On 26/01/2023 11:04, Greg Wooledge wrote:
On Thu, Jan 26, 2023 at 10:26:34AM +0700, Max Nikulin wrote:
Greg, I agree with your warnings. Just out of curiosity, is there a reason
why the following variant may still be unsafe?
runas() { local who=$1; shift; su --login "$who" --shell=/bin/bash
--c
On Thu, Jan 26, 2023 at 10:26:34AM +0700, Max Nikulin wrote:
> Greg, I agree with your warnings. Just out of curiosity, is there a reason
> why the following variant may still be unsafe?
>
> runas() { local who=$1; shift; su --login "$who" --shell=/bin/bash
> --command='"$0" "$@"' -- "$@"; }
1) h
On 25/01/2023 21:52, Greg Wooledge wrote:
On Wed, Jan 25, 2023 at 03:36:33PM +0100, Yassine Chaouche wrote:
runas_wwwdata ()
{
echo su - www-data -s /bin/bash -c "$*";
su - www-data -s /bin/bash -c "$*"
}
...
su(1) is pretty much the WORST possible choice for this, as it forces
you t
On Wed, Jan 25, 2023 at 2:54 AM jeremy ardley wrote:
>
> [...]
> Rechecked, thanks. The vendor directory didn't have x permissions.
> Fixed. Now to track down all the other files similarly afflicted in the
> screaming pile of manure called drupal.
>
> root@gram01:/# ls -ld var/www/grammartiste.com
On Wed, Jan 25, 2023 at 2:34 AM wrote:
>
> On Wed, Jan 25, 2023 at 02:51:05PM +0800, jeremy ardley wrote:
>
> [...]
>
> > 0.41 lstat("/var/www/grammartiste.com/web/vendor/autoload.php",
> > 0x7fffdc580970) = -1 EACCES (Permission denied)
> > 0.34 lstat("/var/www/grammartiste.com
Greg Wooledge (12023-01-25):
> When investigating permissions, there's really no reason to do the
> investigation as a non-root user.
When investigating permissions, doing your tests as root instead of the
user who is having the permissions issues, is a sure way for hiding the
issue.
Nothing to a
On Wed, Jan 25, 2023 at 03:36:33PM +0100, Yassine Chaouche wrote:
> Le 1/25/23 à 3:22 PM, Nicolas George a écrit :
> > For the current problem:
> >
> > sudo -u www-data namei /var/www/nextcloud/3rdparty/autoload.php
> >
> > … will cause the command to be executed in an environment closer to the
>
Le 1/25/23 à 3:22 PM, Nicolas George a écrit :
For the current problem:
sudo -u www-data namei /var/www/nextcloud/3rdparty/autoload.php
… will cause the command to be executed in an environment closer to the
one that causes the problem, and therefore is more likely to reveal it.
Use any command
Yassine Chaouche (12023-01-25):
> I prefer to use namei -l.
namei is good indeed.
> root@cloud[10.10.10.84/24] 15:15:43 ~ # namei -l
> /var/www/nextcloud/3rdparty/autoload.php
For the current problem:
sudo -u www-data namei /var/www/nextcloud/3rdparty/autoload.php
… will cause the command to
Le 1/25/23 à 2:07 PM, Greg Wooledge a écrit :
On Wed, Jan 25, 2023 at 07:34:54AM -0500, Dan Ritter wrote:
jeremy ardley wrote:
I have vague memories there are more file flags in newer Linux file systems?
There are extended attributes, of which the only one you are
likely to encounter is i,
Le 1/25/23 à 8:44 AM, jeremy ardley a écrit :
Anyway tree permissions:
root@gram01:/# ls -ld var
drwxr-xr-x 12 root root 4096 Nov 7 23:30 var
root@gram01:/# ls -ld var/www
drwxr-xr-x 5 www-data www-data 4096 Jan 23 16:33 var/www
root@gram01:/# ls -ld var/www/grammartiste.com/
drwxr-xr-
Hi,
jeremy ardley wrote:
> > > I have vague memories there are more file flags in newer Linux file
> > > systems?
Dan Ritter wrote:
> > There are extended attributes, [...]
> > lsattr and chattr are the relevant commands.
Nicolas George wrote:
> What you describe are file attributes specific to
On Wed, Jan 25, 2023 at 07:34:54AM -0500, Dan Ritter wrote:
> jeremy ardley wrote:
> > I have vague memories there are more file flags in newer Linux file systems?
>
> There are extended attributes, of which the only one you are
> likely to encounter is i, immutable. It is occasionally useful
> t
Dan Ritter (12023-01-25):
> There are extended attributes, of which the only one you are
> likely to encounter is i, immutable. It is occasionally useful
> to nail down the state of a file even when something properly
> has write permissions for it.
>
> lsattr and chattr are the relevant commands.
jeremy ardley wrote:
> I have vague memories there are more file flags in newer Linux file systems?
There are extended attributes, of which the only one you are
likely to encounter is i, immutable. It is occasionally useful
to nail down the state of a file even when something properly
has write p
On Wed, Jan 25, 2023 at 03:53:50PM +0800, jeremy ardley wrote:
[...]
> Rechecked, thanks. The vendor directory didn't have x permissions. Fixed.
> Now to track down all the other files similarly afflicted in the screaming
> pile of manure called drupal.
uh-oh ;-)
Cheers & good luck
--
t
sign
On 25/1/23 15:44, jeremy ardley wrote:
On 25/1/23 15:33, to...@tuxteam.de wrote:
On Wed, Jan 25, 2023 at 02:51:05PM +0800, jeremy ardley wrote:
[...]
0.41
lstat("/var/www/grammartiste.com/web/vendor/autoload.php",
0x7fffdc580970) = -1 EACCES (Permission denied)
0.34
ls
On 25/1/23 15:33, to...@tuxteam.de wrote:
On Wed, Jan 25, 2023 at 02:51:05PM +0800, jeremy ardley wrote:
[...]
0.41 lstat("/var/www/grammartiste.com/web/vendor/autoload.php",
0x7fffdc580970) = -1 EACCES (Permission denied)
0.34 lstat("/var/www/grammartiste.com/web/vendor/a
On Wed, Jan 25, 2023 at 02:51:05PM +0800, jeremy ardley wrote:
[...]
> 0.41 lstat("/var/www/grammartiste.com/web/vendor/autoload.php",
> 0x7fffdc580970) = -1 EACCES (Permission denied)
> 0.34 lstat("/var/www/grammartiste.com/web/vendor/autoload.php",
> 0x7fffdc57f900) = -1 EAC
I am having trouble with php8.1-fpm commanded from nginx on a bullseye
system
php8.1-fpm reports access denied when opening a specific file for the
application. The file has universal rwx permissions (after attempting to
fix problem). I am not running selinux but I do see some references to
a
20 matches
Mail list logo
