User Permissions: Daemon and User
In fact there is a way to auto-chown files created in a certain directory. Let's say the files you want lighttpd to be able to access are in /var/www. Then you set the group of /var/www to your group and set the SGID bit on /var/www. You will probably want to do this recursively for subdirs. I'm assuming the group is www-data.
chgrp -R www-data /var/www
chmod -R g+s /var/www
This will just set the group however. To give newly created files 660 permissions by default you can set your umask to 007. Add this line to ~/.bashrc:
umask 007
Eddie Parker
Updated on September 17, 2022Comments
-
Eddie Parker almost 2 years
I often run into this issue on Linux, and I'd love to know the proper way of solving it.
Say I have a daemon running. In my example, I'll use LigHTTPD, a webserver.
Some software, like Wordpress, enjoys having read/write access to files for updating applications via a web interface, which I think is quite handy.
At the same time, I enjoy being able to hack on my files using vim, using my local user account, 'eddie'.
Herein lies the rub. Either I chown everything to lighttpd or eddie and a shared group between them both, and chmod it 660, or perpetually sudo to edit the damned things. The former isn't a bad solution, until I create a new file in which case I have to remember to chmod it appropriately, or create some hack like a cron job that chmods for me.
Is there an easier way of doing this? Have I overlooked something?
Cheers,
-e-
-
Kim over 14 yearsYes it can be done with ACLs too, but most distros do not enable them by default and I think it's more difficult. It also allows more fine grained control though. See man setfacl if you're interested.
-
-
Eddie Parker over 14 yearsInteresting. I've only vaguely heard of the SGID bit, so that's good info to get. As for umask, how does that work with the lighttpd process in this case? How do I set a umask for non users?
-
Kim over 14 yearsI'm no expert on lighttpd and a process can change its own umask at will, but you could try adding the umask command to lighttpd's startup script. If that doesn't help, have a look at lighttpd's or wordpress' documentation.
-
Eddie Parker over 14 yearsAlright, thanks Kim. Very concise answer and exactly what I was looking for. I'll noodle with the server side, but at least the SGID bit will get me 90% of the way there.
-
PJ_Finnegan about 5 yearsI believe it should be
chmod g+s /var/www
(without-R
) to avoid setting the non-directory files under/var/www
to setgid, i.e.-rw-rwSr--
. And the command should be manually re-issued for every directory under/var/www
.