I'm using the fleximage plugin with a rails application. It throws an error message because it doesn't have access to the tmp directory. When I chmod 777 the tmp directory everything works fine. But if I chmod 666 it doesn't work.
What are the proper permissions for folder that needs to be accessed by rails/apache? if chmod 777, am I opening a security hole? wouldn't 777 give execute privileges?
Also, currently the owner of the tmp folder is root, should this be changed to www-data? Why would it matter who the owner of the folder is?
For a folder, the execute permission is what you need to be able to cd into it, it has nothing to do with executing programs.
Changing the owner to www-data is much safer, then you can use the 700 permission - meaning that only www-data can use this folder. With 777, www-data can also use it -- but so can everyone else which is not what you want (if this is an application-specific tmp folder that is, don't change the owner of /tmp).
Related
Due to some reason some of files were locked in xcode, which i resolved through the this solution.
but even after that i keep getting this error
****The file “project.pbxproj” could not be unlocked.**
Could not add write permission to the file because you do not own it. Try modifying the permissions of the file in the Finder or Terminal.**
I have also tried unlocking it through above method and it is not working, also i'm not even able to close the project and when i force close it, next time all the previous changes are gone.
Permission problem Try
sudo Chmod 777 .
"Could not add write permission to the file because you do not own it"
This means that the project was created by a different user. Log as that user, or if you cannot, create a "test.txt" file next to the file you can't unlock.
Open Terminal, go to the folder where the project resides, and run a command such as
ls -la test.txt project.pbxproj
You should see a list such as:
-rw-rw-r-- 1 dakkar users 434 Nov 23 12:17 project.pbxproj
-rw-r--r-- 1 lserni users 1 Nov 25 00:14 test.txt
Now, the "-rw-r--r--" is the permission. You just created test.txt, so those are the correct permissions from the GUI. r counts for 4, w counts for 2, x counts for one; rw-r--r-- is therefore 6,4,4. In the example, project.pbxproj is 6,6,4.
So the two commands you need are
sudo chown lserni:users project.pbxproj # To set ownership
sudo chmod 644 project.pbxproj # To set permissions
If you are in the project directory and are absolutely, utterly, deadly sure that nothing there or in its subdirectories should belong to anyone but you, then you can mass-change ownership of the directory, its subdirectories and all they contain:
sudo chown lserni:users -R .
If you do the above in the wrong directory (not yours, not a project directory, etc.), the -R (recursive) flag is a recipe for disaster, so be careful.
Just in case, remember that directories must have all x's set, so what is 644 for a file would become 755 for a directory.
When finished, you can delete the example file 'test.txt' - actually you can do that as soon as you have written down what the correct ownership and permissions should be.
I wanted to know how can I set right permission for my file /log/production.log? Everyone is saying just use chmod or chown but no one explains what I should wright after these commands. I am beginner and would appreciate if you could explain.
In my particular example I have rails app on production server where I need to set permission to production.log file in /var/www/my_app/log/ directory.
Here is what documentation is asking from me:
By default, Phusion Passenger runs Rails applications as the owner of
config.ru. So the log file can only be written to if that user has
write permission to the log file. Please chmod or chown your log file
accordingly.
Hope you can help. Thanks.
Try chmod 0660 production.log and take a look at this explanation/diagram of chmod.
chmod allows change the permissions of a file or a directory. Exists three basic permissions (read,write,execute) for three differents groups (owner,group,other).
chown allows change who is the owner of a file or a directory.
I recommend you use chmod 640. Looking the syntax of chmod here you're defining the production.log's owner (usually root) can read and write this file. If you want, you can give read-access for all users of the same group of the owner. But you shouldn't offer permissions for other people, even less in a production environment.
I would create a deploy user for your application, say myapp (doesn't particularly matter what the name is). The use this user to deploy/manage your application. Assuming username myapp
chown -R myapp:myapp /var/www/my_app
and then restart nginx/passenger. This will cause passenger to run as the myapp user, and allow it to write logs under the logs directory. (Also make sure that you don't have /var/www as the docroot, accessible outside of passenger as it can cause information leakage)
another option, if the server isn't shared, is that you can run as the www user. so
chown -R www:www /var/www/my_app
which should allow the process to write to your logs.
Question basically says it all. When I try to access my calendar page (which contains events), I get the following error:
Permission denied - /Users/usernam/sitter/tmp/cache/assets/development/sass
(in /Users/username/sitter/app/assets/stylesheets/events.css.scss)
i've done a chmod 777 on all directories in my rails directory (i.e in myapp directory, i've done chmod 777 *).
Not sure what I should be doing instead or in addition.
Add a -R to your chmod. Simply adding the star will only do the files. Chmod -R 777 * should work. Although you may have some ownership issues that need to be addressed. I would look into using chown instead of granting all access to everyone.
I just deployed a Rails 3 app with Ruby 1.9.2. I have been getting several errors.
application.css wasn't compiled. so I set pre compilation in production.rb to false;
Then I got: cannot generate tempfile, so I did rake tmp:clear;
And now I get ActionView::Template::Error (Permission denied - /srv/www/appname/tmp/cache/assets): and I haven't been able to fix this one.
Please help.
If the user:group running your web server is http:http and it's running on *nix, do this:
sudo chown -R http:http /srv/www/appname/
Also, silly question, but does /tmp/cache/assets exist?
And, if so, as #leonel points out, you may also need to change the permissions:
chmod 777 /srv/www/appname/tmp/cache
Be careful setting 777 permissions on anything. Only do this to verify a permissions issue, then reset to the most minimal permissions necessary.
Most likely you're running your app under apache passenger.
You have to change the owner of config/environment.rb to somebody who has permissions to your app's folder.
chown -R www-data:www-data /path/to/app
Make the tmp folder of your project writable:
chown -R group:user /path/to/rails/app/tmp
chmod -R 777 /path/to/rails/app/tmp
In your console, run rake tmp:cache:clear
Restart your application.
You probably didn't create your Rails application with the user running the server now. Can you paste the output of ls -alh /srv/www/appname/tmp/cache/assets and tell us the user running the webserver ?
Now for those of us that are using windows
- If you are an administrator and see this error
ActionView::Template::Error (Permission denied # utime_failed) C:/User/..../tmp/cache/assets/sprochets/v3.0/E5/E5PZx-mq8.cache
Then it is Permission and Ownership setting issue on Windows.
You can go to the tmp folder on your application and give yourself(User) permission to **Read, Write and Execute ** on the folder.
Click [here][1] to view how to give permissions.
Quick Fix. Open your terminal and run the following command as an administrator
takeown /f <location of your app tmp folder> /r /d y
Then Restart your server.
I encountered this error recently. Apache was not able to write to tmp directory
cannot generate tempfile
/tmp/RackRewindableInput2xxxxxxxxxxxxxxxxx'
/app-lib/lib/ruby/1.8/tempfile.rb:52:ininitialize'
app-dir/vendor/gems/rack-1.0.1/lib/rack/rewindable_input.rb:73:in new'
app-dir/vendor/gems/rack-1.0.1/lib/rack/rewindable_input.rb:73:inmake_rewindable'
app-dir/vendor/gems/rack-1.0.1/lib/rack/rewindable_input.rb:26:in read'
app-dir/vendor/gems/rack-1.0.1/lib/rack/request.rb:134:inPOST'
I checked permission of tmp directory and it had permission to all groups to write to it.
I changed owner of tmp directory and it didn't resolve the error either.
The culprit was tmp directory was filled with too many large files, and looks like somehow apache didn't had enough space to write this new file.
Cleared all temp and old files. It sorted out the issue.
We need to grant permissions to access the required directory for the system root user
sudo chmod 777 -R your_project_directory_to_be_access
In your case you can use:
sudo chmod 777 -R /srv/www/appname/tmp/
For security reasons, just keep in your mind:
chmod 777 gives everybody read, write and execute rights which for most problems is definitively too much.
I think a better solution without giving everyone manage rights to tmp folder is like that:
sudo rake tmp:cache:clear
This will clear the temp folder and when you run rails server again it won't give error.
In my localhost it gave this error, and the command chmod 777 C:/Sites/project_name/tmp/cache/ solved my problem.
Most probably you gave permission to your app's main folder read and execute mode. However, in order to generate new files from your app, you also need to give write permission for required folder. For example: yUML uses tmp folder for generating files. I gave tmp folder write permission:
chmod -R 777 /usr/share/nginx/html/yuml_product/tmp
solved my problem.
Running Ubuntu 10.04 on Linode, RVM, Rails 3, Apache with Passenger module, carrierwave and mini-magick
I get:
Rails Error: Unable to access log file. Please ensure that /srv/www/mysite.com/testapp/log/production.log exists and is chmod 0666. The log level has been raised to WARN and the output directed to STDERR until the problem is fixed.
and Errno::EACCES (Permission denied /srv/www/mysite.com/testapp/public/uploads/tmp/20110517-1707-2938-6455):
I ran chmod -R root:root /srv/www/mysite.com/testapp
Then: chmod -R www-data:www-data /srv/www/mysite.com/testapp & chmod -R www-data:www-data /srv/www/mysite.com/testapp/public/uploads
Since the only 2 directories that should be writable is the log files and uploads directory I tried to secure the rest. Are there any other folders / files that I need to make writable?
Permissions on web sites is a little strange: on the one hand, the content needs to be readable by the webserver and FastCGI or Passenger or whatever executes the (in this case, Ruby) code. On the other hand, if the webserver user owns the files, then a hacked webserver or (more likely :) your code could modify the executable files and static files that are your website. It happens too often.
If the content of the website is owned by some other user, not writable by the web server software, then the website can not be overwritten by attackers. (Of course, you have a few open sockets to a database connection; all the database backed data can be corrupted by attackers. Also, any directory where you allow uploads could be corrupted by attackers. But the goal is to reduce the privileges of the software as far as reasonable.)
So, all that said, on to your specific question; your webserver software runs as www-data, and it makes sense for your log files and upload directory to be owned by www-data:
mkdir -p /srv/www/mysite.com/testapp/log/ # might not exist yet
chown -R pcasa:pcasa /srv/www/mysite.com/ # or some other user
chmod 755 /srv/www/mysite.com
chmod 755 /srv/www/mysite.com/testapp/
# populate the app directory with your files, if you haven't done so already
chown -R www-data:www-data /srv/www/mysite.com/testapp/log
chmod 755 /srv/www/mysite.com/testapp/log # see notes
chmod 644 /srv/www/mysite.com/testapp/log/* # see notes
I made the assumption that all users on your system can read the log. This might not be true. Use 700 in place of 755 and 600 in place of 644 if you don't want all system users to read the log files.
Next, for your uploads directory:
mkdir -p /srv/www/mysite.com/testapp/public/uploads/tmp # might not exist yet
chown -R www-data:www-data /srv/www/mysite.com/testapp/public/uploads
chmod 755 /srv/www/mysite.com/testapp/public/uploads
chmod 755 /srv/www/mysite.com/testapp/public/uploads/tmp
Again, I've made the assumption that all users on your system can be able to see all the uploaded content. Use 700 in place of 755 if you just want the webserver software to be able to read the files.
These are simple guidelines that should work; you can get more complicated if you want to keep the website software and content shared only between the user that owns the website and the user that runs the website, by running the webserver with a supplementary group (see newgrp(1) and group(5) manpages for details) and giving the files the same group owner, and using the group permission bits (the middle octal number: 750 vs 700). It's complicated enough that unless you've got a good reason, it's probably not worth going down this route. (Definitely worth doing once on a development machine somewhere, just so you're familiar enough with it that you can use it in the future. :)