Do I have the right permissions?

Hi,
I did accidentally save the seahub_settings.py with sudo but I did change it back trough sudo chmod -R Seafile:Seafile.
But I’m not sure that it’s the right permissions as it is now.
So here is it:

-rw-rw-r-- 1 seafile seafile 310 Dec 2 08:00 ccnet.conf
-rw-rw-r-- 1 seafile seafile 69 Dec 2 07:52 seafdav.conf
-rw-rw-r-- 1 seafile seafile 707 Dec 5 13:59 seafile.conf
-rwx------ 1 seafile seafile 1098 Dec 23 12:31 seahub_settings.py
-rw------- 1 seafile seafile 1049 Dec 23 12:32 seahub_settings.pyc

Is it right? it’s only for the seahub_settings.py i’m wondering.

In my installation all files are owned by root. Is it a problem?

That’s not recommended, then you always must run seafile as root.

Seafile runs as root by the systemd service. What’s wrong with that?

It’s not recommedned to run any 3rd party software as root, google and you will find the answer.

Well, how to fix it? The systemd services run as root.

Guys…

To evaluate who can access what, you need to think just a little broader:
A file has a user and a group and it has three different sets of permissions for each of them (and all the rest).
Additionally on normal Linux systems, root can access the files anyways, regardless of the actual permissions.

So for these two cases this means:

  • If your settings file is owned by seafile and has read permissions for the user (the first three letters rwx), processes run by the users root and seafile can access it
  • If your settings file is owned by root and has read permissions for others (the last three letters rwx), it can also be access by root and seafile likewise (and every other user on the system)

Whether the systemd unit runs as root or the user is simply dependent on whether there is a User= directive in the unit file. You could just add it if it doesn’t exist.


And my final remark:
IMHO, if you don’t even understand the (not-so-hard) concept of users, groups and permissions in the traditional UNIX way (https://en.wikipedia.org/wiki/File_system_permissions#Notation_of_traditional_Unix_permissions), you should not be administrating publicly accessible servers at all. Sorry. Please learn some basics first before you do that.

3 Likes