Check Linux groups

ninehealth@LinuxVM15:~/work/moviegeek$ groups ninehealth

ninehealth : ninehealth adm dialout cdrom floppy sudo audio dip video plugdev lxd netdev

Add `webserver` group

ninehealth@LinuxVM15:~/work/moviegeek$ groupadd webserver

groupadd: Permission denied.
groupadd: cannot lock /etc/group; try again later.

ninehealth@LinuxVM15:~/work/moviegeek$ cat /etc/group
root:x:0:
daemon:x:1:
bin:x:2:

ninehealth@LinuxVM15:~/work/moviegeek$ sudo groupadd webserver

Add `webserver` user

ninehealth@LinuxVM15:~/work/moviegeek$ useradd -g webserver -g ninehealth -m webserver

useradd: Permission denied.
useradd: cannot lock /etc/passwd; try again later.

ninehealth@LinuxVM15:~/work/moviegeek$ cat /etc/passwd

root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin

ninehealth@LinuxVM15:~/work/moviegeek$ sudo useradd -g webserver -g ninehealth -m webserver

Check `webserver` home folder

ninehealth@LinuxVM15:~/work/moviegeek$ sudo su webserver

webserver@LinuxVM15:~$ pwd
/home/webserver

webserver@LinuxVM15:~$ ls -alhrt

total 20K
-rw-r--r-- 1 webserver ninehealth  807 Apr  5  2018 .profile
-rw-r--r-- 1 webserver ninehealth 3.7K Apr  5  2018 .bashrc
-rw-r--r-- 1 webserver ninehealth  220 Apr  5  2018 .bash_logout
drwxr-xr-x 4 root      root       4.0K Jan  4 05:35 ..

Check `webserver` user's group

webserver@LinuxVM15:~$ groups webserver

webserver : ninehealth

Add webserver user to webserver group

ninehealth@LinuxVM15:~/work/moviegeek$ sudo usermod -a -G webserver webserver

ninehealth@LinuxVM15:~/work/moviegeek$ groups webserver
webserver : ninehealth webserver

Create `webserver` MovieGEEKs web app

webserver@LinuxVM15:/home/ninehealth/work$ mkdir moviegeek_webserver

webserver@LinuxVM15:/home/ninehealth/work$ ll
total 32
drwxrwxr-x  8 ninehealth ninehealth 4096 Jan  4 05:40 ./
drwxr-xr-x 11 ninehealth ninehealth 4096 Jan  4 05:34 ../
drwxrwxr-x  2 ninehealth ninehealth 4096 Dec 29 07:32 backup_db/
drwxrwxr-x 17 ninehealth ninehealth 4096 Jan  3 21:34 foodgeek/
drwxrwxr-x 16 ninehealth ninehealth 4096 Jan  2 19:47 moviegeek/
drwxrwxr-x  4 ninehealth ninehealth 4096 Dec 15 19:25 moviegeek.wiki/
drwxr-xr-x  2 webserver  ninehealth 4096 Jan  4 05:40 moviegeek_webserver/
drwxrwxr-x  3 ninehealth ninehealth 4096 Dec 13 07:26 py_env_test/

Change owner of moviegeek_webserver to webserver user and webserver group.

webserver@LinuxVM15:/home/ninehealth/work$ chown -R webserver:webserver moviegeek_webserver

webserver@LinuxVM15:/home/ninehealth/work$ ll
total 32
drwxrwxr-x  8 ninehealth ninehealth 4096 Jan  4 05:40 ./
drwxr-xr-x 11 ninehealth ninehealth 4096 Jan  4 05:34 ../
drwxrwxr-x  2 ninehealth ninehealth 4096 Dec 29 07:32 backup_db/
drwxrwxr-x 17 ninehealth ninehealth 4096 Jan  3 21:34 foodgeek/
drwxrwxr-x 16 ninehealth ninehealth 4096 Jan  2 19:47 moviegeek/
drwxrwxr-x  4 ninehealth ninehealth 4096 Dec 15 19:25 moviegeek.wiki/
drwxr-xr-x  2 webserver  webserver  4096 Jan  4 05:40 moviegeek_webserver/
drwxrwxr-x  3 ninehealth ninehealth 4096 Dec 13 07:26 py_env_test/

Check `webserver` folder permission

webserver@LinuxVM15:/home/ninehealth/work$ exit
exit

ninehealth@LinuxVM15:~/work/moviegeek$ cd ../moviegeek_webserver/

ninehealth@LinuxVM15:~/work/moviegeek_webserver$ touch aa.txt
touch: cannot touch 'aa.txt': Permission denied

ninehealth@LinuxVM15:~/work/moviegeek_webserver$ echo hello > hello.txt
-bash: hello.txt: Permission denied

Add `webserver` user environment files

ninehealth@LinuxVM15:~/work/moviegeek_webserver$ sudo su webserver

webserver@LinuxVM15:/home/ninehealth/work/moviegeek_webserver$ cd ~

webserver@LinuxVM15:~$ cp -pr ../ninehealth/.vimrc .
webserver@LinuxVM15:~$ cp -pr ../ninehealth/my.screenrc .
webserver@LinuxVM15:~$ cp -pr ../ninehealth/.screenrc .
webserver@LinuxVM15:~$ mkdir .vim

Make a shortcut to common work folder.

webserver@LinuxVM15:~$ ln -s /home/ninehealth/work .

webserver@LinuxVM15:~$ ll
total 40
drwxr-xr-x 3 webserver ninehealth 4096 Jan  4 05:45 ./
drwxr-xr-x 4 root      root       4096 Jan  4 05:35 ../
-rw------- 1 webserver ninehealth  330 Jan  4 05:41 .bash_history
-rw-r--r-- 1 webserver ninehealth  220 Apr  5  2018 .bash_logout
-rw-r--r-- 1 webserver ninehealth 3771 Apr  5  2018 .bashrc
-rw-r--r-- 1 webserver ninehealth  807 Apr  5  2018 .profile
-rw-rw-r-- 1 webserver ninehealth 1133 Dec 12 18:46 .screenrc
drwxr-xr-x 2 webserver ninehealth 4096 Jan  4 05:44 .vim/
-rw-rw-r-- 1 webserver ninehealth  241 Dec 13 07:15 .vimrc
-rw-rw-r-- 1 webserver ninehealth   74 Dec 15 09:20 my.screenrc
lrwxrwxrwx 1 webserver ninehealth   21 Jan  4 05:45 work -> /home/ninehealth/work/

Copy the MovieGEEKs folder to the new `webserver` folder

webserver@LinuxVM15:~/work/moviegeek_webserver$ rsync -av ../moviegeek/ .

venv_3.6.9/share/python-wheels/six-1.11.0-py2.py3-none-any.whl
venv_3.6.9/share/python-wheels/urllib3-1.22-py2.py3-none-any.whl
venv_3.6.9/share/python-wheels/webencodings-0.5-py2.py3-none-any.whl
venv_3.6.9/share/python-wheels/wheel-0.30.0-py2.py3-none-any.whl

sent 624,576,138 bytes  received 352,744 bytes  22,724,686.62 bytes/sec
total size is 623,048,784  speedup is 1.00

Correct the owner of this folder.

webserver@LinuxVM15:~/work/moviegeek_webserver$ chown -R webserver:webserver *

webserver@LinuxVM15:~/work/moviegeek_webserver$ ll -alhrt
total 176M
-rw-rw-r--  1 webserver  webserver   11K Dec 13 06:57 README.md
-rw-rw-r--  1 webserver  webserver  1.1K Dec 13 06:57 LICENSE
-rw-rw-r--  1 webserver  webserver   150 Dec 13 06:57 Dockerfile
-rw-rw-r--  1 webserver  ninehealth  341 Dec 13 06:57 .travis.yml
-rw-rw-r--  1 webserver  ninehealth  156 Dec 13 06:57 .gitignore
drwxrwxr-x  4 webserver  webserver  4.0K Dec 13 06:57 templates/
drwxrwxr-x  4 webserver  webserver  4.0K Dec 13 06:57 static/
-rw-rw-r--  1 webserver  webserver  3.1K Dec 13 06:57 populate_sample_of_descriptions.py
-rw-rw-r--  1 webserver  webserver  1.9K Dec 13 06:57 populate_ratings_from_MovieLens_data.py

The chown (change owner) command is not worked with hidden files (files that are started with a dot .)

webserver@LinuxVM15:~/work/moviegeek_webserver$ chown -R webserver:webserver .*

chown: changing ownership of '../moviegeek/builder/implicit_ratings_calculator.py': Operation not permitted
chown: changing ownership of '../moviegeek/builder/user_cluster_calculator.py': Operation not permitted
chown: changing ownership of '../moviegeek/builder/fwls_calculator.py': Operation not permitted
chown: changing ownership of '../moviegeek/builder/lda_model_calculator.py': Operation not permitted
chown: changing ownership of '../moviegeek/builder/item_similarity_calculator.py': Operation not permitted
chown: changing ownership of '../moviegeek/builder/__pycache__/__init__.cpython-36.pyc': Operation not permitted
chown: changing ownership of '../moviegeek/builder/__pycache__/implicit_ratings_calculator.cpython-36.pyc': Operation not permitted
chown: changing ownership of '../moviegeek/builder/__pycache__': Operation not permitted
chown: changing ownership of '../moviegeek/builder/bpr_calculator.py': Operation not permitted

This command is not correct but it worked =.=

ninehealth@LinuxVM15:~/work/moviegeek_webserver$ ls -alhrt
total 176M
-rw-rw-r--  1 webserver  webserver   11K Dec 13 06:57 README.md
-rw-rw-r--  1 webserver  webserver  1.1K Dec 13 06:57 LICENSE
-rw-rw-r--  1 webserver  webserver   150 Dec 13 06:57 Dockerfile
-rw-rw-r--  1 webserver  webserver   341 Dec 13 06:57 .travis.yml
-rw-rw-r--  1 webserver  webserver   156 Dec 13 06:57 .gitignore
drwxrwxr-x  4 webserver  webserver  4.0K Dec 13 06:57 templates
drwxrwxr-x  4 webserver  webserver  4.0K Dec 13 06:57 static
-rw-rw-r--  1 webserver  webserver  3.1K Dec 13 06:57 populate_sample_of_descriptions.py
-rw-rw-r--  1 webserver  webserver  1.9K Dec 13 06:57 populate_ratings_from_MovieLens_data.py
-rw-rw-r--  1 webserver  webserver  1.2K Dec 13 06:57 populate_ratings.py
-rw-rw-r--  1 webserver  webserver  1.8K Dec 13 06:57 populate_moviegeek.py
-rw-rw-r--  1 webserver  webserver  6.0K Dec 13 06:57 populate_logs.py
drwxrwxr-x  2 webserver  webserver  4.0K Dec 13 06:57 notebooks
-rwxrwxr-x  1 webserver  webserver   254 Dec 13 06:57 manage.py

9health / moviegeek

Add webserver user #29

Description

28

How to prevent it

Output

Note

Check Linux groups

Add `webserver` group

Add `webserver` user

Check `webserver` home folder

Check `webserver` user's group

Create `webserver` MovieGEEKs web app

Check `webserver` folder permission

Add `webserver` user environment files

Copy the MovieGEEKs folder to the new `webserver` folder

9health / moviegeek

Add webserver user #29

Description

28

How to prevent it

Output

Note

Check Linux groups

Add webserver group

Add webserver user

Check webserver home folder

Check webserver user's group

Create webserver MovieGEEKs web app

Check webserver folder permission

Add webserver user environment files

Copy the MovieGEEKs folder to the new webserver folder

Add `webserver` group

Add `webserver` user

Check `webserver` home folder

Check `webserver` user's group

Create `webserver` MovieGEEKs web app

Check `webserver` folder permission

Add `webserver` user environment files

Copy the MovieGEEKs folder to the new `webserver` folder