[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 901
  • Last Modified:

LINUX Ownership (CHOWN) & Permissions (CHMOD) question ...

I have a 3rd party application (happens to be OpenCart) that needs Apache to have full access when it's Admin panel is run.
If I change the Ownership of the files to apache:apache (per someone's Docs), everything works fine ... except then my FTP Users cannot login to the site.
What is the correct way to  give the "Apache user" access AND my FTP Users access?
One suggestion earlier was to add the User to the "Apache" group. Maybe I misunderstood ... wouldn't I then need to change all Permissions to 775 and 664 (instead of 755 and 644) to allow Group full access?
I also see a possible solution using a Linux "SetGID" program that allows "CHMOD 2755 ..."   (instead of CHMOD 755 ...).
Can anyone enlighten me?  I am SURE I am missing a tidbit of knowledge here somewhere.
0
bleggee
Asked:
bleggee
3 Solutions
 
GaryCommented:
What application?
The only thing you should need to do is give read/write permissions to a folder
It's inane that you should need to start messing around with users and likely screw everything else up.
0
 
savoneCommented:
chown -R apache:ftpusers /path/to/dir
chmod -R 775 /path/to/dir

Make apache own the folder and your ftp user group the group of the folder.  Then you can set permissions for both, like in my example.  Apache would have full RWX (first 7) ftpusers would have the same (second 7) and everyone else would have read and execute (usually needed for a webserver).
0
 
Gerwin Jansen, EE MVETopic Advisor Commented:
The 2 is the set-group-ID-on-execution bit

From the chmod man page:

2000    (the set-group-ID-on-execution bit) Executable files with this bit set will run with effective gid set to the gid of the file owner.
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
gheistCommented:
02000 is set-file-group-for-new-files of set on directory, and it is settable only by root user.
0
 
Nicola MackinIndependent ConsultantCommented:
savone suggestion is good, only I would not do a 775 I would go for a 770. In my experience there is no need to have 5 on the last octal.  You can also be much more restrictive by using .htaccess
0
 
skullnobrainsCommented:
savone's solution will likely work

adding ftpuser to the apache group as well

using a dedicated user and add both apache and your ftp users to it's group as well

you can also consider ACLs if your fiolesystem supports them (refer to setfacl/getfacl man pages)

but most likely, there is no need for your ftp users to access the same files OpenCart needs. opencart probably only needs write access to it's admin directory, and your ftp users most likely should not even access these for reading
0
 
gheistCommented:
If ftpuser is added to apache group then it will be able to steal htpasswd files and more.
0
 
bleggeeAuthor Commented:
Good point on the Security issue GHeist
0

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now