59

When I ssh in to my vagrant vm, I can change permissions of files and folders above and outside the vagrant user folder, and for files within the vagrant user folder. But cannot change permissions for folders under the vagrant user folder. I have the same problem whether logged in as the vagrant user and root.

Is there some sort of restriction on changing permissions in the vagrant user's folder? The vagrant user folder is not shared with the host OS, but the capistrano deploy folder and the docRoot are.

Guest is CentOS 6, Host is OS X 10.7. Vagrant is 1.0.5. Virtualbox is 4.2.1.

kayaker243
  • 2,580
  • 3
  • 22
  • 30

7 Answers7

93

The format for shared folders changes across different versions of Vagrant. See Fabio's answer https://serverfault.com/questions/398414/vagrant-set-default-share-permissions

Vagrant version 1.3.1 and earlier

config.vm.share_folder "v-data", "/export", "/export", :owner => 'vagrant', :group => 'httpd', :extra => 'dmode=775,fmode=775'

Vagrant version 1.3.1, 1.3.2

In Vagrant 1.3.1 and later, the extra option has been replaced with mount_options that expects an array.

config.vm.share_folder "v-data", "/export", "/export", :owner => 'vagrant', :group => 'httpd', :mount_options => ['dmode=775', 'fmode=775']

Vagrant version >=1.3.3

In vagrant 1.3.3 it appears config.vm.share_folder has been replaced with config.vm.synced_folder.

config.vm.synced_folder "v-data", "/export", "/export", :owner => 'vagrant', :group => 'httpd', :mount_options => ['dmode=775', 'fmode=775']

xarlymg89
  • 2,552
  • 2
  • 27
  • 41
Greg Elin
  • 1,054
  • 8
  • 4
  • Please comment if you have more information on Vagrant versions and share_folder and synced_folder commands. I have not tested each statement across each Vagrant version and could not find clear documentation. I did find this related Vagrant pull issue: https://github.com/mitchellh/vagrant/pull/1029 – Greg Elin Sep 26 '13 at 09:52
  • man, this needs upvoted more. There's pretty much no documentation on `:mount_options` for the newer versions; I had to figure it out through trial and error. – Amelia Oct 25 '13 at 08:16
  • not sure about past versions of vagrant but the current version (1.4.3) needs the syntax @DavidSpreekmeester shows in his answer which he says worked in 1.2.7. – MatthewLee Mar 10 '14 at 21:42
  • this works, but mostly for files and folders already created. i got problems by creating new files/folders on the host but within the guest sometimes i got weird behavior - i can see the files/folders by listing them, but cannot access them at all. when listing, i see no permissions at all, just questionmarks like `?????????? ? ? ? ? ? AppendStream.php `. this problem disappears after i reboot the guest, i can access those `?` files again under the `config.vm.share_folder` permissions. note i tried also `777` – ulkas Aug 15 '14 at 15:10
  • this behavior appears on linux host (mint) as well as on windows (7 64b) host – ulkas Aug 15 '14 at 15:11
  • Why set the group to httpd + permissions change, and not just set the owner to httpd (instead of vagrant)? – SamGoody Sep 14 '14 at 08:24
  • This solution does not work for me in Vagrant 1.6.5 After changing the owner and group to www-data, the owner and group in the guest OS is still vagrant. – Tyguy7 Mar 13 '15 at 18:46
  • ^^^ Apparently it still shows the vagrant user and group, but it does operate as the selected user and group, fixed my problems. – Tyguy7 Mar 13 '15 at 19:21
  • I had to remove the duplicate folder `"/export"` it was causing an error. – Mihail Minkov Dec 13 '18 at 18:03
17

My issue might be related to yours.

I have a centos vm in vagrant as the guest and win7 as the host.

I can't actually change the permissions in the VM of any folders that are shared with the Host.

will report back if I discover anything useful. Discuss on google group here:

https://groups.google.com/forum/?fromgroups=#!topic/vagrant-up/2JvcoZTuWRI

UPDATE 1: I have also read that you can't create symlinks in shared folders.

UPDATE 2: It seems that I can't change the permissions in the virtual box after it's been created. However in the VagrantFile you can set the permissions on the shared folders to something that suites: I.E. 

config.vm.share_folder "v-data", "/export", "/export", :owner=> 'vagrant', :group=>'httpd', :extra => 'dmode=775,fmode=775'

here I have set the owner, group and the permissions that work for us.

I hope this helps.

Jonah
  • 9,991
  • 5
  • 45
  • 79
Jamie.Good
  • 351
  • 2
  • 6
  • 1
    it seems that I can't change the permissions in the virtual box after it's been created. However in the VagrantFile you can set the permissions on the shared folders to something that suites: I.E. config.vm.share_folder "v-data", "/export", "/export", :owner=> 'vagrant', :group=>'httpd', :extra => 'dmode=775,fmode=775' – Jamie.Good Nov 15 '12 at 10:22
  • 6
    You can `vagrant reload` to apply these kinds of changes to Vagrantfiles. – Jon Burgess Mar 20 '13 at 03:33
  • 7
    I prefer 'dmode=775,fmode=664' – wik Apr 19 '13 at 01:34
  • Me too, except using Ansible to run Django database migrations I needed Django's `manage.py` to be executable. As there's no way to change the permissions for only that file, I had to use `['dmode=775', 'fmode=777']`. – Phil Gyford Mar 02 '16 at 14:21
9

In Vagrant 1.2.7, version 2 Vagrantfiles are used, so the syntax is slightly different than in previous answers. Underneath is what does the trick for me with CentOS 6.2. I find that using a relative path as the source works best in my situation. It points to the shared folder.

config.vm.synced_folder "./", "/vagrant", owner: 'vagrant', group: 'apache', extra: 'dmode=775,fmode=775'

As stated by Jamie, it still is necessary that you configure it before creation, so use a vagrant reload after you've edited your overriding Vagrantfile.

David Spreekmeester
  • 170
  • 2
  • 4
6

VirtualBox doesn't allow changing the owner/permissions for synced folders.

You can change it in the Vagrant file (as answered by others).
Consider changing the owner instead of the group.
Consider also that - if done so that your server can write to files - your server is likely called www-data instead of httpd. Use ps aux | grep nginx [or apache / lighthttpd] to check.

There are some other options:

  • Change the owner of the program that is accessing the shared files instead of the synced folder.
    For example, if PHP needs to write to file, change the server and PHP to run as vagrant. [In Apache, that's done in httpd.conf. NGINX's user is set in nginx.conf, php-fpm's user is in php-fpm.conf or one of the files it includes.
    You need to change the permissions on the Apache lockfile (/var/lock/apache2) or PHP websocket file (/var/run/php5-fpm.sock)] and webserver.
  • Use a different VM (HyperV, VMware) instead of VirtualBox. Other VM's dont seem to have this restriction.
  • Use RSyn to sync files instead of using the default syncing.
    config.vm.synced_folder "/var/www/", type: "rsync"
  • Set all the permissions to 777. Normally this would disastrous and not even a suggestion. It's still a bad idea, but on a VM is possibly doable. Think twice before giving shared access though.
    config.vm.synced_folder "/var/www/", mount_options: ["dmode=777", "fmode=666"]

These answers are better described by Ryan Sechreset and Jeremy Kendall.

SamGoody
  • 13,758
  • 9
  • 81
  • 91
5

Change the permissions form the host not the guest. VirtualBox disallows changing permissions on shared files form a guest os.

TLDR; The issue is not that the users on your guest don't have permissions to access your host files. The issue is the executing user of the virtaul box process on your host does not have permissions to write the files in the host. There are two sets of permissions. The guest permissions have to be set just like any other os. You also have to make sure that the virtual box process your guest os is running in has permissions to that folder. If that process only has read access the most any guest user will be able to do is read.

Stewart
  • 3,023
  • 2
  • 24
  • 40
  • 3
    I've been having the same issue and this doesnt help as the users that exist on the Vagrant box do not exist on the host – RonnyKnoxville Oct 22 '14 at 14:19
  • This actually helped me. It helps if synced_folders are set properly. – SasaT Apr 09 '15 at 04:09
  • @JackalopeZero The issue is not that the users on your guest don't have permissions to access your host files. The issue is the executing user of the virtaul box process on your host does not have permissions to write the files. There are two sets of permissions. The guest permissions have to be set just like any other os. You also have to make sure that the virtual box process your guest os is running in has permissions to that folder. If that process only has read access the most any guest user will be able to do is read. Including admin users – Stewart Oct 09 '15 at 00:57
2

Can't comment just yet, but to extend on MDeSilva's answer for Vagrant 1.7.2:

Might be obvious to some, but the group and owner should be in quotes.

group: "sync_group", owner: "sync_owner", mount_options: ['dmode=755, fmode=644']
Adam Marshall
  • 6,369
  • 1
  • 29
  • 45
  • Although vagrant is usually a development environment, there's still no reason for those permissions. _Usually_ `dmode=755` and `fmode=644` with the web server (`apache` in this case) group being the `group` setting will be plenty. – domdambrogia Jan 16 '17 at 05:54
0

For Vagrant 1.7.2 Edit Vagrant file like this,

group: sync_group, owner: sync_owner, mount_options: ['dmode=777', 'fmode=776']
Shaolin
  • 2,541
  • 4
  • 30
  • 41