Unix chown/give permissions to www-data and user
Solution 1
If you look at the permissions on directories and files, you will see the account that owns them and also the group to which they belong. E.g.:
$ ls -ld /var/www/html
drwxr-xr-x. 2 joe joe 23 Mar 12 11:08 /var/www/html
In the above example, the account joe owns the directory and it belongs to the group joe; the group is the second "joe" on the line. The group may contain only one acount, joe, but I could add other accounts to the group. I could create a group named users and associate the directory with that group as you did. You are using the chown command, but there is also a chgrp command to change the group. You can use that command to assign files and directories to a group or you can also change the group as you did with chown user:group. E.g., you could use the command below if there is a www-data group on the system (you can see the groups and their members by issuing the command cat /etc/group):
sudo chgrp www-data /var/www/html
Then I might see something like the following:
# ls -ld /var/www/html
drwxr-xr-x. 2 joe www-data 23 Mar 12 11:08 /var/www/html
Or, if you prefer you can make the group for the directory be the new users group you created as you did with the chown -R joe:users command.
When I issued the ls -ld command to examine the permissions on the directory, I saw the following:
drwxr-xr-x
The "d" tells me it is a directory. The next 3 characters tell me that the permissions for the owner are read, write, and execute. The next 3 characters reveal the permissions for the group, which in the example above are read and execute. I could grant the group write permission with the command below:
chmod g+w /var/www/html
You can also change permissions recursively on the above directory using the
-R or --recursive option.
If you adjust the group permissions appropriately, you can achieve what you wish to do, so that if Apache is running as www-data and www-data has the appropriate group permissions on the directory and the files and subdirectories within it, Apache will be able to read and write to files as neded. It appears you've already set the owner and group to a setting that will work, so it is likely you now only need to set the permissions for the group users with the chmod command.
Solution 2
I think you can try:
setfacl -R -m u:joe:rw /var/www/html
You can test the result by doing:
getfacl /var/www/html
You should see something similar to:
# file: var/www/html
# owner: root
# group: root
user::rwx
user:joe:rw-
group::r-x
mask::rwx
other::r-x
Related videos on Youtube
13 : 30
10 : 27
19 : 14
03 : 35
06 : 03
Admin
Updated on September 18, 2022Comments
-
Admin almost 2 years
I have a user, 'joe', to whom I would like to grant permissions (for
/var/www/html/) so that I can use ftp (with vsftpd)So I run this command:
sudo chown -R joe /var/www/html/And that goes well, I can now read, write, delete etc files through ftp.
However, now any page on my site returns a 403 Forbidden error.This is becasue I have given 'joe' ownership of those directories, so to make my site accessable again, I run:
sudo chown -R www-data /var/www/html/But this then means that 'joe' cannot access these files, with ftp.
Is there any way I can have joe able to read and write files, whilst at the same time allowing www-data access to the files so my webpages aren't 403 forbidden?
I have tried creating a group:
sudo addgroup users sudo add user joe users sudo add user www-data usersBut I don't know how to chown to a whole group, I only know for example:
sudo chown -R joe:users /var/www/htmlHowever this presents the same problem.
I am using Ubuntu 14.04 x64 with apache2, and joe has root privileges (
ALL=(ALL:ALL) ALL)