Difference between revisions of "Permissions and Ownership"
m (1 revision imported) |
|
(No difference)
|
Latest revision as of 12:52, 11 May 2017
Contents
Overview
Files and folders must have the correct ownerships and permissions to allow applications to run. This document covers what permissions are expected for some of the critical files. When they are upgraded, altered or moved it is important to ensure that permissions are retained.
These commands should not be attempted without first backing up Swivel.
Prerequisites
Swivel 3.x
Backup Swivel
Symptoms
Swivel may fail to start or exhibit issues such as graphical images failing to appear or error messages in the logs. Databases may be read only.
Solution
Changing User Ownership
A file ownership is listed by user and group. To change user ownership of a file use the chown command:
chown user filename
Example: chown swivel config.xml
the -R switch allows recursive files and directories
the command can also be used to change group by using:
chown user.group filename
Example: chown swivel.swivel ./* changes all files in the directory
Example: chown -R swivel.swivel ./pinsafe changes all in the directory and subdirectories of Swivel (when run in webapps)
Changing Group Ownership
To change group ownership of a file use the chgrp command
chgrp group filename
Example: chgrp swivel config.xml
the -R switch allows recursive files and directories
Changing Permissions
Permissions of a file are defined as dashes or d for directory, r for read, w for write, x for execute (plus others we will ignore):
Directory: the first - or d for a directory d---------
User: -rwx------
Group: ----rwx---
Other: ------rwx
To change a permission use the chmod command:
chmod ugo+-permission filename
Example: chmod ugo+r ./config.xml gives read permissions to user, group and other.
Example: chmod o-w ./config.xml removes write permission from other.
Example: chmod ug+rw ./* gives read and write permissions to all files and directories in the directory.
Care should be taklen with the wildcard (*) since directories and files have different permissions.
Default Permissions
These are listed in order to compare a system with what the default values are.
All files under <path to Tomcat>/pinsafe should be owned and members of the group swivel and generally have user and group read and write access, and read access for other.
i.e. -rw-rw-r-- swivel swivel filename
All directories under <path to Tomcat>/pinsafe should be owned and members of the group swivel and generally have user and group read, write, and execute access, and read and execute access access for other.
i.e. drwxrwxr-x swivl swivel directory
Verify ownership and permissions on the following system files, these are the ones that may contain incorrect ownerships and permissions:
/pinsafe/WEB-INF/conf -rw-rw-r-- swivel swivel config.xml
/pinsafe/WEB-INF/db -rw-rw-r-- swivel swivel derby.log drwxrwxr-x swivel swivel pid drwxrwxr-x swivel swivel swivel
/pinsafe/WEB-INF/db/pid and /pinsafe/WEB-INF/db/swivel -rw-rw-r-- swivel swivel dbex.lck drwxrwxr-x swivel swivel log drwxrwxr-x swivel swivel Seg0 -rw-rw-r-- swivel swivel service.properties drwxrwxr-x swivel swivel tmp -rw-rw-r-- swivel swivel verifyKey.dat
/pinsafe/WEB-INF/ -rw-rw-r-- swivel swivel debug.log -rw-rw-r-- swivel swivel pinsafe.log
/pinsafe/WEB-INF/data -rw-rw-r-- swivel swivel repository.xml