can't chmod directories

Question

Level 1

45 points

can't chmod directories

I'm running a web server (OSX 10.5). Recently, I've had trouble installing cms's. The system refuses to allow me to change the permissions of directories and files. My attempts to "sudo chmod -r 777" cause the system to tell me the directory I specify doesn't exist.

The directory does exist in both the terminal list and in the Finder window.

Without acknowledging that the directories exist, the system turns the directories I try to chmod into write-only "drop boxes". (I'm definitely typing 777, not 733.)

Unable to change permissions using the "get info" method either.

mini, G5, TiBook, Mac OS X (10.4.4)

Posted on Nov 30, 2010 6:44 PM

Reply

Answer 1

Top-ranking reply

Nils C. Anderson

Level 4

3,495 points

Dec 2, 2010 4:59 AM in response to David Mason

As the others have pointed out you probably want the '-R' option.
The '-r' options that you are showing returns:


$ mkdir testdir
$ ls -ld testdir
drwxr-xr-x 2 andya andya 68 Dec 2 07:42 testdir
$ chmod -r 777 testdir
chmod: 777: No such file or directory
$ chmod -R 777 testdir
drwxrwxrwx 2 andya andya 68 Dec 2 07:42 testdir
$ chmod -r testdir
$ ls -ld testdir
d-wx-wx-wx 2 andya andya 68 Dec 2 07:42 testdir

The error above "No such file or directory" is saying that there is no such file or directory by the name of "777".

Message was edited by: Nils C. Anderson

Reply

Answer 2

MrHoffman

Level 10

152,005 points

Nov 30, 2010 8:06 PM in response to David Mason

Did you intend -R and not -r on that chmod And a sudo?


sudo chmod -R 777 /path/to/target
sudo chown -R user:group /path/to/target

You might need to chown and chmod the parent directory.

And I will mention the risks of 777 for web-facing directories; that allows a breach to be written to disk.

Reply

Answer 3

MrHoffman

Level 10

152,005 points

Dec 1, 2010 8:17 PM in response to David Mason

The command switches are case-sensitive.

The command chmod -R is a recursive change.

The command chmod -r is not listed in the man page as a switch.

My assumption here is that you got tangled with the newer-style syntax for the masks; that you removed read access to the path.

With newer syntax, the intended command would be:


$ sudo chmod ugo=rwx -R /path/to/directory

Reply

Answer 4

BobHarris

Level 9

57,321 points

Dec 1, 2010 8:18 PM in response to David Mason

sudo chmod -r 777 fakedirectory
3. The response I then get is: "no such directory exists" (even though an immediate 'ls' command shows the directory is there.
4. Investigating the issue through the finder reveals that the directory in question has been turned into a "Drop Box".

An earlier post suggests that capital -R is different than -r in the syntax. What's the difference, and would -r turn a directory into a drop box that not even root (at least, via sudo) can mess with?

MrHoffman was correct. You should have changed the -r to -R.

What you said was:

chmod
remove read access (-r)
for file 777
and file fakedirectory

If you follow MrHoffman's suggestions, you should specify:


sudo chmod -R 777 fakedirectory

which would say

chmod
of the file hierarchies rooted in the files instead of just the files themselves (-R)
to rwxrwxrwx (777)
starting with fakedirectory and everything below.

Reply

Answer 5

BobHarris

Level 9

57,321 points

Dec 1, 2010 6:14 AM in response to David Mason

MrHoffman has given the chmod syntax corrections. Without knowing anything about what you are trying to do, I would think 755 would be a bit more secure as directory permissions, especially if you also change the owner to make it easy for you to add/remove content, but not for Apache to have write access.

Are there spaces or any other shell magic characters in the directory path. That will make the chmod command think the directory does not exist.

Can you show us the actual command including the path to the directory? To make sure the forum does not mess with your command, wrap the command in

pairs

sudo chmod -R 755 the path_to_thedirectory
{code}

Message was edited by: BobHarris

Reply

Answer 6

BobHarris

Level 9

57,321 points

Dec 3, 2010 9:51 AM in response to David Mason

Ah, I get it. "Remove read access" turns the directory into a "Drop Box".

Is this '-R' vs '-r' distinction relatively recent? I haven't done this kind of work for a couple years, but I swear I used to use lower-case '-r' for the purposes of changing the permissions for a directory.

No. This has been around for a long time. The -R is an option. The -rwx or +rwx notation is how you specify to add or remove the read, execute, write permissions. From "man chmod":

The operator `+' causes the permissions selected to be added to the existing permissions of each file; `-' causes them to be removed; and `=' causes them to be the only permissions that the file has.


u+rwx # give owner (user) read, write, execute
go-w # remove group and other write access
+r # give everyone read access
-w # take away write access
-r # remove read access (what you did).

Reply

Answer 7

Dec 2, 2010 8:26 AM in response to David Mason

Depending on the nature of the CMS, you may want to simply set passwords on the users it puts in /etc/passwd and operate as that user, rather than doing chmod -R.

Before doing recursive stuff, you want to ls -lR and see what your perms are.

It's way too easy to break some web-based CMSes with chmod -R. Been there, done that, got the t-shirt...

Reply

Answer 8

MrHoffman

Level 10

152,005 points

Dec 1, 2010 6:23 AM in response to BobHarris

I generally don't allow the web server to write to web directories, and I deliberately configure the web server to not own the web directories and web-facing files.

Specific CMS packages and features will require a specific directory or two to be open to the web server and the CMS (for uploads, usually). Packages that require more than that can indicate a problem with the design of the CMS itself; a potential security problem.

If a CMS required everything be writable to the CMS and the web server package and particularly of the package needed 777, I'd evaluate alternatives.

I've seen cases where folks assign 777 to allow developers access, and I'd tend to look for ACLs for that. The ACL is configured enable the necessary access specific folks. And configured to continue to disallow write access to most or all of the web files and directories from the web server and the CMS.

Reply

Answer 9

David Mason Author

Level 1

45 points

Dec 1, 2010 7:39 PM in response to MrHoffman

Sorry I wasn't more clear earlier. I was hoping this was a known issue that would only need some keywords.

Never mind, for the moment, the purpose for which I'm doing this. This is a hobby project, so I'm not all that concerned about the security of the cms's I'm fiddling with.

What I'm curious about is why:

1. I put a directory full of its own directories and files into my web directory...
2. I go into that directory and try to modify permissions, as in...


sudo chmod -r 777 fakedirectory

3. The response I then get is: "no such directory exists" (even though an immediate 'ls' command shows the directory is there.
4. Investigating the issue through the finder reveals that the directory in question has been turned into a "Drop Box".

An earlier post suggests that capital -R is different than -r in the syntax. What's the difference, and would -r turn a directory into a drop box that not even root (at least, via sudo) can mess with?

Hope this is clearer. Thanks for the help.

Reply

Answer 10

dbsneddon

Level 4

1,542 points

Dec 1, 2010 7:58 PM in response to David Mason

A cut'n'paste from a terminal session showing the exact commands and
responses would probably make this question a whole lot easier to
explain and somebody might see something that is relevant.

Actual commands and output are much more helpful than descriptions of
what is allegedly happening.

Dave

Reply

Answer 11

David Mason Author

Level 1

45 points

Dec 2, 2010 1:46 PM in response to BobHarris

Ah, I get it. "Remove read access" turns the directory into a "Drop Box".

Is this '-R' vs '-r' distinction relatively recent? I haven't done this kind of work for a couple years, but I swear I used to use lower-case '-r' for the purposes of changing the permissions for a directory.

Anyway, thanks to all for clearing this up for me.

Reply