{ "id": "Q004", "title": "Not My Files", "tier": 1, "primary_vm": "web_server", "required_vms": ["workstation", "web_server"], "ticket_id": "T004", "baseline_snapshot": "baseline.clean", "summary": "A deployment script runs as www-data to copy files into /var/www/axiomworks. Someone ran the script manually as root and now the files are owned by root. The www-data process cannot overwrite them on the next deploy. Sarah is reporting that her last deployment silently failed to apply.", "clue_fingerprint": { "description": "The deploy script lives at /opt/deploy/deploy.sh and runs as www-data via a systemd service. ls -la on /var/www/axiomworks shows files owned by root:root instead of www-data:www-data. The deploy service log shows permission denied errors.", "evidence": [ { "type": "log_contains", "vm": "web_server", "path": "/var/log/deploy.log", "contains": "Permission denied" }, { "type": "file_owner_is_not", "vm": "web_server", "path": "/var/www/axiomworks", "expected_user": "www-data" }, { "type": "file_contains", "vm": "web_server", "path": "/opt/deploy/deploy.sh", "contains": "www-data" } ] }, "objectives": [ { "id": "ownership-corrected", "description": "Correct ownership of the web root", "check_mode": "passive", "validation": { "type": "file_owner", "vm": "web_server", "path": "/var/www/axiomworks", "user": "www-data", "group": "www-data" } }, { "id": "deploy-can-run", "description": "The deploy service can execute without errors", "check_mode": "explicit", "validation": { "type": "and", "rules": [ { "type": "file_owner", "vm": "web_server", "path": "/var/www/axiomworks", "user": "www-data", "group": "www-data" }, { "type": "service_state", "vm": "web_server", "service": "nginx", "state": "active" } ] } } ], "solution_branches": [ { "id": "recursive-chown", "label": "Full Recursive Fix", "priority": 100, "validation": { "type": "and", "rules": [ { "type": "file_owner", "vm": "web_server", "path": "/var/www/axiomworks", "user": "www-data", "group": "www-data" }, { "type": "file_owner", "vm": "web_server", "path": "/var/www/axiomworks/index.html", "user": "www-data", "group": "www-data" } ] }, "trust_delta": 2, "world_flags": ["hermes_deploy_healthy"], "follow_up_dialogue": "marcus-Q004-complete-clean", "follow_up_dialogues": ["sarah-Q004-complete-clean"] }, { "id": "partial-chown", "label": "Partial Fix — Top Directory Only", "priority": 40, "validation": { "type": "and", "rules": [ { "type": "file_owner", "vm": "web_server", "path": "/var/www/axiomworks", "user": "www-data", "group": "www-data" }, { "type": "file_owner", "vm": "web_server", "path": "/var/www/axiomworks/index.html", "user": "root", "group": "root" } ] }, "trust_delta": 0, "world_flags": ["hermes_deploy_partial"], "follow_up_dialogue": "marcus-Q004-complete-partial", "follow_up_dialogues": ["sarah-Q004-complete-partial"], "_note": "chown without -R. Top dir is correct but child files are still root-owned. Deploy will still fail on individual files." } ], "pressure_profile": null, "blast_radius": [], "unlock_requirements": ["world_flag:player_ssh_configured"], "narrative_phase": "normal_work", "linux_concepts": ["chown", "file ownership", "deploy scripts"], "failure_conditions": ["web root ownership not fixed", "deploy service still failing"], "behavior_impact": { "default": { "curiosity_delta": 0, "obedience_delta": 1, "risk_delta": 0, "suspicion_delta": 0 } }, "hidden_hook": null, "access_requirements": { "minimum_access": { "web_server": "sudo" }, "requires_root": false, "temporary_grants_allowed": [] }, "tags": ["permissions", "ownership", "deploy", "web_server"], "internal_notes": "Teaches chown -R and the importance of recursive operations. The two solution branches are differentiated by whether the player used -R. The explicit check_mode on the second objective means the player can trigger a test deploy to confirm it works." }