In my centos server (amazon ami) with nginx installed i would to guarantee full access 777 (read write execute) at a specific folder only for user in a specific group and deny any type of access to all others.
Well, first i create the folder:
sudo mkdir var/www
then i create group:
sudo groupadd lavagrp
add specific user to the group:
sudo usermod -a -G lavagrp ec2-user
sudo usermod -a -G lavagrp nginx
then i add group permission to folder in this maneer:
sudo chgrp lavagrp: 777 var/www
but system respond:
"group not valid lavagrp"
if i check the group with
getent group lavagrp
group exist and system return
lavagrp:x:501:ec2-user,nginx
Someone know how can i garant to my folder var/www full control just for lavagrp users?
thanks in advance
There are a couple of issues with your chgrp command. The ":" character and the 777 parameter are causing the "group not valid lavagrp" error because the chgrp program doesn't understand what these are.
I also wouldn't recommend to set 777 on this folder either. You can achieve the same result using the following commands.
sudo chmod 770 /var/www
sudo chgrp lavagrp /var/www
This means the owner has read, write and execute permissions, the group has read, write and execute permissions and every other user cannot read, write or traverse into that directory.
you can use "setfacl" command like below :
setfacl -R -m g:lavagrp:rwx /var/www
with this command other users have default permission on this dir (in other words The same access as before), but lavagrp's users have 777 access on this directory and sub directories (and files)
Related
I am trying to set up wordpress on digitalocean with nginx. I am running into permissions issues though. When I upload a file or try to install a plugin I get the cannot create in directory warning. So I came across the post Here that says I need to give nginx access to the folder. So I executed the following:
sudo chown -R www-data:www-data /path/to/folder
sudo chmod -R 755 /path/to/folder
This works except now I cannot add and delete files with filezilla. Obviously because the permissions to the folder are no longer with the me the user they are now with www-data.
So my question is what is the correct way to configure nginx to work with wordpress and still allow me to upload and delete files with ftp.
When using digital ocean droplets you will probably be using sftp access to your server.
Try the following commands in your terminal when logged in.
Add your currently logged in user to the www-data group:
sudo usermod -aG www-data $USER
Then change your vhost directory and all files and subdirectories to be owned by www-data group:
sudo chown -R www-data:www-data /var/www
Set the proper permissions so you can upload files via sftp, manage files via command-line, and upload plugins and media directly in WordPress:
sudo chmod -R 774 /var/www
Hope this helps
Saskia
I've setup a domain through apache virtual hosts and set the permissions on the public_html directory as $USER:$USER. I also have wordpress installed in public_html/wp
When trying to add a local image to the media part of the site, wordpress threw an error saying it did not have permission to create the required folder to store the image. The directories are set to 755 and files to 644 so I assumed it was the ownership that needed to change. So I ran
sudo chgrp -R www-data /var/www/virtual-host-site.dev/*
So my ownership looked like $USER:www-data however, this still didn't give wordpress rights, so I tried
sudo chown -R www-data:www-data /var/www/virtual-host-site.dev/*
which fixed the problem. But then as a user, I have no write access to the directories. I thought adding $USER to the group www-data
sudo usermod -a -G www-data $USER
would give $USER rights like www-data, but this doesn't seem to be the case.
How do I keep my folders as 755 and files as 644 while allowing both $USER and wordpress write access to the application directories?
Thanks.
So I resolved this by changing my dev directory to www-data:www-data and changing my themes folder to $USER:www-data with the command
sudo chown -R $USER:www-data wp/wp-content/themes
I'm new to Linux (using Debian). How to make writeable dir for user and for web-server?
I connect to server via ssh, upload my files. And run next commands:
sudo chown -R www-data:www-data writeable/
sudo chmod -R g+rw writeable/
Then nginx and php (running by www-data user) writes files to writeable. Auter that i do not able to edit or delete those files.
Please help me. I know what that question was asked a million times, but i could not to find solution.
Thanks!
not sure to understand, but I guess you want your dir to be writable for user "www-data" and for another user, let's call it "medvedev".
You can put both users in a group, and grant write permissions for owner (www-data) and group.
useradd -G medvedev www-data
I am having trouble getting a few plugins to play nicely in wordpress. On top of that I can't even deactivate or delete several of them, they appear to be locked. I apologize I am somewhat of a linux newb, I have learned a lot but am baffled. I think it has to do with one of two things I did when I setup my VPS, which was guided by a tutorial. One was to install this script which would make commands wpupgrade for installing / deleting plugins and wpsafe for reverting to safe ownership.
### Edit the 2 values first, then post the whole lot.
#
export DOMAIN="mydomain.com"
export USER="myusername"
#
echo '
#########################
### WordPress 'chown' ###
#########################
## Allow WordPress Upgrades/Plugin Installs
alias wpupgrade="sudo find /home/USERNAME/public_html/DOMAIN/public/wp-admin -exec chown -R www-data:webmasters {} \; && sudo find /home/USERNAME/public_html/DOMAIN/public/wp-content -exec chown -R www-data:webmasters {} \;"
## Revert to Safe WordPress Ownership
alias wpsafe="sudo find /home/USERNAME/public_html/DOMAIN/public/wp-admin -exec chown -R USERNAME:webmasters {} \; && sudo find /home/USERNAME/public_html/DOMAIN/public/wp-content -exec chown -R USERNAME:webmasters {} \;"
' >> /home/$USER/.bashrc
sed -i "s/USERNAME/$USER/g" /home/$USER/.bashrc
sed -i "s/DOMAIN/$DOMAIN/g" /home/$USER/.bashrc
source /home/$USER/.bashrc
source /root/.bashrc
However, now all my wp-content and wp-includes are owned by www-data:webmasters and I cannot delete or modify them. I never created a www-data user. I try to use:
chown -R myusername:webmasters /home/myusername/public_html/mydomain.com/public/wp-content
and it tells me
chown: changing ownership of `/home/myusername/public_html/mydomain.com/public/wp-content': Operation not permitted
I have no idea what I'm doing wrong or what to do to fix this.. any help?
data is the user which executs apache. You must be running the script through apache user on you machine. To do a chown you must be the owner or a super user try sudo chown -R. Or log into super-user mod type su - in your terminal then enter the root password. Beware as root you can do anything you have all rights, think twice before executing a commande.
[edit]
I see that your script is in public_html -> this is tha apache folder for your user maybe that is why it has changed the script to www-data as owner.
try this sudo setfacl -R -m u:www-data:rwX -m u:myusername:rwX /home/myusername/public_html/mydomain.com/public/wp-content
to add you and www-data as uses
1) To change the ownership of a single file, run the command below.
$ sudo chown username:groupname filename
For Ex.
$ sudo chown richard:richard lockfile
Replace with the username of the account you wish to take ownership of the file. And is the group that will assume ownership of the file.
2) Now that you know how to change the ownership of a single file, the below commands show you how to change the ownership of a folder and all sub-folders within.
$ sudo chown -R username:groupname FolderName
For Ex.
$ sudo chown -R richard:richard Songs/
That’s it! And I hope you liked it.
How can you copy a folder to /var/www without sudo?
My folder codes has the following permissions at /var/www
4 drwxr-xr-x 8 root root 4096 2009-08-09 03:01 codes
I can only sudo cp -r ~/Dropbox/codes/ /var/www to copy the files.
I cannot copy them without sudo.
Owning /var/www yourself might conflict with other options on your system. On my Debian system I would do this
sudo addgroup www
sudo adduser nr www # add myself to the www group
sudo chgrp -R www /var/www # make files in the group
find /var/www -type f -exec chmod g+w '{}' ';' # make each file group writable
find /var/www -type d -exec chmod g+ws '{}' ';' # make each directory group writable and sticky
If the directory is group writable and sticky, all files created in /var/www will be writable by anyone in the www group, no matter who or what creates them there. (Caveat: they have to be created by "normal" means; cp -a can circumvent the group sticky bit.)
Because Unix is insanely stupid about group membership, for your membership to be honored you will have to log in again, e.g., ssh localhost or log out and log back in. A nuisance.
What about adding the cron job to the root user. It's not a great idea, but it will get around the problem?
I also find it interesting that your www directory would have only root permissions and be owned by root. Usually they are owned by an apache user or have other permissions such that apache can access them.
Edit You probably don't want to edit the crontab file directy. But something similar to the following command should work:
sudo crontab -e -u root
You may not need the -u root but it's good so sudo doesn't confuse crontab.
Edit 2 You can change permissions with the chmod and chown commands:
sudo chmod 755 /path
sudo chown user:user /path
Be very very careful when using this. You can completely screw up the OS by changing permissions on the wrong files or folders. You'll probably want to add the -R option which will apply the permissions or owner recursively, but again, be very careful.
sudo chown yourusername /var/www
And you'll become the new owner of /var/www.