• Skip to main content

Uly.me

cloud engineer

  • Home
  • About
  • Archives

permissions

AWS S3 Bucket Permission

February 16, 2021

I was getting this error when downloading a file from a S3 bucket.

fatal error: An error occurred (403) when calling the HeadObject operation: Forbidden

fatal error: An error occurred (403) when calling the HeadObject operation: Forbidden

Turns out to be a permission issue. Use –acl bucket-owner-full-control.

# UPLOAD
aws s3 cp file.txt s3://bucket-name/dir/ --acl bucket-owner-full-control
upload: .\file.txt to s3://bucket-name/dir/fw.sh
# DOWNLOAD
aws s3 cp s3://bucket-name/dir/file.txt . --acl bucket-owner-full-control
download: s3://bucket-name/dir/file.txt to .\file.txt

# UPLOAD aws s3 cp file.txt s3://bucket-name/dir/ --acl bucket-owner-full-control upload: .\file.txt to s3://bucket-name/dir/fw.sh # DOWNLOAD aws s3 cp s3://bucket-name/dir/file.txt . --acl bucket-owner-full-control download: s3://bucket-name/dir/file.txt to .\file.txt

You need to do for both upload and download.

Filed Under: Cloud Tagged With: aws, bucket, permissions, s3

AWS RDS Backup Permission

December 31, 2019

Here’s the IAM policy to allow RDS Backup or create a snapshot on AWS.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "rds:RestoreDBClusterFromSnapshot",
		"rds:DescribeDBSnapshots",
		"rds:CopyDBSnapshot",
		"rds:CopyDBClusterSnapshot",
		"rds:DeleteDBSnapshot",
		"rds:DeleteDBClusterSnapshot",
		"rds:CreateDBSnapshot",
		"rds:RestoreDBInstanceFromDBSnapshot",
		"rds:CreateDBInstance",
		"rds:DescribeDBClusterSnapshots",
		"rds:DescribeDBInstances",
		"rds:DescribeDBClusters",
		"rds:DeleteDBInstance",
		"rds:CreateDBClusterSnapshot",
		"rds:ModifyDBSnapshotAttribute",
		"rds:ModifyDBClusterSnapshotAttribute",
		"rds:ListTagsForResource",
		"rds:DeleteDBCluster",
		"ec2:DescribeSecurityGroups",
		"ec2:DescribeRegions",
		"ec2:DescribeAvailabilityZones",
		"ec2:DescribeVpcs",
		"ec2:DescribeAccountAttributes",
		"ec2:DescribeSubnets",
		"iam:GetUser",
		"iam:GetAccountAuthorizationDetails",
		"kms:ReEncrypt*",
		"kms:GenerateDataKey*",
		"kms:CreateGrant",
		"kms:DescribeKey*",
		"kms:ListKeys",
		"kms:ListAliases",
		"kms:Encrypt",
		"kms:Decrypt",
		"kms:GenerateDataKeyWithoutPlaintext",
		"kms:ListKeys",
		"kms:ListAliases",
		"kms:ListResourceTags"
            ],
            "Resource": "*"
        }
    ]
}

{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "rds:RestoreDBClusterFromSnapshot", "rds:DescribeDBSnapshots", "rds:CopyDBSnapshot", "rds:CopyDBClusterSnapshot", "rds:DeleteDBSnapshot", "rds:DeleteDBClusterSnapshot", "rds:CreateDBSnapshot", "rds:RestoreDBInstanceFromDBSnapshot", "rds:CreateDBInstance", "rds:DescribeDBClusterSnapshots", "rds:DescribeDBInstances", "rds:DescribeDBClusters", "rds:DeleteDBInstance", "rds:CreateDBClusterSnapshot", "rds:ModifyDBSnapshotAttribute", "rds:ModifyDBClusterSnapshotAttribute", "rds:ListTagsForResource", "rds:DeleteDBCluster", "ec2:DescribeSecurityGroups", "ec2:DescribeRegions", "ec2:DescribeAvailabilityZones", "ec2:DescribeVpcs", "ec2:DescribeAccountAttributes", "ec2:DescribeSubnets", "iam:GetUser", "iam:GetAccountAuthorizationDetails", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:CreateGrant", "kms:DescribeKey*", "kms:ListKeys", "kms:ListAliases", "kms:Encrypt", "kms:Decrypt", "kms:GenerateDataKeyWithoutPlaintext", "kms:ListKeys", "kms:ListAliases", "kms:ListResourceTags" ], "Resource": "*" } ] }

Filed Under: Cloud Tagged With: aws, backup, iam, permissions, policy, rds, snapshot

Copy Files Using Rsync

August 30, 2019

Here’s how to copy files from one directory to another.

rsync -arvz /dir1 /dir2 >> /tmp/rsync.log &

rsync -arvz /dir1 /dir2 >> /tmp/rsync.log &

Format: rsynch –options source destination

Options

  • -a archive mode
  • -v verbose
  • -p keep permissions
  • -z zipped during transfer
  • -r recursive

Filed Under: Linux Tagged With: archive, permissions, recursive, rsync, verbose, zipped

Display Octal Permissions

February 26, 2017

If you’re working on the command line, listing a directory to display permissions of files is not always the most user-friendly. Here’s an example of listing the files in a directory using the ‘ls -al’ command.

$ ls -al
total 20
drwxrwsr-x  2 ulysses www-data 4096 Feb 26 13:31 .
drwxrwsr-x 10 ulysses www-data 4096 Feb 26 02:30 ..
-rw-rw-r--  1 ulysses www-data    0 Feb 26 13:31 display.txt
-rwxrwxr-x  1 ulysses ulysses   659 Dec  3 06:40 sync_com.sh
-rw-r--r--  1 ulysses ulysses   181 Feb 26 13:26 sync_db.sh
-rwxrwxr-x  1 ulysses ulysses   244 Feb 26 13:23 sync_s3.sh

$ ls -al total 20 drwxrwsr-x 2 ulysses www-data 4096 Feb 26 13:31 . drwxrwsr-x 10 ulysses www-data 4096 Feb 26 02:30 .. -rw-rw-r-- 1 ulysses www-data 0 Feb 26 13:31 display.txt -rwxrwxr-x 1 ulysses ulysses 659 Dec 3 06:40 sync_com.sh -rw-r--r-- 1 ulysses ulysses 181 Feb 26 13:26 sync_db.sh -rwxrwxr-x 1 ulysses ulysses 244 Feb 26 13:23 sync_s3.sh

There has to be a better way to display permissions?

Well, there is. It’s a command called “stat” that displays the detailed status about a file or file system. On one of the switches of the stat command, is an option that allows you to display the file status in human readable format. Here’s an example using the stat from the command line.

$ stat -c '%A %a %n' *
664 display.txt
775 sync_com.sh
644 sync_db.sh
775 sync_s3.sh

$ stat -c '%A %a %n' * 664 display.txt 775 sync_com.sh 644 sync_db.sh 775 sync_s3.sh

The result is a list of files in a directory with the file permissions in human readable format!

Filed Under: Linux Tagged With: ls, permissions, stat

Fix WordPress Permissions

January 25, 2017

Here’s the recommended permissions for WordPress.

Permissions

Directories = 755
Files = 644

Install From Scratch

If you’re starting from scratch, follow the instructions below.

Assuming you’re logged in as normal user. Use sudo to execute commands as superuser.

cd /var/www/
sudo wget https://wordpress.org/latest.tar.gz
sudo tar -xzvf latest.tar.gz
sudo chown -R www-data:www-data wordpress

cd /var/www/ sudo wget https://wordpress.org/latest.tar.gz sudo tar -xzvf latest.tar.gz sudo chown -R www-data:www-data wordpress

Fix Current

If your permissions are wrong, then perform the following.

sudo find /var/www/wordpress/ -type d -exec chmod 755 {} \
sudo find /var/www/wordpress/ -type f -exec chmod 644 {} \

sudo find /var/www/wordpress/ -type d -exec chmod 755 {} \ sudo find /var/www/wordpress/ -type f -exec chmod 644 {} \

Filed Under: WP Tagged With: chown, permissions

  • Home
  • About
  • Archives

Copyright © 2023