I've been struggling with permissions so far, and posted another question but identified what the problem was, without any way to fix it yet.
My setup:
- Ubuntu Desktop with LAMP stack
- 5 "users" I created users I've create in the ubuntu server using
sudo useradd -r -s /bin/false USERNAMEand which are used to access the local network shared folders, i.e for the computers on my network to connect to the /var/www folder, shared using Samba. - EDIT: The purpose is to create sort of a "master localhost" where all the computers in my local network can work on the same website, locally (i do NOT have a static IP address thus the server can't be accessed from elsewhere).
My problem:
Currently when I create a new folder on /var/www/html (ex: Creating the folder /var/www/html/testsite1) using any computer of the network, this folder is automatically owned by boris:www-data ("boris" being the main admin user on my ubuntu desktop install, and it shows indeed boris:www-data when running ls -l on the newly created folder), which is causing problems with my current setup (using Duplicator Plugin for wordpress by LifeInTheGrid mostly).
However, both my /var/www and my /var/www/html are owned by www-data:www-data
Hence, I would like to know how I can:
-
Change ownership to www-data:www-data of all files AND directories below /var/www and /var/www/html
-
Make sure any file or folder I will create with any of the users of my network will automatically be owned by www-data:www-data (That includes files automatically created by php scripts as it is what the Duplicator plugin does if I'm not wrong).
Is there a way to do that?
Note: I am a super newbie with things related to Linux and command lines, but I catch up fast.
Note 2: umask is already set as 0002
EDIT:
Tried this:
sudo chown -R www-data:www-data /var/www/
And then set setuid and setgid bits by doing this:
sudo chmod u+s /var/www/html
sudo chmod g+s /var/www/html
Then logged-off, restarted apache, and tried to create a new folder using a Mac connected to my server through network IP (local IP, not static).
I Ran
ls -l on /var/www/html
Output is still:
drwxr-sr-x 2 boris www-data testsite1
Note:
I already checked my apache config before and envvars, it is already set to:
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
EDIT: I tried it backwards, e.g setting up everything to be owned by boris:www-data and set my envvars apache config to boris:www-data. IT WORKED!
Here is what I did:
Changed envvars to
export APACHE_RUN_USER=boris
export APACHE_RUN_GROUP=www-data
Ran
sudo chown -R boris:www-data /var/www/
Restarted Apachem, created a new folder, add my files, ran the plugin, now says it's good !!!
Best Answer
Answer to Question #1: Recursive
chownA recursive
chownwill let you set ownership and group to what you want for/var/www/.... This is the command you should use:With that, every file and folder will be set as such inside there with those ownership permissions.
Half-Answer to Question #2:
setgidbitIf you want default group ownership on files, set the
setgidbit on the/var/www/htmlfolder. New files should then be created with that group as stated on the folder.You'll need to set write permissions, though, if any user OTHER than
www-datais writing to the directories, and doing so can open you to a security hole or two if you're not careful.You end up with permissions being
$USER:www-data; to change the owner you then use achownas indicated in method #1 (that said, in a proper setup you should rely on group permissions, not user owner permissions, for access to the web files).PHP Wordpress Duplicator Problem
The problem with permissions is the user/group PHP runs as needs write and read and likely
+xon the directory to edit the dir structure and such.PHP runs as
www-databy default in Ubuntu installs which use the default configurations. Ideally, your steps above would make the issue fixed, as you're stuck with the Duplicator Plugin being a PHP plugin.Ideally you should also check the documentation for the Duplicator Plugin to verify what permissions it needs to run and work.