Easy permissions question
I have apache running as www-data:www-data.
I have a user named steve.
Steve can upload stuff to steve's home directory, but apache cannot read it because www-data cannot read steve's stuff.
how do I fix that without having to do chmod -R 0777 *?
here's why:
steve has wordpress there. When steve logs in to upload a new theme, it uploads fine, but doesn't show up in wordpress because www-data cannot "see" it.
I am assuming I can fix this by adding www-data to a group or steve to a group or a combination thereof....
This is a production box, so I can't be wrong without a way to "undo" changes.
I have a user named steve.
Steve can upload stuff to steve's home directory, but apache cannot read it because www-data cannot read steve's stuff.
how do I fix that without having to do chmod -R 0777 *?
here's why:
steve has wordpress there. When steve logs in to upload a new theme, it uploads fine, but doesn't show up in wordpress because www-data cannot "see" it.
I am assuming I can fix this by adding www-data to a group or steve to a group or a combination thereof....
This is a production box, so I can't be wrong without a way to "undo" changes.
Let_Me_Be
Change group of the files to www-data (chgrp -R www-data *) then use chmod -R g+rw * (to add read and write rights for group).
Oh sorry and also g+x for directories (enables directory listing).
Two main options
1. Add the www-data user to steve's group. Note this assumes that steve's files/dirs have min perms of group read.
2. Add read permission for other on steve's files/dirs, eg: chmod -R +r /home/steve/dir
1. Add the www-data user to steve's group. Note this assumes that steve's files/dirs have min perms of group read.
2. Add read permission for other on steve's files/dirs, eg: chmod -R +r /home/steve/dir
ASKER
@Tintin:
>Add the www-data user to steve's group. Note this assumes that steve's files/dirs have min perms of group read.
Can you give me the usermod command for that? It's a production box, and I don't want to screw things up.
Also, that seems a little backwards. Does that mean everytime I add a user I have to add www-data to their group? Wouldn't it make more sense to add the user to a www-data group since www-data is the constant and users come and go?
>Add the www-data user to steve's group. Note this assumes that steve's files/dirs have min perms of group read.
Can you give me the usermod command for that? It's a production box, and I don't want to screw things up.
Also, that seems a little backwards. Does that mean everytime I add a user I have to add www-data to their group? Wouldn't it make more sense to add the user to a www-data group since www-data is the constant and users come and go?
The usermod command is
usermod -G stevesgroup www-data
As to the best way of setting up the permissions, it depends on a few things:
1. Do all you users have individual groups?
2. What is the default umask setting for users? 0022?
usermod -G stevesgroup www-data
As to the best way of setting up the permissions, it depends on a few things:
1. Do all you users have individual groups?
2. What is the default umask setting for users? 0022?
> 1. Do all you users have individual groups?
That would be just insane and would slow the system incredibly.
That would be just insane and would slow the system incredibly.
>That would be just insane and would slow the system incredibly.
Not necessarily. A lot of Linux distros default to creating a separate group for each user. Unless you have tens of thousands of users, it's not really a problem (depending on what type of sharing you need to implement)
Not necessarily. A lot of Linux distros default to creating a separate group for each user. Unless you have tens of thousands of users, it's not really a problem (depending on what type of sharing you need to implement)
> A lot of Linux distros default to creating a separate group for each user.
I'm curious, what Linux distributions do this in particular?
I'm curious, what Linux distributions do this in particular?
ASKER
@Tintin:
For number #1 & #2 of those two questions, how do I figure that out? I have a default Ubuntu server 9.10 installation.
For number #1 & #2 of those two questions, how do I figure that out? I have a default Ubuntu server 9.10 installation.
>I'm curious, what Linux distributions do this in particular?
Ubuntu, RHEL, CentOS, Debian, to name a few. In fact, I don't think I've come across a Linux distro where this isn't the default behaviour.
Ubuntu, RHEL, CentOS, Debian, to name a few. In fact, I don't think I've come across a Linux distro where this isn't the default behaviour.
>For number #1 & #2 of those two questions, how do I figure that out? I have a default Ubuntu server 9.10 installation.
1. Unless you've changed the defaults, then each user will have their own group.
2. Unless you've changed the defaults, then each users umask will be 0022.
1. Unless you've changed the defaults, then each user will have their own group.
2. Unless you've changed the defaults, then each users umask will be 0022.
> Ubuntu, RHEL, CentOS, Debian, to name a few. In fact, I don't think I've come across a Linux distro where this isn't the default behaviour.
I just fast-checked local RHEL server: "Red Hat Enterprise Linux Server release 5.4 (Tikanga)" and its definitely not true (but it can be a local setup).
The same is true for all OpenSuSe releases.
I just fast-checked local RHEL server: "Red Hat Enterprise Linux Server release 5.4 (Tikanga)" and its definitely not true (but it can be a local setup).
The same is true for all OpenSuSe releases.
Then your RHEL setup has been changed from the default. On Centos 5.4, the default behaviour is to create a separate group per user.
From the useradd manpage, it says:
The version provided with Red Hat Linux will create a group for each user added to the system by default.
From the useradd manpage, it says:
The version provided with Red Hat Linux will create a group for each user added to the system by default.
> The version provided with Red Hat Linux will create a group for each user added to the system by default.
That's a very different thing then what you claim, but OK (Red Hat version of useradd vs. default for all distributions).
That's a very different thing then what you claim, but OK (Red Hat version of useradd vs. default for all distributions).
> For number #1 & #2 of those two questions, how do I figure that out? I have a default Ubuntu server 9.10 installation.
Check your /etc/group file to see the list of groups.
I don't rely think that you need to do anything with umask (assuming that you don't want to create files, just read/modify them).
Check your /etc/group file to see the list of groups.
I don't rely think that you need to do anything with umask (assuming that you don't want to create files, just read/modify them).
>That's a very different thing then what you claim
Not at all. It's exactly what I was saying.
Not at all. It's exactly what I was saying.
ASKER
@Tintin:
1. Unless you've changed the defaults, then each user will have their own group.
2. Unless you've changed the defaults, then each users umask will be 0022.
That is the case.
Re: ID:26057423
What is the best way to setup permissions then?
1. Unless you've changed the defaults, then each user will have their own group.
2. Unless you've changed the defaults, then each users umask will be 0022.
That is the case.
Re: ID:26057423
What is the best way to setup permissions then?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.