I have a server on Amazon ec2, When I try to change group file (chgrp danny /tmp/bla) I get "Operation not permitted". (I don't want to use "sudo") Anyone know the problem?
Asked
Active
Viewed 1,938 times
4 Answers
2
I think what Mike Scott is trying to explain is that only root, or someone elevated with sudo, can use the chgrp command.
David Mackintosh
- 14,223
- 6
- 46
- 77
-
In another machine it works, see : [06:57:01][ *danny* @ w1:~]$ whoami danny [07:26:54][ *danny* @ w1:~]$ touch /tmp/bla [07:27:48][ *danny* @ w1:~]$ chgrp apache /tmp/bla [07:27:55][ *danny* @ w1:~]$ ls -l /tmp/bla -rw-rw-r-- 1 danny apache 0 Apr 17 07:27 /tmp/bla – Oren Apr 17 '12 at 13:29
-
Check that the file A) doesn't exist before you test and B) isn't group-apache before the chgrp command. – David Mackintosh Apr 17 '12 at 13:56
0
You can edit your /etc/sudoers with visudo to allow a certain user to use only certain commands. For more information, please refer to man sudoers.
Sven
- 97,248
- 13
- 177
- 225
-
It should work without touching this file, I do not want to give this user permissions The file's owner user can confirm the file's group have Another machine that worked for some, there is no reason it will not work – Oren Apr 17 '12 at 13:36
-
0
I think this could be a sticky bit issue. You can only change the group of a file if you have the right permissions and /tmp is a special directory where the permissions of files are set to be the creator of the file (the 'sticky bit' is set on /tmp).
So your example of going onto another machine and doing
$ touch /tmp/bla
$ chgrp newgroup /tmp/bla
would work fine as when you created the file with touch it was created with your user/group. So you are allowed to alter the group. However, if another user created a file in /tmp it would belong to them and your normal user danny couldn't do anything to it. This is what I think your issue is.
Here's the requisite section from the wiki page:
When the sticky bit is set, only the item's owner, the directory's owner, or the superuser can rename or delete files. Without the sticky bit set, any user with write and execute permissions for the directory can rename or delete contained files, regardless of owner. Typically this is set on the /tmp directory to prevent ordinary users from deleting or moving other users' files.
webtoe
- 1,946
- 11
- 12
-
But i create new file with "danny" user in /tmp or /test and I try change the group with danny to apache and I get the error... and if I try same on anther machine it's work... the machine is new and clean.. i can't see problem on machine.. and the operating system same on machins and the drives.. I do not understand it.... – Oren Apr 17 '12 at 14:49
-
Sorry, you also can also only change the group to a group that you are part of. Add yourself to the apache group with `usermod -a -G apache username` (this will need to be done as root) and logout (you may need to reboot). You then should be able to change the group of that file. – webtoe Apr 17 '12 at 16:03
-1
The problem is that you don't want to use sudo. Change that, and you'll be fine.
Mike Scott
- 7,903
- 29
- 26
-
-
-
You can give the user permission to run only the chgrp command with sudo and no other commands -- check the syntax for the sudoers file. – Mike Scott Apr 17 '12 at 14:58