I configured in /etc/mongod.conf to enforce keyfile access control, in security option enabled, keyFile is /root/dbtest.key (the absolute path of keyfile). I already gave the ownership to mongodb user by chown, and granted 400 permission on that dbtest.key file.
But mongod keeps failing to start, after checking log, the error is Error reading file /root/dbtest.key: Permission denied. After checking the ownership and permissions on dbtest.key
Which means I already granted correctly. So I don't know at which step I did wrong
Related
In my setting I want the user www-data to be able to run linphonec, but there's one error in my way, that I don't know how to handle so far.
When starting linphonec as user www-data:
sudo -u www-data /usr/bin/linphonec
I get the error:
bctbx-error-bctbx_file_open: Error open Permission denied
Where do I have to give permission to user www-data for this to work?
When running it as root there's no problem but I don't want to give www-data root rights.
My setting is:
RaspberryPi 3/4,
with newest Raspian OS,
newest version of "linphonec-cli" installed
raspbi is only accessible in local network and router blocks outgoing calls from it to prevent missuse.
After checking with strace I realized thet the issue must be somewhere else, since I couldn't find a single EACCES error in the strace log.
The root of the error was in my basic configurations file (linphonerc) that I copied over from another existing user. I changed the root_ca directory (after copying the files to the new location and changing rw-rights and ownership). After that linphonec runs without the error when starting with -c parameter and path to linphonerc file.
So the reason was most likely that wrong/unreachable root_ca= configuration.
I need some advice on MongoDB Log path permission. Currently, I have 755 permission
on /var/log/mongodb . Our internal auditing will not allow having 755 permission on base folder /var/log..
When i change it to 640, my Mongod process failing with permission error even though my /var/log/MongoDB has 755 privilege.
Again I switch back /var/log to 755 I can able to start my mongod process. is it known behavior.
Kindly advice I need to give a rationale for possible mitigation to get overriding approval
You can have 640 for /var/log and 755 for /var/log/mongod.log. But you have to start mongod as a root user.
I got “Permission denied (publickey)" using:
ssh $USERNAME#my-ip
Things I’ve done:
Using Public/Private Key authentication, I can login to the server as root.
I created a user in the sudo group
I confirmed that my created user has sudo priveleges as I viewed auth.log successfully (sudo cat /var/log/auth.log)
I thought it was possibly because my server was unable to identify which key to use, as I have created multiple keys, so I specified which key to use:
ssh -i /path/to/key/id_rsa $USERNAME#my-ip
I got "Permission denied (publickey)" again.
I figured it out! Turns out I was missing an 's' in 'ssh' at the beginning of my authorized_keys file in my user. :) I also matched the permissions between the root and user authorized_keys files, though not sure if this helped truly.
After installing yii2, I got the following error.
Some suggests that I should give full permissions to IIS_IUSRS but still to no avail.
You shouldn't need to set the permissions to 777, that is a security problem as it gives read and write access to the world.
It may be that your apache user does not have read/write permissions on the directory.
If you use Ubuntu do this :
Make sure all files are owned by the Apache group and user. In Ubuntu it is the www-data group and user
chown -R www-data:www-data /path/to/webserver/www
Next enabled all members of the www-data group to read and write files
chmod -R g+rw /path/to/webserver/www
The php mkdir() function should now work without returning errors
Running a Kestrel server managed by systemd using www-data user. When trying to send an email using MailKit with TLS enabled I get the following error message:
System.UnauthorizedAccessException: Access to the path '/var/www/.dotnet/corefx/cryptography/crls' is denied. ---> System.IO.IOException: Permission denied
One solution possibly is to set a home directory for www-data, but that seems counter intuitive.
The call stack indicates that the code (MailKit or one of its dependencies) is trying to build and access a certificate cache.
You can manually create the directory and grant the necessary permissions.
Don't modify /var top directory as that's crazy.
First, you need to recursively create the directory:
mkdir -p /var/www/.dotnet/corefx/cryptography/crls
and give rights to www-data group
(if this is the group that runs your service)
sudo chgrp www-data /var/www/.dotnet/corefx/cryptography/crls