;
count
-------
149
(1 row)
test=# select count(*) from (select pg_ls_dir('/home')) a;
ERROR: could not open directory "/home": Permission denied
Even though the user the DB is running as can, in fact, run ls /home:
$ sudo -u postgres ls /home > /dev/null && echo "ls succeeded"
ls succeeded
What is going on?
My postgres version is 11.5, running on Arch Linux.
I figured it out, it is because Arch's bundled postgresql.service file set ProtectHome=true, causing systemd to use Linux mount namespaces to block the postgres processes from accessing /home.
I'm trying to copy a number of files and folders to a docker image build from my localhost.
The files are like this:
folder1/
file1
file2
folder2/
file1
file2
I'm trying to make the copy like this:
COPY files/* /files/
However, all of the files from folder1/ and folder2/ are placed in /files/ directly, without their folders:
files/
file1
file2
Is there a way in Docker to keep the subdirectory structure as well as copying the files into their directories? Like this:
files/
folder1/
file1
file2
folder2/
file1
file2
Remove star from COPY, with this Dockerfile:
FROM ubuntu
COPY files/ /files/
RUN ls -la /files/*
Structure is there:
$ docker build .
Sending build context to Docker daemon 5.632 kB
Sending build context to Docker daemon
Step 0 : FROM ubuntu
---> d0955f21bf24
Step 1 : COPY files/ /files/
---> 5cc4ae8708a6
Removing intermediate container c6f7f7ec8ccf
Step 2 : RUN ls -la /files/*
---> Running in 08ab9a1e042f
/files/folder1:
total 8
drwxr-xr-x 2 root root 4096 May 13 16:04 .
drwxr-xr-x 4 root root 4096 May 13 16:05 ..
-rw-r--r-- 1 root root 0 May 13 16:04 file1
-rw-r--r-- 1 root root 0 May 13 16:04 file2
/files/folder2:
total 8
drwxr-xr-x 2 root root 4096 May 13 16:04 .
drwxr-xr-x 4 root root 4096 May 13 16:05 ..
-rw-r--r-- 1 root root 0 May 13 16:04 file1
-rw-r--r-- 1 root root 0 May 13 16:04 file2
---> 03ff0a5d0e4b
Removing intermediate container 08ab9a1e042f
Successfully built 03ff0a5d0e4b
Alternatively you can use a "." instead of *, as this will take all the files in the working directory, include the folders and subfolders:
FROM ubuntu
COPY . /
RUN ls -la /
To merge a local directory into a directory within an image, do this.
It will not delete files already present within the image. It will only add files that are present locally, overwriting the files in the image if a file of the same name already exists.
COPY ./local-path/. /image-path/
I could not get any of these answers to work for me. I had to add a dot for the current directory, so that the working docker file looks like:
FROM ubuntu
WORKDIR /usr/local
COPY files/ ./files/
Also using RUN ls to verify wasn't working for me and getting it to work was looking really involved, a much easier way to verify what is in the docker file is to run an interactive shell and check out what is in there, using docker run -it <tagname> sh.
If you want to copy a source directory entirely with the same directory structure,
Then don't use a star(*). Write COPY command in Dockerfile as below.
COPY . destinatio-directory/
I'm writing my own logrotate configuration for some web application:
/home/me/public_html/logs/*.log {
daily
missingok
rotate 15
compress
delaycompress
notifempty
create 0660 me www-data
nosharedscripts
}
But running logrotate for these files results in:
$ sudo logrotate -d -v *.log
Ignoring logfile1.log because of bad file mode.
Ignoring logfile2.log because of bad file mode.
Ignoring otherlogfile.log because of bad file mode.
Handling 0 logs
$ ls -l
-rw-rw---- 1 me www-data 893584 Jan 27 16:01 logfile1.log
-rw-rw---- 1 me www-data 395011 Jan 27 16:01 logfile2.log
-rw-rw---- 1 me www-data 4949115 Jan 27 16:01 otherlogfile.log
Is this related to the file permissions of the actual logfiles in the directory of to the permissions specified with create 0660 me www-data?
If I change the filepermissions to -rw-r----- and the create line to
create 0640 me www-data
I get
$ sudo logrotate -d -v *.log
Ignoring logfile1.log because the file owner is wrong (should be root).
Ignoring logfile2.log because the file owner is wrong (should be root).
Ignoring otherlogfile.log because the file owner is wrong (should be root).
Handling 0 logs
My system is a debian testing/jessie.
Ok, stupid situation. The logrotate command has to be executed on the configuration file instead of the log file.
$ sudo logrotate -d -v /etc/logrotate.d/my-app
It seems to be important that the parent directory of the logfile is not world writable (------rw-) and not writable by any non root group (---rw----). Otherwise, you will see:
error: skipping "/home/me/public_html/logs/logfile1.log" because parent
directory has insecure permissions (It's world writable or writable by
group which is not "root") Set "su" directive in config file to tell
logrotate which user/group should be used for rotation.
i'm on CentOS 6.5 now,
installed mod_evasive some time ago but email notify and logging never worked...
into messages log i have many lines like this...
mod_evasive[4548]: Couldn't open logfile /var/log/httpd/evasive/dos-157.xxx.xxx.xxx: Permission denied
on CentOS I thought that the owner of the directory /var/log/httpd/evasive should be "apache" and that is with 755..
no way...
then, mailx is already installed and updated... someone says to see into mod_evasive20.c but i can't find this mod_evasive20.c file on my CentOS... where can be? is it possible to send with sendmail instead of mailx? thanks
On CentOS /var/log/httpd has permission 700 and is owned by root, so you need to move /var/log/httpd/evasive to /var/log/evasive and do:
chown 0:apache /var/log/evasive
chmod 770 /var/log/evasive
If you use SELinux:
semanage fcontext --add -t httpd_sys_rw_content_t "/var/log/evasive(/.*)?"
restorecon -r /var/log/evasive
And add this line to /etc/httpd/conf.d/mod_evasive.conf:
DOSLogDir /var/log/evasive
Ok, you're facing two problems, first file permission to mod_evasive logdir and second the mail command isn't found.
1) file permission to "DOSLogDir"
You must ensure the apache's user has execute and write permissions through the whole directory tree to target "DOSLogDir".
See this example from an ubuntu system
root#ubuntu:/var/log# ll
drwxr-xr-x 3 root adm 4096 Mar 10 14:06 apache2/
root#ubuntu:/var/log# ll apache2
drwxrwxr-x 2 root www-data 4096 Mar 10 14:25 mod_evasive/
root#ubuntu:/var/log# ll apache2/mod_evasive/
-rw-r--r-- 1 www-data www-data 5 Mar 10 14:25 dos-172.16.245.1
-rw-r--r-- 1 www-data www-data 5 Mar 10 14:19 dos-172.16.245.129
2) access mail binary
The mail binary is defined in mod_evasive20.c indeed, row 45 :
#define MAILER "/bin/mail %s"
Try to get a symlink on mailx to be used by mod_evasive
ln -s $(which mailx) /bin/mail
understood,
for whom have the same problem hope this helps...
if mod_evasive is not able to write on the dir it doesn't even send the email
so commented out the DOSLogDir and so it writes to tmp...
don't know if can use another directory but for the moment problem is solved
I had faced the same issue while creating new project into the centos7.
ErrorLog /var/log/httd/mydomain_error.log
CustomLog /var/log/httpd/mydomain_access.log
Solution:
You need to disable the SELinux and Your issue will be resolved.
FOr that you need to follow the following steps.
1) Check the SELinux Status
sestatus
OutPut will be like this
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31
2) Disable SELinux
You can temporarily change the SELinux mode from targeted to permissive with the following command:
sudo setenforce 0
You can see more here : https://linuxize.com/post/how-to-disable-selinux-on-centos-7/
By following the official instructions http://www.mongodb.org/display/DOCS/Quickstart+Unix and this post http://blog.phy5ics.com/2010/03/27/installing-mongodb-on-mediatemple-dv/ I've just about managed to get mongodb installed on MediaTemples DV 4.0 server (I think).
I am however having problems installing the PHP driver http://www.mongodb.org/display/DOCS/PHP+Language+Center
In SSH I get this:
[root#xxx]# cd /var/tmp
[root#xxx]# pecl install mongo
downloading mongo-1.1.4.tgz ...
Starting to download mongo-1.1.4.tgz (68,924 bytes)
.................done: 68,924 bytes
18 source files, building
running: phpize
Configuring for:
PHP Api Version: 20090626
Zend Module Api No: 20090626
Zend Extension Api No: 220090626
/usr/bin/phpize: /var/tmp/mongo/build/shtool: /bin/sh: bad interpreter: Permission denied
Cannot find autoconf. Please check your autoconf installation and the $PHP_AUTOCONF environment variable. Then, rerun this script.
ERROR: `phpize' failed
I am logged in as the root user - I don't understand why it's failing and what steps I need to take to install the PHP driver?
Thanks
Run the following commands on your server's command line:
$ mkdir /root/tmp
$ mount --bind /root/tmp /tmp
$ umount /tmp; umount /var/tmp
$ pecl install mongo
A few things:
/root/tmp is just an arbitrary temp directory. You can use whatever you want, provided it exists.
Some instructions say to use --host instead of --bind. On RHEL/CentOS mount says --host is an unrecognized option.
If you're on a VM, it's likely that you'll have to do this each time you restart your VM/Container.
For Media Temple customers, I can confirm that this works on both (dv) and (ve) servers with CentOS 5 and 6.
From media temple support: Need to create a temporary directory (/root/tmpz):
$ mkdir /root/tmpz
$ mount --host /root/tmpz /tmp
$ umount /tmp; umount /var/tmp
$ pecl install mongo
Build complete.
Don't forget to run 'make test'.
running: make INSTALL_ROOT="/var/tmp/pear-build-root/install-mongo-1.1.4" install
Installing shared extensions: /var/tmp/pear-build-root/install-mongo-1.1.4/usr/lib64/php /modules/
running: find "/var/tmp/pear-build-root/install-mongo-1.1.4" | xargs ls -dils
69094140 4 drwxr-xr-x 3 root root 4096 Feb 22 13:40 /var/tmp/pear-build-root/install-mongo-1.1.4
69275176 4 drwxr-xr-x 3 root root 4096 Feb 22 13:40 /var/tmp/pear-build-root/install-mongo-1.1.4/usr
69275177 4 drwxr-xr-x 3 root root 4096 Feb 22 13:40 /var/tmp/pear-build-root/install-mongo-1.1.4/usr/lib64
69290445 4 drwxr-xr-x 3 root root 4096 Feb 22 13:40 /var/tmp/pear-build-root/install-mongo-1.1.4/usr/lib64/php
69290447 4 drwxr-xr-x 2 root root 4096 Feb 22 13:40 /var/tmp/pear-build-root/install-mongo-1.1.4/usr/lib64/php/modules
69290448 676 -rwxr-xr-x 1 root root 684126 Feb 22 13:40 /var/tmp/pear-build-root/install-mongo-1.1.4/usr/lib64/php/modules/mongo.so
Build process completed successfully
Installing '/usr/lib64/php/modules/mongo.so'
install ok: channel://pecl.php.net/mongo-1.1.4
configuration option "php_ini" is not set to php.ini location
You should add "extension=mongo.so" to php.ini
Do you have php-dev installed? phpize is basically "compiling" the MongoDB driver, but unless you have the -dev installed, this may not work.