GNU/Linux


GNU/Linux: How to give access to a subfolder to a user where the user does not have execute permission over the parent folder

On GNU/Linux, you can traverse a directory if and only if you have execute permission on the whole path that you are going to use to access it. This rule applies a limitation to scenarios where for some reason you want to give execute access to a certain user on a subfolder but you do not want to enable the execute permission on the all the folders in the path.

In order to access the folder theFolder in the path /folderA/folderB/theFolder, if you are on the same level as folderA (or higher) you need to have execute permission both on folderA and folderA/folderB additionally to the permissions needed on theFolder. On another scenario if you are located in the same level as folderB (and you have execute rights to it) even if you do not have the execute rights to folder folderA you would still be able to access theFolder as your whole path (which is a relative path in this scenario) skips folderA. This feature is due to the fact that in GNU/Linux that the path that you use to access a folder determines your access constraints. In cases where the user does not have execute access to the whole path, creating symbolic links for them will not help you give them access. The kernel will still go through the access rights of the whole path that the symlink describes and it will act accordingly.

A hack-ish solution around this issue is to use mount to remount a part of the file hierarchy somewhere else using the bind parameter. For example: if we needed to give access to a user to the folder theFolder that resides in /folderA/folderB/theFolder without enabling execute rights on folderA nor /folderA/folderB we could execute the following command in a folder where that user already has execute access in (for example in the user’s home folder).

sudo mount --bind /folderA/folderB/theFolder finallyTheFolder;

Notes:

  • This solution circumvents security, be sure to think things through before implementing it
  • This solution ‘escapes’ normal good practices so it could lead to software bugs on your behalf
  • The bind will not persist after a reboot
  • To make this change permanent, you will need to add a configuration line in /etc/fstab
  • If the directory that you wish to bind contains mounted file systems, these file systems will not be transferred to the target. The mount points will appear as empty directories.
Advertisements

Compiling DJI Onboard-SDK: error: ‘fd_set’ does not name a type

While compiling the DJI Onboard SDK on a Fedora GNU/Linux we got the following error:

[ 41%] Building CXX object osdk-core/CMakeFiles/djiosdk-core.dir/platform/linux/src/linux_serial_device.cpp.o
In file included from Onboard-SDK/osdk-core/platform/linux/src/linux_serial_device.cpp:33:0:
Onboard-SDK/osdk-core/platform/linux/inc/linux_serial_device.hpp:97:3: error: ‘fd_set’ does not name a type; did you mean ‘tzset’?
 fd_set m_serial_fd_set;
 ^~~~~~
 tzset
In file included from /usr/include/sys/types.h:197:0,
 from /usr/include/stdlib.h:279,
 from /usr/include/c++/7/cstdlib:75,
 from /usr/include/c++/7/bits/stl_algo.h:59,
 from /usr/include/c++/7/algorithm:62,
 from Onboard-SDK/osdk-core/platform/linux/src/linux_serial_device.cpp:34:
Onboard-SDK/osdk-core/platform/linux/src/linux_serial_device.cpp: In member function ‘int DJI::OSDK::LinuxSerialDevice::_serialStart(const char*, int)’:
Onboard-SDK/osdk-core/platform/linux/src/linux_serial_device.cpp:330:14: error: ‘m_serial_fd_set’ was not declared in this scope
 FD_ZERO(&m_serial_fd_set);
 ^
Onboard-SDK/osdk-core/platform/linux/src/linux_serial_device.cpp:330:14: note: suggested alternative: ‘m_serial_fd’
Onboard-SDK/osdk-core/platform/linux/src/linux_serial_device.cpp:331:26: error: ‘m_serial_fd_set’ was not declared in this scope
 FD_SET(m_serial_fd, &m_serial_fd_set);
 ^
Onboard-SDK/osdk-core/platform/linux/src/linux_serial_device.cpp:331:26: note: suggested alternative: ‘m_serial_fd’
make[2]: *** [osdk-core/CMakeFiles/djiosdk-core.dir/build.make:735: osdk-core/CMakeFiles/djiosdk-core.dir/platform/linux/src/linux_serial_device.cpp.o] Error 1
make[1]: *** [CMakeFiles/Makefile2:86: osdk-core/CMakeFiles/djiosdk-core.dir/all] Error 2
make: *** [Makefile:130: all] Error 2

To resolve this, we added to the file Onboard-SDK/osdk-core/platform/linux/inc/linux_serial_device.hpp the following include directive right after line 37 (which contained #define LINUXSERIALDEVICE_H):

#include <sys/select.h>

Then, we issued make again which terminated successfully.

Source: https://github.com/dji-sdk/Onboard-SDK

Compilation Commands:

git clone https://github.com/dji-sdk/Onboard-SDK;

cd Onboard-SDK;

mkdir build;

cd build;

cmake ..;

#Modify the file Onboard-SDK/osdk-core/platform/linux/inc/linux_serial_device.hpp and add #include <sys/select.h> at the top

make all;

# Something

# Make profit


Linux on life issues

Why can GNU/Linux users always have love ?

Because they can install it from the repositories!

$ love
 bash: love: command not found...
 Install package 'love' to provide command 'love'? [N/y] y

What is the opinion of your PC on love ?

That is love is not something appropriate!

#When you do not have the love package installed, you will get the following message
$ whatis love
 love: nothing appropriate.

How to Start/Stop or Enable/Disable firewalld on Fedora 25

firewalld (Dynamic Firewall Manager) tool provides a dynamically managed firewall. The tool enables network/firewall zones to define the trust level of network connections and/or interfaces. It has support both for IPv4 and IPv6 firewall settings. Also, it supports Ethernet bridges and allow you to separate between runtime and permanent configuration options. Finally, it supports an interface for services or applications to add firewall rules directly.

Disable firewalld

To disable firewalld, execute the following command as root or using sudo:

systemctl disable firewalld;

Enable firewalld

To enable firewalld, execute the following command as root or using sudo:

systemctl enable firewalld;

Stop firewalld

To stop (or deactivate) firewalld,execute the following command as root or using sudo:

systemctl stop firewalld;

Start firewalld

To start (or activate) firewalld, execute the following command as root or using sudo:

systemctl start firewalld;

Status of firewalld

To check the status of firewalld, execute the following command as root or using sudo:

systemctl status firewalld;

CONCEPTS

systemd provides a dependency system between various entities called “units” of 12 different types. Units encapsulate various objects that are relevant for system boot-up and maintenance. The majority of units are configured in unit configuration files, whose syntax and basic set of options is described in systemd.unit(5), however some are created automatically from other configuration, dynamically from system state or programmatically at runtime. Units may be “active” (meaning started, bound, plugged in, …, depending on the unit type, see below), or “inactive” (meaning stopped, unbound, unplugged, …), as well as in the process of being activated or deactivated, i.e. between the two states (these states are called “activating”, “deactivating”). A special “failed” state is available as well, which is very similar to “inactive” and is entered when the service failed in some way (process returned error code on exit, or crashed, or an operation timed out). If this state is entered, the cause will be logged, for later reference. Note that the various unit types may have a number of additional substates, which are mapped to the five generalized unit states described here.
— From man systemd

The above, in a nutshell:

  • enabled is a service that is configured to start when the system boots
  • disabled is a service that is configured to not start when the system boots
  • active is a service that is currently running
  • inactive is a service that is currently stopped and may be disabled, but it can be started and become active

How to Start/Stop or Enable/Disable firewalld on CentOS 7 2

firewalld (Dynamic Firewall Manager) tool provides a dynamically managed firewall. The tool enables network/firewall zones to define the trust level of network connections and/or interfaces. It has support both for IPv4 and IPv6 firewall settings. Also, it supports Ethernet bridges and allow you to separate between runtime and permanent configuration options. Finally, it supports an interface for services or applications to add firewall rules directly.

Disable firewalld

To disable firewalld, execute the following command as root or using sudo:

systemctl disable firewalld

Enable firewalld

To enable firewalld, execute the following command as root or using sudo:

systemctl enable firewalld

Stop firewalld

To stop (or deactivate) firewalld,execute the following command as root or using sudo:

systemctl stop firewalld

Start firewalld

To start (or activate) firewalld, execute the following command as root or using sudo:

systemctl start firewalld

Status of firewalld

To check the status of firewalld, execute the following command as root or using sudo:

systemctl status firewalld

CONCEPTS

systemd provides a dependency system between various entities called “units” of 12 different types. Units encapsulate various objects that are relevant for system boot-up and maintenance. The majority of units are configured in unit configuration files, whose syntax and basic set of options is described in systemd.unit(5), however some are created automatically from other configuration, dynamically from system state or programmatically at runtime. Units may be “active” (meaning started, bound, plugged in, …, depending on the unit type, see below), or “inactive” (meaning stopped, unbound, unplugged, …), as well as in the process of being activated or deactivated, i.e. between the two states (these states are called “activating”, “deactivating”). A special “failed” state is available as well, which is very similar to “inactive” and is entered when the service failed in some way (process returned error code on exit, or crashed, or an operation timed out). If this state is entered, the cause will be logged, for later reference. Note that the various unit types may have a number of additional substates, which are mapped to the five generalized unit states described here.
— From man systemd

The above, in a nutshell:

  • enabled is a service that is configured to start when the system boots
  • disabled is a service that is configured to not start when the system boots
  • active is a service that is currently running
  • inactive is a service that is currently stopped and may be disabled, but it can be started and become active