zypper updates are changing permissions of my folders. How to find out which?

Hi all,

OS: Tumleweed
Web server: nginx
User of web server & php processes: nginx

I am having a very frustrating problem. After certain zypper updates, that I have yet to narrow down fully, certain file/folder permissions are changing. The ones I have noticed are:

  • My ownCloud installation folder always switches to the “default” ones; items are owned either by wwwrun or root. The updates remove my nginx user permissions. As stated above, I use the nginx user for both nginx and php.
  • the /var/lib/php5 folder, changes from nginx user permissions, to wwwrun

What “exactly” in openSUSE changes file/folder permissions? Is there a location where I can tell openSUSE to stop doing this? I ask, because I have never had a distribution do this, and on servers, it is the most frustrating thing to fix, and usually gets discovered after web services are found to be non-operational.

Hi,

The rpm specfile probably set the permissions to whatever it is defined in there. Now you can checkout the file

/etc/permissions

and see the comments but don’t use/edit that file since an update might revert all your changes instead create a

/etc/permissions.local

which is also mentioned in the comments of /etc/permissions file.

Good luck.

Thanks for the info, I forgot that the /etc/permissions files/directories existed.

In any event, I figured out that it’s defined in the spec file for php5, and ownCloud too. Looks like I should just use the wwwrun user for everything web server related. Shame I can’t choose my own, but I’ll work with what I have!

On 2015-07-28 16:26, sinayion wrote:
>
> Thanks for the info, I forgot that the /etc/permissions
> files/directories existed.
>
> In any event, I figured out that it’s defined in the spec file for php5,
> and ownCloud too. Looks like I should just use the wwwrun user for
> everything web server related. Shame I can’t choose my own, but I’ll
> work with what I have!

Of course you can. Just create the appropriate entries in permissions.local.


Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

I made everything web related based on wwwrun:www for now, and it works. But regarding the /etc/permissions.local suggestions, does that file always supersede any spec files/future updates?

I’m fine with using wwwrun:www if it’s easier in the long run on an openSUSE system, but happy to learn more :slight_smile:

Hi,

Yes that is the purpose of those ***.local **files, well at least in openSUSE. I already mentioned that on my first reply :wink:

Ah, gotcha! I misread that, with regards to which supersedes the other.

Thanks again to both of you for the help. I “think” for now, I’ll go with the wwwrun:www user route on my server, but I’ll experiment on a VM.

On 2015-07-29 07:06, sinayion wrote:

> But regarding the /etc/permissions.local suggestions, does that file
> always supersede any spec files/future updates?

Yes.


Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))