Solved

LINUX Ownership (CHOWN) & Permissions (CHMOD) question ...

Posted on 2014-07-30
8
832 Views
Last Modified: 2014-08-05
I have a 3rd party application (happens to be OpenCart) that needs Apache to have full access when it's Admin panel is run.
If I change the Ownership of the files to apache:apache (per someone's Docs), everything works fine ... except then my FTP Users cannot login to the site.
What is the correct way to  give the "Apache user" access AND my FTP Users access?
One suggestion earlier was to add the User to the "Apache" group. Maybe I misunderstood ... wouldn't I then need to change all Permissions to 775 and 664 (instead of 755 and 644) to allow Group full access?
I also see a possible solution using a Linux "SetGID" program that allows "CHMOD 2755 ..."   (instead of CHMOD 755 ...).
Can anyone enlighten me?  I am SURE I am missing a tidbit of knowledge here somewhere.
0
Comment
Question by:bleggee
8 Comments
 
LVL 58

Expert Comment

by:Gary
ID: 40229520
What application?
The only thing you should need to do is give read/write permissions to a folder
It's inane that you should need to start messing around with users and likely screw everything else up.
0
 
LVL 23

Assisted Solution

by:savone
savone earned 166 total points
ID: 40229580
chown -R apache:ftpusers /path/to/dir
chmod -R 775 /path/to/dir

Make apache own the folder and your ftp user group the group of the folder.  Then you can set permissions for both, like in my example.  Apache would have full RWX (first 7) ftpusers would have the same (second 7) and everyone else would have read and execute (usually needed for a webserver).
0
 
LVL 37

Expert Comment

by:Gerwin Jansen
ID: 40230418
The 2 is the set-group-ID-on-execution bit

From the chmod man page:

2000    (the set-group-ID-on-execution bit) Executable files with this bit set will run with effective gid set to the gid of the file owner.
0
 
LVL 61

Expert Comment

by:gheist
ID: 40230998
02000 is set-file-group-for-new-files of set on directory, and it is settable only by root user.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 1

Assisted Solution

by:Nicola Mackin
Nicola Mackin earned 167 total points
ID: 40231411
savone suggestion is good, only I would not do a 775 I would go for a 770. In my experience there is no need to have 5 on the last octal.  You can also be much more restrictive by using .htaccess
0
 
LVL 26

Accepted Solution

by:
skullnobrains earned 167 total points
ID: 40242169
savone's solution will likely work

adding ftpuser to the apache group as well

using a dedicated user and add both apache and your ftp users to it's group as well

you can also consider ACLs if your fiolesystem supports them (refer to setfacl/getfacl man pages)

but most likely, there is no need for your ftp users to access the same files OpenCart needs. opencart probably only needs write access to it's admin directory, and your ftp users most likely should not even access these for reading
0
 
LVL 61

Expert Comment

by:gheist
ID: 40242285
If ftpuser is added to apache group then it will be able to steal htpasswd files and more.
0
 
LVL 1

Author Comment

by:bleggee
ID: 40242326
Good point on the Security issue GHeist
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now