0

I created an apache web server using CFT; this is using RHEL 7. In order to allow ec2-user to modify files in apache document root folder, I added the following in CFT (taken from var/log/cloud-init.log)

Jun 30 16:11:15 ip-10-205-0-135 cloud-init: groupadd www Jun 30 16:11:16 ip-10-205-0-135 cloud-init: usermod -a -G www ec2-user Jun 30 16:11:16 ip-10-205-0-135 cloud-init: chown -R root:www /var/www Jun 30 16:11:16 ip-10-205-0-135 cloud-init: chmod 2775 /var/www Jun 30 16:11:16 ip-10-205-0-135 cloud-init: find /var/www -type d -exec chmod 2775 {} \; Jun 30 16:11:16 ip-10-205-0-135 cloud-init: find /var/www -type f -exec chmod 0664 {} \;

As you can see from log, this went fine. However, when logged under ec2, it gives permission error as below:

[ec2-user@ip-10-206-32-92 html]$ aws s3 sync s3://gfrepo/releases releases download failed: s3://gfrepo/releases/binaries.html to releases/binaries.html [Errno 13] Permission denied: u'/var/www/html/releases/binaries.html' download failed: s3://gfrepo/releases/B1556013/B1556013.jar to releases/B1556013/B1556013.jar Could not create directory /var/www/html/releases/B1556013: [Errno 13] Permission denied: '/var/www/html/releases/B1556013'

I ended up elevating my permission as sudo to complete s3 sync. Not sure why it's giving permission error for ec2-user. Here are the listing of the permissions: 

[ec2-user@ip-10-206-32-92 www]$ ls -l total 0 
drwxrwsr-x. 2 root www 6 Mar 21 02:33 cgi-bin 
drwxrwsr-x. 3 root www 55 Jun 30 16:11 html 

[ec2-user@ip-10-206-32-92 www]$ groups ec2-user 
ec2-user : ec2-user adm wheel systemd-journal www

As you can see ec2-user is part of www group and www is the owner of html sub-dir

Piyush Patil
  • 14,512
  • 6
  • 35
  • 54
Suvro Choudhury
  • 115
  • 1
  • 5
  • 18

1 Answers1

0

You have to make sure the ec2-user belongs to the group that has write permission

if the directory /var/www/html is owned by root it will not let you write to the folder.

first do you an ls -l on /var/www/html

find out what's the group name, it's next to user

then issue this command 

sudo usermod -a -G www ec2-user

You need to add ec2-user to the www group

You're logged in ec2-user, although you're issuing an aws s3 sync command, you need permission to write to the permissible directory, that's why it's failing.

This directory /var/www/html/releases/ does not have the permission.

Could not create directory /var/www/html/releases/B1556013 <----

or su to root and try the command.

unixmiah
  • 3,081
  • 1
  • 12
  • 26
  • I already have usermod -a -G www ec2-user in my CFT (I have attached the log above). Hence, when I type groups ec2-user, it shows that ec2-user is already part of www group {[ec2-user@ip-10-206-32-92 html]$ groups ec2-user ec2-user : ec2-user adm wheel systemd-journal www}. Also, when I did ls -l against html folder, it shows www group {[ec2-user@ip-10-206-32-92 html]$ ls -l total 12 -rwxr-xr-x. 1 root www 258 Jun 30 15:06 error.html -rwxr-xr-x. 1 root www 334 Jun 30 15:06 index.html drwxr-sr-x. 13 root www 4096 Jul 18 14:28 releases } – Suvro Choudhury Jul 19 '16 at 23:21
  • you're issue is this: http://stackoverflow.com/questions/12700921/s3-moving-files-between-buckets-on-different-accounts/17162973#17162973 – unixmiah Jul 19 '16 at 23:29
  • you need to permit s3 command for source and destination. in your s3 setup, when you included the user in the config make sure that user has permissions to write to the directories, especially when creating files. – unixmiah Jul 19 '16 at 23:33
  • Thanks, but I think it's an unix issue. Pls see below, when I try to create folder or, file in html sub-dir under ec2-user, it gives permission error-[ec2-user@ip-10-206-32-92 releases]$ mkdir testfolder mkdir: cannot create directory ‘testfolder’: Permission denied | [ec2-user@ip-10-206-32-92 releases]$ nano testfile Error writing testfile: Permission denied ] – Suvro Choudhury Jul 19 '16 at 23:43
  • ahh, no problem. make sure that user has permissions. – unixmiah Jul 19 '16 at 23:50