0

I have recently configured a Symfony 3 site which involved me to set up some permissions on the /var folder. I had to do the following:

$ HTTPDUSER=`ps axo user,comm | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | head -1 | cut -d\  -f1`
$ sudo setfacl  -R -m u:"$HTTPDUSER":rwX -m u:`whoami`:rwX var
$ sudo setfacl -dR -m u:"$HTTPDUSER":rwX -m u:`whoami`:rwX var

This added the necessary permissions, but now I get the following message every time I use the sudo command.

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

[sudo] password for user:

This usually is sent only the first time a user uses sudo.  Also, I used to be able to put my password in for sudo once and it would expire after some time (and then I would have to re-enter it again).  Now I get both the massage and prompt for password every time.

Is there a way to fix this?

G-Man Says 'Reinstate Monica'
  • 22,130
  • 27
  • 68
  • 117
Dblock247
  • 101
  • 2
  • Granting the user that runs your web server full read-write permissions to `/var` recursively is an insanely bad idea for security. This is probably why `sudo` is not working right. It stores it's data in `/var`, and is likely now refusing to do so because `/var` is insecure. – phemmer Jun 27 '16 at 04:53
  • @Patrick is there a better suggestion that could fix my problem. First how do i fix what i messed up. Second how to I give the proper permissions to allow Symfony to do what it needs? – Dblock247 Jun 27 '16 at 05:31
  • ? Did you setup sudo ? I.e. there is no default sudo in Debian. – Knud Larsen Jun 27 '16 at 09:56
  • There is a sudo. Everything was set up just fine working perfectly. I just need to give Symfony the permissions it needed to run. Now things are not working right. – Dblock247 Jun 27 '16 at 14:05

2 Answers2

0

Just in case anyone was wondering this is what I did to fix this problem.

Fix:

sudo setfacl -R -b

This recursively (-R) removes all (-b) acl permissions

I was also getting a group write warning for the following files:

/var/lib/sudo/lectured
/var/lib/sudo/ts

Fix: 

sudo chmod 700

for both of the files and that correct the permissions and it fixed the warnings

Dblock247
  • 101
  • 2
-1

If you would type

sudo -s

in the terminal then all command afterward will be executed as sudo, but I would not suggest staying in such mode if not necessary.

user2352065
  • 1