chown interview questions

Top chown frequently asked interview questions

How to use set-user-ID bit on directories?

I want all files in directory /home/alex/foo to be owned by alex, no matter who creates them. I'm trying this technique, but it doesn't work (on CentOS 5, under root):

$ cd /home/alex
$ mkdir foo
$ chmod u+s foo
$ chown alex foo
$ ls -al . | grep "foo"
drwsr-xr-x  2 alex root      4096 Nov 14 14:18 foo
$ echo "test" > foo/test.txt
$ ls -al foo
total 12
drwsr-xr-x  2 alex root   4096 Nov 14 14:19 .
drwxr-x--- 13 alex root   4096 Nov 14 14:18 ..
-rw-r--r--  1 root root      6 Nov 14 14:19 test.txt

As you see, the file is owned by root, but should be owned by alex. What am I doing wrong?

Source: (StackOverflow)

Limit sudo to only one directory and it's subdirectories by sudoers file

So I would like to limit Apache to only change permissions in a certain folder and all of it's sub-directories, so this is what I have in my sudoers file

apache ALL= (ALL) NOPASSWD: /bin/chmod -R [g+ws] /var/www/sites/[a-z]+

But that does not appear to work. I sure I could get it to work by removing the restriction on the subfolder, but that seems dangerous as it would give a potential hacker unlimited access.

So is there a way to limit apache to only change files and folders within the "sites" folder or am I stuck giving unlimited access with chmod / chown?

Are there any big security holes using this approach?

Source: (StackOverflow)

How to give ownership to root without being root ? (needed for Apache)

I've got a PHP script that creates a folder on my server. This folder is supposed to be accessed via Apache, and users can view it online.

Now if I create this folder while being root, everything works as it should, I can view the html/php when going on the website.

If I create this folder while being the user Apache (or running my script), I can create the folder, put all the files inside but when I got on my webpage, it displays:

You don't have permission to access / on this server.

Now I don't know that much about Apache, but for me the easiest solution is to give ownership of my folder to root. I try typing:

chown root:root /blabla/myfolder

and it writes:

chown: changing ownership of 'myfolder/': Operation not permitted

Why is that ?

Thank you

Source: (StackOverflow)

sshfs permission denied even for root user

I use sshfs to mount a remote folder from another server to the local server. Mounting the remote folder works without a problem using the following command:

sshfs -o allow_other someServerFromSSHConfig:/home/data/somefolder/ /some/local/folder

The problem is that I cannot change the owner of the files using chown (regardless of root permissions) I always get:

chown: changing ownership of ‘/somefolder/file.img’: Permission denied

The user that accesses the folder is member of the fuse group. Even if I add additional mount options in sshfs to set the owner as userx:groupx I cannot change permissions using userx and using chown -R userx:groupx [...]

I expect to be able to set user permissions for files in mounted folders but this is not the case.

Source: (StackOverflow)

Using chown to change the group owner of a directory is not permitted....Why?

I am trying to execute chown on a directory that has the following permissions and owners:

drwxrwxr-x 2 justin devs  4096 Jan  1 20:42 test

I am trying to simply execute the following as the justin user:

chown justin:nginx test

So basically just change the group owner to nginx, but I am getting:

chown: changing ownership of `test/': Operation not permitted

Any ideas?

Source: (StackOverflow)

Unix Group Permissions

I have created a directory and chown to have permissions master:webmaster and chmod the folder to 775 hence group writeable. So why is it i bert as a member of webmaster cant mv the directory or create a file inside the directory.

Source: (StackOverflow)

ls permission denied even with execute permissions

I chowned recusively /srv/site to www-data:www-data and chmodded it recursively with ug+rwx. I then added myself to group www-data.

$ sudo usermod -a -G www-data cyrus
$ sudo chgrp -R www-data /srv/site
$ sudo chmod -R ug+rwX /srv/site

However, why do I still get permission denied?

$ ls /srv/site
ls: cannot open directory /srv/site: Permission denied

$ cd /srv; ls -la   
total 12
drwxr-xr-x  3 root     root     4096 Aug 13 02:42 .
drwxr-xr-x 24 root     root     4096 Aug 11 21:20 ..
drwxrwx--x 10 www-data www-data 4096 Aug 13 02:42 site

Source: (StackOverflow)

Cannot login to Solaris due to chown on /usr directory

Someone ran "chown -R username /usr" and now I have no way of logging into the box to change it back. SSH has been disabled, X Server won't start so I have no graphical GUI, and the console login keeps saying "Login Incorrect" when I try to login. I don't have the exact message next to me, but it says some files within the /usr directory are not owned by root, which leads me to believe the chown was the problem that caused this.

I can change the ownership back if I can just get into the command prompt somehow. Does anyone have any ideas how I could get a command prompt from this?

The box is a Dell T310 server running Solaris 10 (10/09 version).

Source: (StackOverflow)

Cross-group file permissions in Linux

I have 2 users: Alice and Bob and 2 groups: Management and Personnel. Alice has primary group Management, and secondary groups Personnel and Alice. Bob has primary group Personnel and secondary group Bob.

Now they both need read/write access to the local Subversion repository in /var/svn/new-project/. The problem is that when Alice commits to the repository Bob can't commit to it anymore, due to the fact that he's not in Management group, which is Alice's primary group.

My question: how to enable both to read and write to the repository without messing up the permissions, while keeping them in separate primary groups, without chmod'ing the repo dir to 777 and without running a cronjob which fixes the permissions every minute?

Source: (StackOverflow)

Make files editable for guests without using chmod

Sorry if this is the wrong place to post this, or if it has been posted before. I couldn't find anything though.

If I log on to a linux server without supplying a username or password (from windows through samba), what user am I logged on as? The reason I'm asking is because I want to make that user an owner of the files, so that he/she can change the files without the need for me as an administrator to make it writeable to all. I know there is no sense in what I'm trying to do, but it's a very special case scenario. The limitation I have is that I may not change the files through chmod in any way, yet the files needs to be editable by a guest. Is this possible, assuming the files are editable by the owner (755)?

Source: (StackOverflow)

What could cause *every* command in RHEL to be executed by root?

Recently I was asked to look at a system for a "friend" that left me completely stumped. Their original problem stated to me:

  1. They have a RHEL 5.10, gnome desktop fairly typical install
  2. They are having trouble running a Retina scan
    • They claim Retina could not ssh in and start the scan

This is what I found, after checking out their firewall, tcp wrappers, sshd config, sudoers, etc.

Any command you run that references a user appears to always reference root instead. Some examples:

  • desktop login as user 'scan' & you are actually logged in as root
  • ssh login does the same thing. whoami and who am i both return root
  • run chown -R scan.scan /home/scan results in all file ownerships to be = root:scan

There are no sticky bits set on programs in /usr/bin or /bin or /sbin other than what one would normally expect to see.

This problem is so odd, I don't even know what search terms to use.

Half-baked ideas welcome.

@Matthew Ife: The user id of scan is 501, but getent passwd scan returns:


Source: (StackOverflow)

Basic clarification about Limited FTP/sFTP users

I would like to get some clarification about the correct way to create limited users to access to my VPS user as WEBSERVER with Nginix.

I'm used to NOT install FTP and access via SFTP only. It is ok for every set up?

this is what I usually do from to create a limited user called "admin" that should be able to have access via SFTP to the folder with the website data

mkdir -p /var/www/mysite.com/
adduser admin
adduser admin www-data
chown -R root:root /var/www
chmod -R 755 /var/www
chmod -R 755 /var/www/mysite.com
chown -R admin:www-data /var/www/mysite.com/

It seems not to be the correct way, I always have problems with permission when I upload some files (for example with Wordpress in general). I would like to create an user that does work exactly as the one that the "provides" give to their client when they buy an Hosting service (that is a FTP, I would prefer SFTP access). It is for personal user, but I think that a limited user is a lot safer to use then the "root" via SFTP.

Source: (StackOverflow)

Only allow a user to CHMOD and CHOWN in their home directory or a specified directory

I have a Windows user on my network who has Samba access to our linux development server. Occasionally permissions or ownership will become confused for reasons unknown and he will no longer be able to edit files.

To get round this I have given him access through PuTTY and in the sudoers file (sudo visudo) I have added a line like this:

username ALL = /bin/chmod, /bin/chown

Now obviously he could now just chown everything to himself and delete the entire drive. He is trustworthy, but I worry if someone were to compromise his account or he accidentally got out of his depth and did it.

Is there a way I can restrict his account so it can only chmod or chown in /home/username and /specified/directory?

I am running Ubuntu 10.10 on the server.

Source: (StackOverflow)

Maintain setgid bit (after bower install or gulp build)

We run web servers where we have the following situation:

  1. The www-data user runs the web server and must have read+write access to the files
  2. The deploy user deploys all the code
  3. The bob and alice users might login via ssh and change configurations locally

All users must have read+write access on /var/www/mysite. We currently accomplish this by owning the group of /var/www/site to www-data. Then we set the write + setgid bit on the group to make sure all subdirectories are having the same rights.

Now, this is all running fine for some time, but we have issues with the following scenarios:

  1. We use bower to install packages with bower install. The user who ran bower install the first time owns the public/bower_components directory and no setgid bit is set
  2. We use gulp to minify javascripts from public/scripts/src to public/scripts/dist and the first user who ran gulp build owns the files

In both situations, a find path/to/dir -type d -exec chmod g+ws {} \; does mitigate the problem, but is it possible to fix this issue in the first place? We have set the setgid bit on the /var/www/mysite directory, so why does bower install not follow this permission set?

If not, is there a better way to fix this problem? We have thought to set the bits in the deployment automation process, but if a user forgets the setgid bit we think the automated deployment could get stuck as well.

Source: (StackOverflow)

Recovering from a system-wide chown?

I have a Linux web server with multiple sites being hosted with CPanel. I was having trouble accessing a site, so I ran this command: chown -R root:root /home/evalreal/. While waiting for the command I start seeing a bunch of errors. The errors went something like /home/evalreal/public_html/../virtfs/home/*Other website folders* Could not be accessed

So, I messed something up with my command and applied these owners across a large amount of my /?

My web sites went down until I reset their permissions from a back up. My /tmp directory and /var/lib/mysql directory are both running 777 for the time being. I need to do something similar for whatever is hampering Exim. I can't tell what got changed but since I was root when I ran the command I suspect it's a lot.

Ultimately I need to have the entire system restored from backups right? What if I can't do that for a day or so?

Source: (StackOverflow)