I am having a problem with permissions on a Linux server. I am used to BSD. When a directory is owned by a group the user who owns it isn't in such as www-data, files created in it will be owned by that group. This is important because I want files to be readable by the webserver (which I will not run as root) but so a user can still put new files in the directory. I can't put the users in www-data because then they can read every other users websites.
I want the webserver to read all websites, I want users to be able to change their own.
The permissions are set like this on the folders at the moment….
drwxr-x--- 3 john www-data 4096 Feb 17 21:27 john
It is standard behavior on BSD for permissions to work this way. How do I get Linux to do this?
Best Answer
It sounds like you're describing the setgid bit functionality where when a directory that has it set, will force any new files created within it to have their group set to the same group that's set on the parent directory.
Example
setup a directory with perms + ownerships
touch a file as saml in this dir
This will give you approximately what it sounds like you want. If you truly want exactly what you've described though, I think you'll need to resort to Access Control Lists functionality to get that (ACLs).
ACLs
If you want to get a bit more control over the permissions on the files that get created under the directory,
somedir
, you can add the following ACL rule to set the default permissions like so.before
set permissions
Notice the
+
at the end, that means this directory has ACLs applied to it.after
Notice with the default permissions (
setfacl -Rdm
) set so that the permissions are (r-x
) by default (g:apache:rx
). This forces any new files to only have theirr
bit enabled.