Linux (centos 5.3) owner/file permissions

Kymmy · 07-04-2009, 09:35

Hi guys,

Recently had a slight problem with file permissions on the website. In the public_html directory if I upload a file using the domain user (xtzuser) then no-one can see the file (not even root) where as if I load the file using root then everyone including web can see the file.

Recently done a recovery of all the files within this particular public_html so not sure if that had anythign to do with it..

Ownership of the files/directories is set as xtzuser:xtzuser and file permissions is 644

Aragorn · 07-04-2009, 10:05

What do you mean by 'no-one can see the file'? Via a browser or in the command line?
At command line level, root should be able to see everything, and with 644 perms (r_wr__r__) the files should be visible to everyone.
Have you added (accidentally) acls to some of the files? Try doing
'getfacl <filename>' as xtzuser and see if it reports an acl.
I guess the other poss is some messed up SELinux settings.

Kymmy · 07-04-2009, 10:35

By HTTP, SSH or sFTP...

It's weird and only just started recently..(probably after the 5.2 to 5.3 updates)

If I save a file using 'xtzuser' and then browse to that file using another user (web/root) via a browser, ssh_telnet or ftp then that file is not visible...

Even though that file is readable by all (644 permissions)

---------- Post added at 11:33 ---------- Previous post was at 11:31 ----------

Just done a test on other users and they're all fine, it's only this one user that's giving me problems

---------- Post added at 11:35 ---------- Previous post was at 11:33 ----------

I might just backup the files/db's remove the user, redo the user and replace the files using that users ftp..

A bit of messing about but other than than how else could I reset all the permissions back to default for the whole user??

Aragorn · 07-04-2009, 10:59

You could reset the perms with a find command, eg find files owned by user and chmod each one.
Any luck with the getfacl command?
Any selinux messages in /var/log/messages?
Are all the files under one directory, and has it got corrrupted? (mkdir /tmp/newdir; cp -r /olddir/* /tmp/newdir)

Kymmy · 07-04-2009, 11:50

Not corruption

Will check the logs and the other commands in a bit..Thanks for your help

---------- Post added at 12:50 ---------- Previous post was at 12:12 ----------

Quote:

[Tue Apr 07 11:27:53 2009] [error] [client ::1] Directory index forbidden by Options directive: /var/www/html/
[Tue Apr 07 11:27:53 2009] [error] [client ::1] Directory index forbidden by Options directive: /var/www/html/

The times I was getting the problems in a web browser this was popping up in /var/logs/httpd/error_log

I've checked in /var/www/html/ but there's nothing in there apart from a horde install

mr_bo · 07-04-2009, 12:37

I read the other day that apache will not list the files in a directory root unless in an index.html code

Aragorn · 07-04-2009, 14:07

I 'think' the apache errors are probably just a symptom of the underlying permission problem - ie if you can't see the files under ssh, apache won't either.
It could also be that (per google) you need either "Options Indexes" or "Options All" in your apache config.

Aragorn · 07-04-2009, 19:38

Just doing a bit of testing on my OpenSuse box.

Set an acl on a file with no access to 'users', but root was still able to read it.
Also, ls -l on the file shows a "+" after the permissions string.

That I guess rules out acl's as the cause of the problem.

Can you run an fsck on the filesystem in question?