Several guys in our office have accounts on local linux(ubuntu) workstation (named local-server). But Just I have the account to access the remote samba server (named remote-server).
For security, I can not tell other guys my account and password information. But I want to share my mount point for them.
For example, I mount remote samba server on this path: /home/samba/. I want everyone on local-server can read/write '/home/samba' directory and its sub-directory. (However, I don't want to modify the remote file's permission mode)
How can I configure it? Thank you very much!
You can set the uid/gid to be different and therefore allow other users to read/write to your share. First create a local group, e.g. shareaccess and assign it to your users:
sudo addgroup shareaccess
sudo usermod -a -G shareaccess user1
Then mount the share:
mount.cifs -ouid=youruser,forceuid,gid=shareaccess,forcegid,file_mode=770,dir_mode=770,credentials=/etc/secret-cred //server/share /home/samba
Files and directory will appear to be owned by youruser:shareaccess locally with permissions ug=rwx.
If the server is a Samba (not Windows) server too and has Unix extensions enabled, file and directory permissions are set according to the server. This might or might not be desirable. You can disable Unix extensions for the mount by adding the nounix option, which will force the modes to be the ones specified at mount-time. Be aware that this will disable all Unix extensions, e.g. symlink support.
References:
mount.cifs man page
if you want to re-attach your mounted samba network shares, you can use the following:
sudo mount -a
Related
After trying to solve this for days, I want to ask for help here:
I want to make backups with rsnapshot, which usually runs on a server and manages local backups. In my case, I want to run rsnapshot on my computer and let rsnapshot manage my backups on an externel harddrive. This externel harddrive is connected to my raspberry pi and mounted to my computer with following command:
sudo sshfs -o default_permissions,allow_other,idmap=user,IdentityFile=/home/user/.ssh/id_rsa pi#192.168.0.1:/mnt/externelHdd /mnt/backupHdd
Here, /mnt/backupHdd is the local root for rsnapshots backup directory.
Additionally, I want to connect the external harddrive directly to my computer for bigger backup jobs. For this purpose I wrote a script, which mounts the external harddrive either locally or over network with upper command. Afterwards, it starts the rsnapshot job with sudo rsnapshot daily. When the harddrive is connected locally, everthing works fine. When it's connected over sshfs, I get permission denied errors.
Rsnapshot apperently is not allowed to manage files per sshfs, when the files/directories were created with physical connection (different users: local and rasppi). I tried to solve this with the option allow_other and idmap=user but I think there is more to do. So Im asking you guys: How can I give permissions to rsnapshot?
Thanks for any help!
edit:
I get the following error:
/bin/cp: cannot create directory '/mnt/backupHdd/daily.1': Permission denied
----------------------------------------------------------------------------
rsnapshot encountered an error! The program was invoked with these options:
/usr/bin/rsnapshot daily
----------------------------------------------------------------------------
ERROR: /bin/cp -al /mnt/backupHdd/daily.0 /mnt/backupHdd/daily.1 failed (result 256, exit status 1).
ERROR: Error! cp_al("/mnt/backupHdd/daily.0/", "/mnt/backupHdd/daily.1/")
daily.0 was created when the hdd was connected to my local computer. daily.1 should be created with my hdd mounted over sshfs.
I'm assuming your running rsnapshot as root and root owns the remote backup directory. This command:
sudo sshfs -o default_permissions,allow_other,idmap=user,IdentityFile=/home/user/.ssh/id_rsa pi#192.168.0.1:/mnt/externelHdd /mnt/backupHdd
Is not going to work out as I think you are intending. Even though you are using sudo on the local side of the connection, your still SSH-ing in as "pi" meaning everything done on the far side of the connection is done by the user pi. No option to sshfs can change this fact. You'd need to enable root login and then ssh in as root, or at least some user that has full R/W access to that drive.
FATAL: could not create lock file "/var/run/postgresql/.s.PGSQL.1111.lock": Permission denied
psql: could not connect to server: Connection refused
Is the server running on host "S01B01" (10.10.222.193) and accepting
TCP/IP connections on port 1111?
Could you please help me in getting a permanent fix for this.
postgresql.conf:
data_directory = '/apps/ins/router/pgdata'
hba_file = '/apps/ins/router/pgdata/pg_hba.conf'
pg_hba.conf:
host all ins 10.10.10.10 255.255.255.255 trust
host all ins 127.0.0.1 255.255.255.255 trust
Both socket directories for PostgreSQL (/run/postgresql and /var/run/postgresql) are temporary directories created at boot time. (The /var/run/postgresql is in fact usually a symbolic link to /run/postgresql).
With the advent of systemd, a new mechanism called systemd-tmpfiles has been introduced to manage temporary files and directories.
Systemd-tmpfiles creates temporary directories during boot and sets their owner, group and permissions. It may read configuration files in three different locations. Files in /etc/tmpfiles.d override files with the same name in /usr/lib/tmpfiles.d and /run/tmpfiles.d.
Check those configuration directories for PostgreSQL configuration, usually postgresql.conf. (You will most likely find it at /usr/lib/tmpfiles.d/postgresql.conf.) The file will contain something like the following line:
d /run/postgresql 0755 postgres postgres -
You can change permissions, owner and group by editing that line. The recommended way to make such changes, however, is not to directly edit files under /usr/lib/tmpfiles.d/, but to copy configuration files over to /etc/tmpfiles.d/, and make the necessary changes in that copy instead.
Another way to fix the issue is to relocate the PostgreSQL lock file location. We can do so by using below query
ALTER SYSTEM SET unix_socket_directories='<any-existing-path-with-valid-permissions>, /tmp';
I am trying to COPY a file into a table in PostgreSQL. The table owner is postgres and the file owner is postgres.
The file is in /tmp.
Still I am getting the error message:
could not open file "/tmp/file" for reading: Permission denied
I don't understand what I am doing wrong as all the posts I've found say that if I have the file in /tmp and owner is postgres then the COPY command should work.
A guess: You are using Fedora, Red Hat Enterprise Linux, CentOS, Scientific Linux, or one of the other distros that enable SELinux by default.
Either and on your particular OS/version the SELinux policies for PostgreSQL do not permit the server to read files outside the PostgreSQL data directory, or the file was created by a service covered by a targeted policy so it has a label that PostgreSQL isn't allowed to read from.
You can confirm whether or not this is the problem by running, as root:
setenforce 0
then re-testing. Run:
setenforce 1
to re-enable SELinux after testing. setenforce isn't permanent; SELinux will be automatically re-enabled on reboot anyway. Disabling SELinux permanently is not usually a good solution for issues like this; if you confirm the issue is SELinux it can be explored further.
Since you have not specified the OS or version you are using, the PostgreSQL version, the exact command you're running, ls -al on the file, \d+ on the table, etc, it's hard to give any more detail, or to know if this is more than a guess. Try updating your answer to include all that and an ls --lcontext of the file too.
COPY with a file name instructs the PostgreSQL server to directly read from or write to a file. The file must be accessible by the PostgreSQL user (the user ID the server runs as) and the name must be specified from the viewpoint of the server. (source: postgresql documentation)
So the file should be readable (or writable) by the unix user under which postgresql server is running (i.e not your user!). To be absolutly sure, you can try to run sudo -u postgres head /tmp/test.csv (assuming you are allowed to used sudo and assuming the database user is postgres).
If that fails, it might be an issue related to SELinux (as mentioned by Craig Ringer). Under the most common SELinux policy (the "targeted" reference policy), used by Red Hat/Fedora/CentOS, Scientific Linux, Debian and others... the postgresql server process is confined : it can only read/write a few file types.
The denial might not be logged in auditd's log file (/var/log/audit/audit.log) due to a donaudit rule. So the usual SELinux quick test apply e.g: stop SELinux from confining any process by running getenforce;setengorce 0;getenforce, then test postgresql's COPY. Then re-activate SELinux by running setenforce 1 (this command modify the running state, not the configuration file, so SELinux will be active (Enforcing) after reboot.
The proper way to fix that is to change the SELinux context of the file to load. A quick hack is to run:
chcon -t postgresql_tmp_t /tmp/a.csv
But this file labelling will not survive if hte filesystem is relabel or if you create a new file. You will need to create a directory with an SELinux file context mapping :
which semanage || yum install policycoreutils-python
semanage fcontext -a -t postgresql_tmp_t '/srv/psql_copydir(/.*)?'
mkdir /srv/psql_copydir
chmod 750 /srv/psql_copydir
chgrp postgres /srv/psql_copydir
restorecon -Rv /srv/psql_copydir
ls -Zd /srv/psql_copydir
Any file created in that directory should have the proper file context automatically so postgresql server can read/write it.
(to check the SELinux context under which postgres is running, runps xaZ | grep "postmaste[r]" | grep -o "[a-z_]*_t", which should print postgresql_t. To list the context types to which postgresql_t can write, use sesearch -s postgresql_t -A | grep ': file.*write'. the command sesearch belong to the setools-console RPM package).
Netbean is great and I use it with FTP remote connection all the time. However, one of my client currently only have a SSH connection. Is there anyway to connect to it and up/down files?
Like it was mentioned, SFTP is supported in Netbeans by default.
So select "remote connection" in your project's run configuration and use your SSH connection information (host, login and pass). You don't have to provide any private key file.
I've had luck using sshfs (ssh file system) on ubuntu. I create created a mount folder in my home folder and run the following
$ sshfs domain\\user#server:/path/to/remote/folder ~/mount/local-mount-point
From there I start a new (or existing) project in Netbeans at that local folder ~/mount/local-mount-point
For a nicer set up, do a key exchange between your local box and the server (ssh-copy-id) for password-less ssh connections. Then, put the above command line in your .bashrc file.
I do the same as Richard.
In general is easier just to mount the remote filesystem and use netbeans in the mounted directory.
I just do the following :
sudo sshfs -o allow_other root#www.khosmos.com:/var/www/html /mnt/droplet/
I have only one user (say "goodk") that can accept SSH connections. So, I am not able to use Tramp to edit files which are accessible to other users than the one that accepts SSH connection. How can I achieve this?
How I do this currently:
I use terminal. From terminal I login to user "goodk". Then I switch user using su or sudo.
Have you checked:
How can I use Emacs Tramp to double hop ssh?
or
http://jeremy.zawodny.com/blog/archives/000983.html
or
http://codesnippets.joyent.com/posts/show/366
To the remote server the files are being read/written by the user that connects via ssh. If the files to be modified are owned by a different user then they will need to be readable/writable by the ssh user.