Let's say I am the user Alice and I have a publicly accessible folder /samba/public The permissions of the public Samba folder (/samba/public/) are nobody:nogroup and 0777. When Alice tries to copy over something from her home folder to the shared public drive (e.g cp ~/Downloads/* /samba/public), Alice wants the newly copied files to be editable/deletable by all guests who have access to the public Samba share. I want the copied files to be owned by nobody:nogroup and set to 0777. Instead, what happens is that the newly copied files are owned by alice:alice and guest users on the public drive can't edit or delete the files. How can I ensure that future copy/move operations of content from Alice's home folder to the shared/public Samba folder will be owned by nobody:nogroup so that guest users aren't then prevented from deleting/editing the files themselves?

When I run podman run I'm getting a particularly weird error,

❯ podman run -ti --restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher:latest
✔ docker.io/rancher/rancher:latest
Trying to pull docker.io/rancher/rancher:latest...
Getting image source signatures
[... blob copying...]
Writing manifest to image destination
Storing signatures
  Error processing tar file(exit status 1): potentially insufficient UIDs or GIDs available in user namespace (requested 630384594:600260513 for /usr/bin/etcdctl): Check /etc/subuid and /etc/subgid: lchown /usr/bin/etcdctl: invalid argument
Error: Error committing the finished image: error adding layer with blob "sha256:b4b03dbaa949daab471f94bcfd68cbe21c1147e8ec2acfe3f46f1520db48baeb": Error processing tar file(exit status 1): potentially insufficient UIDs or GIDs available in user namespace (requested 630384594:600260513 for /usr/bin/etcdctl): Check /etc/subuid and /etc/subgid: lchown /usr/bin/etcdctl: invalid argument

What does _"potentially insufficient UIDs or GIDs available in user namespace"_ mean and how can I remedy this problem?

### Info ### I have 2 remote machines, both are Linux and same OS version. When I tried to SSH to the machine as one of the user inside via public key, machineA works but machineB get stucked after offerring the public key. From what I understand, SSH uses StrictModes by default which requires: - In

/etc/ssh/sshd_config

, contains

yes

and

.ssh/authorized_keys

-

/home/

with

750

or stricter -

/home//.ssh

with

700

or stricter -

/home//.ssh/authorized_keys

with

600

or stricter ### What I have done? ### For my requirements, I need the

of

to be managed by another user, let's say

. So I have done the following configurations to allow

to manage

's

chmod 750 /home/
chmod 700 /home//.ssh
chmod 600 /home//.ssh/authorized_keys
setfacl -m u::rwx /home/
setfacl -m u::rwx /home//.ssh
setfacl -m u::rwx /home//.ssh/authorized_keys

So I enter both machineA & machineB as admin via password and paste my public key into

/home//.ssh/authorized_keys

When I tried SSH to both system via Putty, machineA works but machineB fails. ### Loggings ### This is the event logs of putty when try to SSH to machineB, it's stuck after

public key

And this is the

-f /var/log/auth.log

at machineB: I check these configurations at both machines: - ✅ownership of file/directory is the user - ✅permission is same as previous statement - ✅both machines had same configurations I also tried

/usr/sbin/sshd -d -p 2222

at target machine and SSH to the system via command prompt using

-i C:\path\to\private-key -p 2222 @

and this is the log I got: ### Others things tried ### - Revoke all ACL permission on machineB, and able to SSH to machineB via public key after that. - Set

no

in

/etc/ssh/sshd_config

at machineB, and it works afterwards. But I know this is not a good idea. - Check

/etc/ssh/sshd_config

at machineA, and it has

yes

commented, but I believe it's enabled by default. ### Questions ### - What configurations that I may missed? - Is it related to proxy? Because machineA is behind a proxy while machineB is not. Any help or insight is appreciated :D

I have a folder, my-folder. From its parent directory, I first do: sudo chown -cR mat: my-folder If I then do: chmod -cR 600 my-folder, I get: chmod: cannot access 'my-folder/build.sh': Permission denied chmod: cannot access 'my-folder/vmdk': Permission denied chmod: cannot access 'my-folder/.git': Permission denied chmod: cannot access 'my-folder/run.sh': Permission denied chmod: cannot access 'my-folder/docker': Permission denied chmod: cannot access 'my-folder/.gitignore': Permission denied Am I not supposed to fully own this folder and its content? Notes: Running sudo chmod -cR 600 my-folder does not print anything. mat is what I get when I type whoami.

So there is a user that was created by root, and it pretty much has access to most/all directories on the system, we want to use this user only for ftp via lftp to read a certain file on the server that this user is located, let's call it config-server. so all the other servers, have scripts that will use lftp/ftp to access the config-server using this user to read the desired config file. As the user and password will be saved on the other servers, we want to restrict this users access to all other unnecessary directories, and no we don't want to restrict the users ftp access, we want to restrict the user itself. My goal is to do it at once or at least once for each mount point, like configuring his /her access globally once to 000, then go the the desired directory and give him read access to that directory only. so how can I do this globally? is it possible? I thought I could use recursive chmod/setfacl on all directories/mountpoints while signed in as root, and then as root, give that user access to the config files path? is this a viable solution, or does it have risks. if not, please share your solution. Note: We have somewhat 74 servers, which nullifies the point of storing the config on each server separately. EDIT: Server OS is Redhat 6.9 (or later for other servers). Also the access method used in the script would be ftp, but like I said since the user and password is present in the scripts that are on the other servers, we should prevent the user overall access, some one might use ssh, or even direct login, and we can't be held responsible for allowing that to happen, also we have limited access to most of our servers (configuration wise), this is one of the few which we do have the root access and OS is not managed by another team. But we ourselves will need to be able to login to this user ( can't complicate it too much, not every member that is added to the team has good linux/OS knowledge Ironically, right now two new members, trained by me and my ex-colleague in linux, one which is IT student, still didn't know what command is used to switch user, both use right click to copy and paste :| ).

To make a shell script executable, there seems to exist three options: - Option 1: chmod +x script.sh - Option 2: chmod a+x script.sh - Option 3: chmod a+rx script.sh Here are two questions. Q1. What does it actually mean that the first and second options grant permission to execute, but don't grant permission to read? How does it possible in real life? Q2. Which of these options is recommended for a general case? Or, to make this question less personal, what are pros and cons of each option?

I installed texlive as usual in /usr/local/texlive/2025. When installing I typed umask 0027 prior to each command (./configure, make...), hoping that the resulting files would have root as owner and me as group with the same rights to access, read and change the files. Nevertheless, when updating texlive (sudo tlmgr --self --all --no-auto-remove update), the owner becomes root, the group becomes root instead of ME, and I neither can use commands like luatex nor the .sty files etc., as they're owned by root. So, each time I update texlive via tlmgr I have to change owner and group manually for all files in \textlive\2025. What can I do to set owner=root and user=ME for all files newly created and changed with sudo tlmgr ... in the future?

I hear that chmod 777 is a horrible idea. However, nobody else is ever going to use my system (and this is a quite common scenario for a lot of *nix systems). Why shouldn't I allow everything?

In [_Classic Shell Scripting_ from O'Reilly](https://learning.oreilly.com/library/view/classic-shell-scripting/0596005954/) , Arnold Robbins and Nelson H.F. Beebe write the follwing example: >

> $ umask
> 023
> $ rm -f foo
> $ cp /bin/pwd foo
> $ ls -l /bin/pwd foo
> -rwxr-xr-x   1 root    root     10428 2001-07-23 10:23 /bin/pwd
> -rwxr-xr--   1 jones   devel    10428 2002-09-21 16:37 foo
>

> The resulting permission string rwxr-xr-- reflects the loss of privileges: group lost write access, and other lost write and execute access. Now, the 023 output at the beginning, tells me that in the current shell, _newly created files_ would have w access removed for g and wx removed for o, so while I understand that "other lost execute access", I don't get "group lost write access" nor "other lost write access", as neither of them had it in the first place. Do you think it's just an inaccuracy of the wording of that comment, or am I missing something? Furthermore, I've tried that on my system, and the result puzzles me a bit more:

$ umask 
0023
$ cp /bin/pwd ~/foo
$ ls -l /bin/pwd ~/foo 
-rwxr-xr-x 1 root   root   35072 Jan 18 19:17 /bin/pwd*
-rw-r--r-- 1 myself myself 35072 Feb  1 12:54 /home/myself/foo

Now, the output of 0023 should mean removal of w for g and wx for o (of which only x for o was actually present, so it's the only one removed in this case), but instead it looks like the x permission has been removed too for both u and g. Why is that? Where can I find all the rules that determine what happens, as far as permissions go, when I create and when I copy a file?

I have the following simple script that changed ownership on folders more hola_config.sh #!/bin/bash chown -R hola:pola /home/darna chmod -R 775 /home/darna in /etc/sudoers I added the following ( super_hola user is like super user ) super_hola ALL=(ALL) NOPASSWD:ALL but when I run the script as su super_hola whoami super_hola sudo -u super_hola ./hola_config.sh I get Operation not permitted from chmod from the script Example: chmod: changing permissions of ‘/home/darna/linux.cvg: Operation not permitted the question is why the super user as super_hola can't change the permission like root user and what to fix in my configuration in order to enable user – super_hola to do so here the user and group IDs id super_hola uid=1001(super_hola) gid=1001(pola) groups=1001(pola),982(docker) grep super_hola /etc/group docker:x:982:super_hola id -G super_hola 1001 982

I am an unpriviledged user A in the same group G as another unpriviledged user B. We want to share a directory. I want to create a shared folder, be it /tmp/shared. How do I set its rights? Seems I want to set 2770. But what does B prevent from creating a folder with 700 in there? Can I force full access to all files any user creates in my (!) folder I shared with them? And, of course, also full access for them. Does this even work with this rights model? If not, how do I do this with ACLs? As far as I understood, ACLs help me to prevent that B *accidentally* creates a file without granting me access, but does not prevent if B does it *intentionally*.

I have up to terabytes of data (a large number of smaller files) that could contain wrong owner, group or permissions. To repair that we had a script doing

-sh
sudo -n chown -R user:group "/path"
sudo -n chmod -R a-rwx,u+rwX,g+rwX "/path"

But I wonder if the performance could be improved? What about running both in background and adding wait in the script? Is this a bad idea for chown and chmod? Do they interfere? What about using find instead? Is this faster and even correct this way (tests looked like this ain't even working, i.e. there is something wrong with the usage)?

-sh
sudo -n find "/path" -type f -exec chmod 660 {} + -exec chown user:group {} +
sudo -n find "/path" -type d -exec chmod 770 {} + -exec chown user:group {} +

What about running this in background and adding wait? Due to the type filter this shouldn't interfere, right? Could this even be improved by filtering for files only deviating from the target configuration? Maybe it's important to note that this script should be able to run on multiple platforms like Ubuntu (different versions) and Red Hat (different versions) and potentially different file systems, too.

Could someone explain this?

john@john-pcRefs:~/pCloudDrive/someFolder$ ls -al
total 16
drwxr-xr-x 2 john john  4096 Jan 11  2022 .
drwxr-xr-x 4 john john  4096 Jan 11  2022 ..
-rw-r--r-- 1 john john 10439 Sep 22 18:48 EnvironmentSetup.sh
-rw-r--r-- 1 john john  3370 Mar 25  2023 GitInitialization.sh
-rw-r--r-- 1 john john   342 Jul 10  2023 InitDatabase.sh
john@john-pcRefs:~/pCloudDrive/someFolder$ echo $USER
john
john@john-pcRefs:~/pCloudDrive/someFolder$ sudo chmod +x GitInitialization.sh 
chmod: cannot access 'GitInitialization.sh': Permission denied

If it can help, I'm working on a cloud drive and I've just gone from Ubuntu 22 to Ubuntu 24.

I changed the permissions of a directory recursively but a few files are unchanged because they have an unknown owner and group:

sudo chmod -R g+r /home/user/.local/share/waydroid/data/
ls -l /home/user/.local/share/waydroid/data/data/android.ext.services/
ls: cannot access '/home/user/.local/share/waydroid/data/data/android.ext.services/cache': Permission denied
ls: cannot access '/home/user/.local/share/waydroid/data/data/android.ext.services/code_cache': Permission denied
total 0
d????????? ? ? ? ?            ? cache
d????????? ? ? ? ?            ? code_cache

rsync fails to read these files with unknown owners:

rsync: [sender] readlink_stat("/home/user/.local/share/waydroid/data/user_de/0/org.lineageos.overlay.accent.red/cache") failed: Permission denied (13)

I am having a problem utilizing a mounted drive on my Raspberry Pi 2B running Diet Pi.

dietpi@DietPi:/media/dietpi/Other$ sudo chmod 666 -R /media/dietpi
dietpi@DietPi:/media/dietpi/Other$ touch text.txt
touch: cannot touch 'text.txt': Permission denied
dietpi@DietPi:/media/dietpi/Other$

The media appears to be mounted correctly as I am able to read what is in the drive. **Other Steps Attempted**

sudo chown -R dietpi /media/dietpi

This returns numerous of the following error:

chown: changing owndership '/media/dietpi/: Operation not permitted

Is it possible to store untrusted files in Linux safely? My assumption is that I would create a new user to store them and run:

chmod rw-------

However, is there anything else I can do to evade any potential concerns with these files. I do not need to execute them. My only need for them is to download and read data on the files. Is there anything else I should be weary of? Thank you so much for any help you can provide.

I was trying to use an USB-stick in Linux and it didn't go as expected: I had already created a mountpoint (/mnt), found the device of the newly inserted USB-stick (/dev/sdb1) and mounted it: # ls -l /dev/sdb1 brw-rw---- 1 root disk 8, 17 Aug 7 16:05 /dev/sdb1 # ls -ld /mnt drwxrwxrwx 2 root root 4096 Jul 31 2020 /mnt # mount /dev/sdb1 /mnt # mount | grep sdb /dev/sdb1 on /mnt type exfat(rw,relatime,fmask=0022,dmask=0022,iocharset=utf8,errors=remount-ro) # ls -ld mnt drwxr-xr-x 2 root root 131072 Aug 7 16:23 mnt The problem was now that the stick was writable only for root. So I changed the filemode of the directory - which didn't work at all, although no error was issued: # chmod -R 777 /mnt # ls -ld mnt drwxr-xr-x 2 root root 131072 Aug 7 16:23 mnt (I also tried "0777" instead of "777" - no difference.) Not being all too familiar with Linux I suspected the problem being that I tried to do something in the root directory. So I created a subdirectory "/mnt/usb1" and repeated above procedure - with the same result. The chmod command came back without an error but the filemode wasn't changed. As a last resort I tried changing the ownership - which lead to an error ("user" is an existing user/group on this system): # chown user:user /mnt chown: changing ownership of '/mnt': Operation not permitted My system uses kernel 5.15.0-97-generic, if you need more/other information please ask and I will edit it in. Can someone shed light on what I did wrong? Both commands (chown as well as chmod) are standard UNIX commands and the system I usually work with (AIX) would have done exactly what I intended to do. As A bonus: if someone could also answer why the chown was "not permitted" I'd be glad.

What does the following command do? sudo chmod -R a=,a+rX,u+w,g+w /data I understand that it changes permissions, but what exactly and how?

I'm trying to transfer a working Linux installation to a new larger disk, so I've attached the new disk on a USB port, partitioned it and created filesystems. While copying all the files over I hit a snag on the /dev directory. "cp -a" does most of the job, but fails on e.g. /dev/video0 with "Operation not supported". >ls -l /dev/video0 # on disk I copy from crw-rw----+ 1 root video 81, 0 2011-09-25 17:15 video0 >ls -l dev/video0 # on disk copied to crw-rw---- 1 root video 81, 0 2011-09-25 17:15 video0 So it seems everything was copied except for the "+" at the end of the access-rights field. What does that plus-sign mean and how can I create it on the destination disk?

I downloaded and saved 2 files on **Linux tails live os**. I have set the appropriate permissions on those 2 files to allow them as executable. This is the command I used. sudo chmod 777 home/amnesia/Desktop/file sudo chmod 777 file However, when I try to access these 2 files, both the files yield me an error as **cannot access**. I am not sure why it isn't recognizing the file permissions correctly.