[SOLVED] Cannot backup files because of read permissions

qingpool · 07-16-2012, 09:04 AM

I want to backup files in a folder to a network Share, from Ubuntu 12.04 to Windows 7.

Files have no read/write permissions, i have to "sudo chmod -R 777 Backup/" everytime.

But new files created in that directory will still have no read/write permissions, so i must chmod this folder everyday. Files are created by an application, daily...can i set a default create mask somewhere?

Thanks

richardg1952 · 07-16-2012, 11:24 AM

what id owns the files that are created?

lleb · 07-16-2012, 02:48 PM

also how do you have the cifs mount point mounted and what permissions are on the win7 box? in many cases when dealing with a cifs mount point the problem resides in the permissions settings on the MS Windows computer.

padeen · 07-16-2012, 07:41 PM

Bash built-in umask or environment variable UMASK, coupled with the owner & group of the directory, set default permissions. But, to me, it is not clear whether your problem is with the directory where files are created (on Ubuntu) or the directory where you want to backup to (Win 7 share).

qingpool · 07-17-2012, 02:06 AM

Win7 share works fine, i can manage files over the network from anywhere. I havent mounted the Win7 folder, just used LuckyBackup GUI with a network destination, which gave access denied error (cannot read from source).

When i create a file in that folder manually, it will have the correct permissions... just the ones created by that application.

I will check the ID, the exact error and permissions next time i visit the site.

qingpool · 08-02-2012, 02:53 AM

These backup fiels, created by the program, are owned by root, whereas my user is , lets say "user2". Sorry, since i am a beginner, what is the correct way to solve this?

Thanks

padeen · 08-02-2012, 04:17 AM

What program is creating the original files? It sounds to me like it is running as root.

qingpool · 08-02-2012, 07:23 AM

It's an accounting software, a server application. Just a folder copied to this machine and then probably added to startup via Ubuntus GUI. Clients connect to this machine via an ip and specified port.

On older machines it was added to startup via rc.local file using "screen" command, but not on this machine.

padeen · 08-03-2012, 09:23 PM

[I just spent half an hour writing a long, considered reply, only get an error msg when I submitted the post that the f.... token had expired. I am seriously pissed off that all that work is gone. Looking at the cookies, it seems the token has an expiry of roughly 40 minutes. Jeremy, this is too short.]

So, you get the brief version.

The files are being created as root.

The application should not be running as root. It is a security risk for apps that accept outside connections to run as root, since anyone who can exploit the app can end up owning the machine and then get onto the shares as well.

If the app needs to run as root to open system ports (those < 1024), it is badly written. It should fork to a non-root user after opening the ports or else use only non-system ports.

If it is running as root simply because it is owned by root and runs from a startup script that runs as root, then write a brief shell script that su's to a non-root user that starts the app.

If you can't do any of that, you could try a hack of using an ACL http://sys-log.bencane.com/2012/05/a...ists-on-linux/ to give yourself read access. Or better, to give a group (e.g. "backup") read access and make yourself a member of that group.

Or make the group of the directory "backup" and make sure the umask of the directory gives group read access and make yourself a member of group backup.

There are other solutions, but from what you have said, the primary issue is why are the files being created as owned by root.

qingpool · 08-04-2012, 03:53 AM

Thank You for the link and explanation.

Port used is 5558 if i remember correctly.

I will try to fix this root issue next time and report back later.

qingpool · 08-19-2012, 04:22 AM

Quote:

Originally Posted by padeen

There are other solutions, but from what you have said, the primary issue is why are the files being created as owned by root.

I checked, it appears the program IS added to startup via /etc/rc.local file - like this:
/home/blah-blah/ProgramName

So my previous assumption it was added via graphical startup manager, was wrong:

I have learned that programs added this way run as root.
My main concern is that this program must run without needing user login, so it would run on boot.

What is the proper way to add it to rc.local as another user?
I tried this, but it didnt work:
su -user -c /home/..path../ProgramName

Thanks

chrism01 · 08-19-2012, 06:35 PM

Code:

su -user -c /home/..path../ProgramName

# need an extra space char space 
su - user -c /home/..path../ProgramName

As its running as root, it won't require a passwd to run a prog as another user.
NB: if the target cmd requires extra params, put quote marks round the whole thing eg

Code:

su - user -c '/home/..path../ProgramName arg1 arg2'

padeen · 08-19-2012, 11:27 PM

I suggest using whatever daemonize utility is provided by your distribution. That way, you know it has been tested for a wide variety of situations. Debian provides start-stop-daemon, RH has a daemon utility, Slackware has a daemon function in /etc/init.d/functions which you can include in your start script.

The advantages of these is that they can start up the app with whatever user you specify, they check for other things like is the process already running, they can shut it down cleanly, and so on.

Other suggestions are at http://stackoverflow.com/questions/3...different-user

qingpool · 08-20-2012, 02:03 AM

Thank You all,

problem solved and learned many new things.

Thanks