/bin/cp: cannot create regular file: Permission denied

[email protected]:~/repositories/cpanel-devops$ /bin/cp index.html /home/git/public_html/
/bin/cp: cannot create regular file '/home/git/public_html/index.html': Permission denied
[email protected]:~/repositories/cpanel-devops$ /bin/cp index.html /home/git/public_html/
/bin/cp: cannot create regular file '/home/git/public_html/index.html': Permission denied
So I'm following a deployment config file for cPanel and I think I'm pretty close to getting it set up. Part of the deployment process is to run the command on line 4:
deployment:
tasks:
- export DEPLOYPATH=/home/git/public_html/
- /bin/cp index.html $DEPLOYPATH # This
deployment:
tasks:
- export DEPLOYPATH=/home/git/public_html/
- /bin/cp index.html $DEPLOYPATH # This
The deployment process wasn't completing, so I logged into my git user (the one that owns the home directory, not the root user). I tried running the command /bin/cp index.html $DEPLOYPATH and I get the following error:
[email protected]:~/repositories/cpanel-devops$ /bin/cp index.html /home/git/public_html/
/bin/cp: cannot create regular file '/home/git/public_html/index.html': Permission denied
[email protected]:~/repositories/cpanel-devops$ /bin/cp index.html /home/git/public_html/
/bin/cp: cannot create regular file '/home/git/public_html/index.html': Permission denied
I've poked around and this seems to be a permissions issue. On further inspection, it seems to be the /home directory. The git user isn't authorized to read the /home directory (though I am able to execute /bin/cp and cd into /home/git (git's ~ directory)). I believe it would fix the issue if I changed the permissions, but the thing is, I don't want to. It doesn't make sense for me to do that either -- I don't want my git user to have access to other users' folders / files. Am I missing something or is the only way to sudo or change the /home folder permissions?
36 Replies
dys 🐙
dys 🐙9mo ago
What does ls -ld /home/git /home/git/public_html show? Both should be owned by git and user writable.
vince
vinceOP9mo ago
Hey, thank you for the response! I get the following output from that command:
drwx--x--x 16 git git 4096 Apr 11 04:13 /home/git
drwxr-x--- 2 git git 4096 Apr 11 03:36 /home/git/public_html
drwx--x--x 16 git git 4096 Apr 11 04:13 /home/git
drwxr-x--- 2 git git 4096 Apr 11 03:36 /home/git/public_html
Admittedly, I'm pretty bad at these commands so I'm not sure that they're writable. I think they're owned by git by the 3rd column and I do see the w for writable in the first column but I'm not sure if that's writable for git or for root So I just set rwx permissions to the group as well and I still get the error. So the git owner and git group both have rwx:
drwxrwx--x 16 git git 4096 Apr 11 04:13 /home/git
drwxrwx--- 2 git git 4096 Apr 11 03:36 /home/git/public_html
drwxrwx--x 16 git git 4096 Apr 11 04:13 /home/git
drwxrwx--- 2 git git 4096 Apr 11 03:36 /home/git/public_html
/bin/cp: cannot create regular file '/home/git/public_html/index.html': Permission denied
/bin/cp: cannot create regular file '/home/git/public_html/index.html': Permission denied
Lol I figured it out, thank you for rubber ducky-ing For whatever reason index.html was owned by root, so I chown git index.html as the root user and that worked! I've learned so much about linux commands doing this Though I still don't like how I have to give the /home directory's others group execute permissions for it to work I feel like that could be a security issue...
ἔρως
ἔρως9mo ago
i hope i am not late but ... why do you have the public_html folder in an home directory?
vince
vinceOP9mo ago
It's under a user
ἔρως
ἔρως9mo ago
i know, but why?
vince
vinceOP9mo ago
that's how cPanel sets it up by default
Jochem
Jochem9mo ago
user-based public_html folders aren't that strange, lots of apache setups support them
ἔρως
ἔρως9mo ago
yes, but it isnt common on local development environments therefore the question
Jochem
Jochem9mo ago
fair enough
ἔρως
ἔρως9mo ago
i do like how cpanel/whm does it a user per website
vince
vinceOP9mo ago
I think it makes a lot of sense but I don't know anything else I can just do sudo -iu <user> in the cmd line and do whatever I need on that website
ἔρως
ἔρως9mo ago
interactive sudo as the user?
vince
vinceOP9mo ago
yea it just lets me log in as the user and i go straight to their home directory so i dont have to go cd /home/<user> I can just do sudo -iu <user> then cd public_html then git pull origin main
ἔρως
ἔρως9mo ago
that is very smart, but can be automated
vince
vinceOP9mo ago
Yup which is what this thread is for 😂 I have it so I can just click 2 buttons in cPanel to have it pull from GitHub and then push to staging, but I still need to automate the pull step with GitHub actions
ἔρως
ἔρως9mo ago
if you have docker, in the server, you can use it as a runner
vince
vinceOP9mo ago
we use ddev which I know uses docker under the hood but I think we're just exposing the built web/ files
ἔρως
ἔρως9mo ago
as long as you can do something with the docker, it's fine
vince
vinceOP9mo ago
Yea I don't think we're using docker to host it or anything It's an apache server that just looks for the web dir I think
ἔρως
ἔρως9mo ago
that's how cpanel works
vince
vinceOP9mo ago
so how would adding anything to docker help automate the process if what I'm trying to do is automatically pull changes from github and then build and push to staging on the server?
ἔρως
ἔρως9mo ago
you use docker to host github runners and then, the actions run in your server making things a lot easier for you
vince
vinceOP9mo ago
oh you're saying to self host the runners via docker ? I was just going to let github do it I want lowest barrier to entry as possible I'm not trying to overcomplicate it since I don't know how docker works
ἔρως
ἔρως9mo ago
well, you have a server that you're already paying for and if it is doing the runner's job, then everything is "right there" you can have both too, and your server works as a fallback
vince
vinceOP9mo ago
yea that would make the most sense to self host it but idk what im doing and im not getting paid for this so trying to keep it as simple as possible idek how to automate the pulling yet via github actions
ἔρως
ἔρως9mo ago
then try it for yourself first
vince
vinceOP9mo ago
i know theres preconfigured ftp actions but they kinda look like junk so im just gonna make a custom one
ἔρως
ἔρως9mo ago
ssh is an option
vince
vinceOP9mo ago
yea thats what i was looking at it seems like i just have make a few steps for the github runner: on staging branch push: 1. log into ssh and into the right user 2. pull staging branch from github 3. cp git repo into staging directory does that sound right? I dont have to build anything as we're just pushing the already built files into the git repo
ἔρως
ἔρως9mo ago
here's the problem: you will have to connect to ssh multiple times, as ssh doesn't give you any information on if a command is running or not
vince
vinceOP9mo ago
o really? huh its not smart enough to create a session with the runner?
ἔρως
ἔρως9mo ago
it's not that it's just that you would need a screen reader to run more than 1 command in ssh, automatically you would need things like expect so, you will connect to ssh once per command and there's a tiny chance that one of the ssh commands doesn't connect, or takes too long
vince
vinceOP9mo ago
i c
vince
vinceOP9mo ago
one step closer
No description
vince
vinceOP9mo ago
i didn't have to do any multiple ssh stuff though i did use a third party action
ἔρως
ἔρως9mo ago
as long as it works, that's the most important
Want results from more Discord servers?
Add your server