I worked in a job with build scripts. Developers would list what they wanted in a drop-down menu on a website, with very few “fill in the blanks.” This would create a template, which was sanity-checked.
One of the “fill in the blanks” was “home directory of user, if not default /home/username.” Some people filled it in, some didn’t. A lot of “users” might be apps with /home being “/opt/appname” “/var/www/html” or something. We checked to make sure that directory existed, if not, create, and set permissions. Easy peasy, all automated. Ran this lots of times.
Then one day, the script failed. Borked the whole box. Sometimes the VM was corrupt, so delete VM and try again. Usually worked. But this time, the build kept failing. The box went down. Wasn’t even bootable. This happened several times with this one build. So we mounted the borked drive under a new VM and checked out the logs. Just like the dessert stage of Willy Wonka chewing gum, it always failed at the last stage: making /home directories.
It would create them, then halt that it could not find bash. We looked for bash on the bad drive, and it was the usual /bin/bash shortcut to /usr/bin/bash and we were truly puzzled. I did a chroot to the drive and NOTHING worked. It just hung. That was the first clue.
The second was looking through the build script (in bash, which we didn’t write) and checking the steps. Looked it the logs. Always died at creating some user named sapadm, the user for the HANA database. Eventually, I checked the configure file, and noticed it was the only user with the odd home directory “/usr/sap.” Then it hit me: the permissions.
The script, thinking it was a home directory, did a chmod - R 755 for all directories and chmod - R 644 for all files! That meant, while creating home, it made everything under /usr not executable anymore! Holy shit, no wonder nothing worked! So we commented out that user in the config, ran the build again, and we were good! We created the sapadm by hand, and then later fixed the bug in the script.
SANITIZE YOUR DATA. Or you might turn Violet Beauregarde into a blueberry.
That’s how it works
I still waste time on this occasionally 😹
The EPERM didn’t give you a little hint?
Wouldn’t it be EACCES?
ESOMETHING
and you were the one to remove the +x
As a tip, this is the type of thing that AI is very good at. Just describe what the problem is and ask what might be causing it
This sentence can be posted on pretty much every Lemmy post
Why do people keep telling me to ask Al about these questions? He’s just my next door neighbor for god’s sake
Big Al also says dogs can’t look up
No, you just had a 3 hour learning experience.
Reminds me of the adage “you didn’t pay me $5,000 for turning that bolt. You paid me $5,000 because I knew which bolt to turn.” Experience and knowledge is valuable.
Educator here. This is called “discovery learning”. (The alternative to discovery learning, “direct instruction”, would be if someone had told OP about these permissions before OP got themselves into a pickle)
When discovery learning is successful, it leads to better learning outcomes. Compared to direct instruction, you learn the material more deeply and will have better recall of the material, often for the rest of your life. The downsides to discovery learning are that it’s very time-consuming, very frustrating, and many students will just fail (give up) before learning is completed.
Consider yourself one of the lucky ones, OP.
If discovery learning is frustrating in class, you must adjust it. It can’t be too easy or too frustrating.
And yes, usually the mental model a student forms from a lesson after doing some discovery learning has strong foundations.
It happened to me countless times that I was suffering with a task for hours and hours and hours, then finally found what the problem was. Then a few weeks later, facing the same issue again somewhere else, I only remembered the fact that I had that same issue weeks ago, but I completely forgot what the solution was.
Weirdly enough, sometimes it’s indeed a lifelong experience and I can remember the solution forever. I don’t really know what it depends on.
No one mentioned ACLs so far. If you see a + using ls -l like this
drwxrwx---+, you have an access control list entry.More than a decade of using linux and I still can’t remember
setfaclsyntax. I have better luck rememberingtarsyntax.tar -xzfextract ze fileAnd
tar -czfcompress ze file. I saw someone post these mnemonic devices a while back and now I actually remember tar commands. Amazing!This is a very useful way to remember it, but nowadays it’s better to drop the z (which immediately makes the mnemonic more forgettable, of course). tar can autodetect compression now, so
tar -xfshould work on anything from plain tar archives over tar.gz to more unusual compression algorithms like tar.xz or tar.bz2.(the z is specifically for gzip)
You don’t even need the dash (
-).
and then what is the thing that will happen to us next
lsreaction to this is unexpected:$ mkdir foo $ echo Foo > foo/file $ chmod a-x foo $ ls -l foo ls: cannot access 'foo/file': Permission denied total 0 -????????? ? ? ? ? ? fileI expected to just get a “Permission denied”, but listing the content it can still do. So
xis for following the name to the inode andrfor listing directory content (i.e. just names)?You can still read the contents of the directory because you have
-ron it. If you just runls fooyou’ll see your file on there, no problem.However, without
-xyou cannot read metadata in that directory. That’s why all information about the file shows as question marks.
deleted by creator
Ouch. I’m sorry you had to find out that way. But in the plus side, you’ll never forget.
I remember myself asking why directories had x flags in their permissions. Like, you don’t execute them. What do they use the x flag for?
For directories, it’s permission to
cdinto it. Read is whether you can list files, and write is remove, rename, or create new files. Don’t ask questions about the secret sticky bitcd as owner lol
Executing a list read of the inode?
There needs to be a Linux kernel fork that when you try to execute a directory executes all programs in the directory. In parallel. Juuuuuuuust to fuck with people who might accidentally execute the
/usr/bindirectory.And if there’s a circular symlink, we fork bomb
Those of us who use the autocd feature of shells “execute” directories all the time. For example I’d type just
/usr/bin RETif I wanted to cd to /usr/bin.Or worse… In order. Based on last Modified date. And use that as the basis for some scheduling agent where timing and order of execution is essential.
That’s the most evil thing I’ve heard in awhile, and I would absolutely make use of it anyway.
All you have to do is touch the files in order. Why aren’t you using this touchsched repo here….
It’s necessary if you want to give somebody rw access to a subdirectory but not the parent.
The parent gets “x” and the child gets “rwx”.
This way you can have multiple users with their own directories under, say, /var/www/html but restrict access to /var/www/html itself.
If the user doesn’t have “x” then they can’t see anything in that directory at all.
The x permission on directories is exactly for this purpose. You can use the directory. You cannot read (requires rx), you cannot write (w), but you can ‘cd’ and operate on files in the directory.
This is important, you can lock someone out from a directory tree buy not giving them ‘x’ on the root. So, if your home is rwx------, no one but the owner can do anything in your home. This is effective even if some files and subdirectories have less restrictive permissions.
So, if your home is rwx------, no one but the owner can do anything in your home.
Does that include root?
Point for you, root is special.
Learned that when dealing with Ansible:
- Folder in most cases 755
- File in most cases 644 or 755 if executable.
To change all the directories to 755 (
drwxr-xr-x):find /opt/lampp/htdocs -type d -exec chmod 755 {} \;To change all the files to 644 (
-rw-r--r--):find /opt/lampp/htdocs -type f -exec chmod 644 {} \;deleted by creator
I love posts like these because they help me avoid mistakes I would’ve definitely made too. Thanks OP!
R is to read it’s contents, x to enter
s (g+s) keeps the group for all new files in that directory the same as it’s parent
