Server Permissions

From UA Libraries Digital Services Planning and Documentation
Jump to: navigation, search

Server Permissions

If you've run a script to move content into Acumen or the archive, and it didn't work, and there were no error messages to indicate why...

then you've come to the right place.

Changes created by server upgrades and new software sometimes impact the permissions for directories or files. This may impact the functionality of the software you're using.

If your content failed to be moved, then on the commandline, change directories until you're in the area where your content should have been placed (reference: Command-line_Work_on_Linux_Server). For example, if you were uploading sheet music content into Acumen, look in the /srv/www/htdocs/content/u0004 subdirectory, viewable as user "jeremiah" in webcontent/u0004 subdirectory: cd webcontent/u0004

Now look at the permissions of the files and directories there: la *. This will give you a readout similar to the following:

 drwxrwxr-x    6 jeremiah www    63 2010-05-20 16:26 .
 drwxrwxrwx   12 jeremiah www   142 2010-01-06 10:49 ..
 drwxrwxr-x   53 jeremiah www  4096 2009-11-20 16:37 0000001
 drwxr-xr-x 2342 taloewald www 57344 2010-02-23 17:11 0000002
 drwxrwxr-x   72 jeremiah www  4096 2010-05-27 15:46 0000003
 drwxrwxr-x    2 malexand users  22 2009-11-23 15:02 Metadata

The first line refers to the directory you are in. The second is the parent directory. 0000001, 0000002, 0000003, and Metadata are all subdirectories.

For our purposes, the part you want to look at is highlighted in red.

Look first at the highlighted section on the left: (rwxrwxr-x). That string can be divided into 3 sections: rwx rwx and r-x. That is read as "read, write, execute," the three possible types of permissions ("execute" means to run scripts here). The first "rwx" set of permissions applies to the owner of that directory. The second "rwx" applies to the group associated with that directory, and the third "r-x" in that same string applies to anyone and everyone who can access this area.

Thus for this directory (the single dot, again, indicates this directory), the owner has all three permissions, the group has all three permissions, but the "world" has only read and execute permissions; there's a hyphen in place of the possible write command. That means only the owner and group members can write to this directory.

So who's the owner, and who's the group?

In the highlighted section on the right (jeremiah www), "jeremiah" is the owner, and "www" is the group. Thus, for this directory, the user "jeremiah" can read, write, and execute; so can anyone in the "www" group, but anyone else can only read or execute.

Now look down further to the 0000002 directory. We have a problem here. Tonio ("taloewald") owns this directory, and he can write to it, but other people in the "www" group cannot. Thus, if you are running a script as "jeremiah" (whose default group is "www"), you're not going to be able to put content into this directory.

The metadata directory has a problem also. In this example, the "malexand" user has created this directory, but it can be written to only by "malexand" and people in the "users" group. If you're running a script as "jeremiah" or you're in the "www" group, you won't be able to write to this directory.

Right now, everything in the Acumen content area *should* be completely open (rwx) to everyone in the "www" group. This enables metadata librarians and digital services both to write to this area. It should have "r-x" for the "world" permissions, so that it will be fully web accessible while protecting the content from being changed by users.

In the archive area (/srv/archive/, viewable by "jeremiah" user under "storage") all content should belong to "jeremiah" with group user "archive".

Anyone with root (or sudo) access can repair permissions problems, using chown (change ownership) and chmod (changes the permissions).

For example, to repair the permissions of Acumen, type in:

 chown -R jeremiah:www /srv/www/htdocs/content/*
 chmod -R 775 /srv/www/htdocs/content/*

To repair the permissions of the archive, type in:

 chown -R jeremiah:archive /srv/archive/*
 chmod -R 775 /srv/archive/*

To repair the permissions of deposits, type in:

 chown -R jeremiah:www /srv/deposits/*
 chmod -R 775 /srv/deposits/*