Google Cloud permissions - google-cloud-platform

I have a hosted server on Google Cloud Platform (GCP), and I am trying to overwrite some files.
I was able to make a connection through WinSCP, and I'm able to find the directory of the files I need to overwrite, however, all files are read-only.
How can I manage the permissions to give myself add/change permissions?

I agree this seems to be related to permissions on the files. I am not able to comment and wanted to add that if you want to avoid changing the ownership of directory and files, you can always set up a group as an owner.
Details can be found on this discussion
Summarizing:
# groupadd mygroup
# useradd -G mygroup user1
# chown -R :mygroup /path/folder
# chmod -R g+rw /path/folder
Create new group ‘mygroup’
Adds user user1 to mygroup
Recursively grants group ownership to content of /path/folder/ to mygroup
Recursively grants group read & write permission to contents of /path/folder
This will effectively allow you to manage users in mygroup with the appropriate permissions and access.

You need to be the owner of the file in order to be able to make changes. For example, if root is the owner of the file, you won't be able to change it (since GCP doesn't allow root access through FTP).
What you should do is make you (the user logged through WinSCP) owner of the file using command line and then make changes to the file. Be careful to make the old owner of the file owner again.
For example, using Centos and WinSCP you should do this:
Login to your server with WinSCP
Login to your server through putty or any other command line client
in putty: sudo chown YOUR_USER /complete/URL/file/in/your/server.XYZ
make whatever changes you need to make to your file
in putty: sudo chown OLD_USER /complete/URL/file/in/your/server.XYZ
YOUR_USER is the user you are logged in on WinSCP.
OLD_USER can be apache, root or whatever
If you want to upload a new file you must take ownership of the folder. To do that do not specify the file on the chown command, for instance:
sudo chown YOUR_USER /complete/URL/folder/
Once you finish, give back ownership to OLD_USER.
This can be a pain but is the only way I found to edit my files in my GCP server...
Hope this helps.

Related

Laravel 5.4 AWS server

I have created a Laravel project in laravel 5.4 and i have made it live using AWS server . Now the issue I face is I have to provide the 777 permission to storage folder very frequently and due to this the site is not working properly. Can anyone help me with this as what can be the issue ? I have already given 777 permission to storage folder but somehow the permission changes and site stops as it cannot write log in log file. Thanks in advance
Ideally giving 777 permissions means who have open the access to ANYONE in the world who can access your storage with all Read/Write permissions.
You need to assign permission to your Web server to access the Directories and files which you can do in following way:
www-XXX can be your webserver user
sudo chown -R www-xxx:www-xxx /path/to/your/laravel/root/directory
Now in order to grant the storage level permissions to your webserver you need to execute the below commands
sudo chgrp -R www-data storage bootstrap/cache
sudo chmod -R ug+rwx storage bootstrap/cache

AWS EC2 cloud-init script run as ec2-user

I am baking an image on top of Amazon linux image.
I need to run a service as ec2-user.
Is it possible to run a launch script of any kind as user other than root?
I'm assuming you're going to put the command under UserData.
Scripts entered as user data are executed as the root user, so do not use the sudo command in the script. Remember that any files you create will be owned by root; if you need non-root users to have file access, you should modify the permissions accordingly in the script. Also, because the script is not run interactively, you cannot include commands that require user feedback (such as yum update without the -y flag).
Here's the full documentation discussing topic
Use this:
su ec2-user -c 'your commands go here'

how to make auto 777 to the folder/files with get created automatically in amazon linux

how to make auto 777 to the folder/files with get created automatically in amazon linux
every time my laravel application creates a new file in temp folder but not able to execute.
how to set automatically to give 777 permision to all files automatically
everytime in have to change the permissions to make it execute .
Run
chmod -R 777 /path/to/folder
with SSH on your server. Every created file in the folder should now inherit these permissions.
Be careful that giving all permissions to a folder is generally a bad idea, it can end up in a security issue. See this article.

EC2 FTP User Directory change

Our EC2 instance setup has an ftp user that had successful setup through the vsftpd program with an original home directory of \home\user\, I followed the instructions on this stack overflow, and had the user's shell set to /bin/false
What I'm looking to do is make the ftp user login only accessible to a particular directory, a folder in the html directory - \var\www\html\website.com\userfolder
What I've done:
Added user to a group ftpgroup
Authorized access and ownership of the new directory to the user:ftponly
Changed the user's home directory in /etc/passwd
added .ssh/authorized_keys with user's key in the new directory
changed ChrootDirectory in /etc/ssh/sshd_config to new directory
changed the permissions on the directory to chmod -R 775 user:ftpgroup
mounting \var\www\html\website.com\userfolder
Before these changes I was able to access the FTP, and now upon attempted access I receive the following errors from the Filezilla client:
Error: Disconnected: No supported authentication methods available
(server sent:publickey) ... Status: Connection attempt failed with
"ETIMEDOUT - Connection attempt timed out"
As it was working before, I'm thinking that it might have something to do with permissions, I'm just unsure of where else to change.
Thanks for any insight.
This worked for me.
After creating the user with vsftpd, the user now has access to the directory via FileZilla.
I then added a link from the home/{user} directory to the /var/www/html/{user} directory.
The user can upload files to the home directory and can view it from the html directory.
This is a simple hack. Let me know if this solves your problem.

Give user permissions to specific folder ONLY

I'm using Amazon Linux on EC2 and I just added the user using sudo adduser john.
How can I give the user specific permissions to only ONE folder and all the sub folders in it? For example, they only have access to: /var/www/html and everything in it. How can I do that?
You will have to create a jailed user which will have access to that folder.
Please follow this steps in this tutorial.
http://www.cyberciti.biz/faq/debian-ubuntu-restricting-ssh-user-session-to-a-directory-chrooted-jail/
The chown command allows you to change the user and/or group ownership of a given file, directory, or symbolic link.
In Linux, all files are associated with an owner and a group and assigned with permission access rights for the file owner, the group members, and others.
You can use
sudo chown -R john folder_name