You could use ACL. To set up ACL for Ubuntu 10.10, first mount the file systems with the acl option in /etc/fstab.
sudo vim /etc/fstab
UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx / ext4 defaults,acl 0 1
sudo mount -o remount,acl /
Then make a group to which a user may belong for this purpose.
sudo groupadd developers
sudo usermod -a -G developers $username
The user needs to log out and in again to become a member of the developers group.
Of course, do not do this if you have content in the /var/www directory that you want,
but just to illustrate setting it up to start:
sudo rm -rf /var/www
sudo mkdir -p /var/www/public
sudo chown -R root.developers /var/www/public
sudo chmod 0775 /var/www/public
sudo chmod g+s /var/www/public
sudo setfacl -d -m u::rwx,g::rwx,o::r-x /var/www/public
Then replace references to "/var/www" with "/var/www/public" in a config file and reload.
sudo vim /etc/apache2/sites-enabled/000-default
sudo /etc/init.d/apache2 reload
If we wanted to restrict delete and rename from all but the user who created the file:
sudo chmod +t /var/www/public
This way, if we want to create directories for frameworks that exist outside the
Apache document root or maybe create server-writable directories, it's still easy.
Apache-writable logs directory:
sudo mkdir /var/www/logs
sudo chgrp www-data /var/www/logs
sudo chmod 0770 /var/www/logs
Apache-readable library directory:
sudo mkdir /var/www/lib
sudo chgrp www-data /var/www/lib
sudo chmod 0750 /var/www/lib
This problem happens because .mysql
was created by root
user using sudo
and the permissions are to only read for others that are not the owner..
To simply fix this issue, change the owner of the folder to the desired user using this command in terminal:
sudo chown -R <user>:<group> .mysql
what this command does? i will explain each one of them
sudo
stands for "switch user and do" which is actually changing the user to root internally for this operation
chown
stands for "change owner" and it does what actually it means, of course for this command to work properly on a folder. the owner of the folder has to run it, in this case was root so sudo
was necessary
-R
this parameter is actually from chown
and it applies the same command recursively to all sub folders/files
<user>:<group>
this is just the desired owner and group we would like to assign to folder/file and its a mandatory parameter from chown
. Also you have to enter the source of the folder/file next to this parameter
you can check more options for chown
using man chown
Best Answer
Because the people from docker take security serious. And so should you. You really need to understand that this opens up your docker instance to everyone. For a thorough explanation this is a must read.
chmod 777
is never the correct solution (well... unless the sticky bit is also set).If you still want to do it with
you need to have this command executed each time you login. "startup applications" can be used to execute script at the time you login to the desktop. But please please do not. Use the group method below.
You can also set the immutable bit (chattr +i {file}) so normal users can not change the attributes but that is just a trick. Someone with access to the system can easily change that by rebooting with an live session; even a non admin user can do that.
Why? You forgot to explain why these are not acceptable. In theory you could have a valid reason (though I can not imagine one myself :) ).
See How can I use docker without sudo? on how to set this up or use the official documentation on how to setup docker with a group or rootless. Those ARE the 2 methods provided by docker.