chgrp permanently for a directory - unix

I'm running a CentOS 5.0 server with root access. The /var/www folder was originally set recursively with root as the owner and group. So I did a chgrp -R webdevs /var/www and a chmod -R g+rwx /var/www command to give all members of the webdevs group read/write access. These changes work as required for all preexisting files. However, when user examplewebdev creates a new file in the /var/www directory, the group defaults to examplewebdev instead of webdevs. How do I change the defaults for new file creation?

Try to play with ACLs: man setfacl.

http://www.vanemery.com/Linux/ACL/linux-acl.html#default

I use 'newgrp' command but I think it applies only in the shell you are currently in.

Related

Editing and Resetting Permissions for all folders, subfolders and files

I've just started to learn Linux Command Line. The setup I am on is AWS Lightsail bitnami Wordpress. I work with wordpress primarily.
I'm still confused about file permissions in Linux. Why do I have permissions denied when I sign in as the owner?
Whenever I have to ftp, overwrite, edit files and folders, I have to change the permissions settings for each affected folders and files manually via SSH.
More often than not, at the end of the day, I lost track of which folders and files' permissions I have edited and need to reset to default. I find this a chore and I believe there is a better way.
I wonder if there are lines of command that can
give me full access to all directories, folders, subfolders and files at once?
change the permissions for directories, folders, subfolders and files at once?
reset the permissions of all edited files to default/original all at once?
To check the permission of the file
sudo stat TARGETFOLDER
To change the permission of the file
sudo chmod 777 TARGETFOLDER
Bitnami Engineer here,
We configure the permissions of the WordPress' files by setting bitnami as the user owner and daemon as group owner of the files. This configuration allows you edit the files using the bitnami user and the webserver can use the daemon group to do the same. However, if you make changes to the application using the web interface (install plugins or themes), those new files are owned by daemon:daemon (the Apache and PHP-FPM services use that user and group so they generate the files using those permissions configuration) and you won't be able to edit them unless you use the command line and sudo. In that case, you can run the following commands to be able to edit those files using the bitnami user
sudo chown -R /opt/bitnami/apps/wordpress/htdocs
sudo find /opt/bitnami/apps/wordpress/htdocs -type d -exec chmod 775 {} \;
sudo find /opt/bitnami/apps/wordpress/htdocs -type f -exec chmod 664 {} \;
sudo chmod 640 /opt/bitnami/apps/wordpress/htdocs/wp-config.php
You can learn more about this here
https://www.youtube.com/watch?list=PLGgVZHi3XQNn4x0DU7Qj1r_inej3xEUda&v=nKfle7O0vN8&feature=emb_title
1 and 2, you can try chmod -R option.
3. i think it can not. you should restore it. maybe it help.

LEMP + wordpress file permissions to be able to edit, upgrade and use sftp client

I am trying to manage file permissions on a debian webserver that runs nginx, so that wordpress can edit, upload and upgrade without having to use ftp. I also want to be able to login using sftp with my user account.
I am aware of the fact that this question has been asked before, see here
or here, but following the steps in those answers hasn't been satisfying. The setup currently looks as follows:
The wordpress folder is in /var/www/html/
I made a new user ("user") and group ("group"). The server user is
"www-data".
All files in the wordpress folder are owned by user:group.
Both "user" and "www-data" are set to belong to "group".
I changed file and folder permissions as follows:
find /var/www/html/ -type d -exec chmod 2775 {} +
find /var/www/html/ -type f -exec chmod 664 {} +
I set the default umask to 0002.
I would have thought this should work, but currently I can edit and upload files from within wordpress, but not update wordpress, functions or themes.
It also does not work with "group" set as default group for "user" and/or "www-data" (by editing /etc/passwd).
Alternatively, I made all files in /var/www/html/ owned by user:www-data, but also without success.
The only way I seem to get wordpress to update without ftp is by making the wordpress-folder and all its files owned by "www-data". Unfortunately, the result of that is that I cannot upload files using an sftp-client (because the target is now a folder that is not owned by "user").
How can this be? As far as I understand these steps should give wordpress the proper permissions, but something still is wrong.
Your help would be greatly appreciated.
On a debian server I followed these steps. It might not be the most secure solution as I read here, but it works (wordpress can edit, upload and upgrade - and I can upload using sftp).
Create a new user "user"
Create a new group "group" (you can choose to use www-data as group as well)
Add user and www-data to group
usermod -G group user
usermod -G group www-data
Check group numerical id in /etc/group
e.g. group:x:1002
Change default group of www-data and user in /etc/passwd
e.g. user:x:1001:1002:...
In /etc/php5/fpm/pool.d/www.conf (in my case) change group=www-data to ;group=www-data. Now nginx will use the default group of www-data which we just set to "group". Reload service (php5-fpm).
Recursively change owner of your wordpress folder to user:group
chown -R user:group /var/www/html
Change permissions in your wordpress folder (The 2 is to assign new files to the parent folder's group)
find /var/www/html/ -type d -exec chmod 2775 {} +
find /var/www/html/ -type f -exec chmod 664 {} +
Change umask to UMASK 0002 in /etc/login.defs
In wordpress, enforce direct upload (so no ftp) by adding define('FS_METHOD','direct'); to wp-config.php. In my case, this was an essential step.
To get things working, I needed to reboot.
I ran into this issue and I figured that I would share how I fixed it on Ubuntu running PHP 7 in case it can help someone. I adapted the following after reading this article that outlines how it is done with PHP 5.
Nginx needs to be optimized with PHP pools in order to give ownership of files and folders to users.
First, you need to create a new PHP-FPM memory pool. Do this by copying the default memory pool and renaming it with the user that you want to associate it with:
sudo cp /etc/php/7.0/fpm/pool.d/www.conf /etc/php/7.0/fpm/pool.d/username.conf
Edit the file:
sudo nano /etc/php/7.0/fpm/pool.d/username.conf
Go through the file and change username in the following locations:
; Start a new pool named 'www'.
; the variable $pool can we used in any directive and will be replaced by the
; pool name ('www' here)
[username]
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
user = username
listen = /run/php/php7.0-fpm.username.sock
Now you need to update your server block(s). You will need to adjust to the correct sockets to allow access to the newly created pool.
Open your server configuration file:
sudo nano /etc/nginx/sites-available/default
Or if you setup server blocks (virtual hosts), then:
sudo nano /etc/nginx/sites-available/example.com
Edit the following line and replace username:
fastcgi_pass unix:/run/php/php7.0-fpm.username.sock;
Finally, restart Nginx:
sudo service nginx restart

Upload file wordpress

I am trying to upload a file in wordpress using the Media > Add New -- Option but when I click upload I get the following error:
Unable to create directory wp-content/uploads/2012/11. Is its parent
directory writable by the server?
I have Wordpress 4.3.1 installed.
Thank you
EDIT:
I am on a shared server with: host=i686-redhat-linux-gnu and Apache. I changed the permissions to 755 and 777 of wp-content/uploads but I get the following error:
“my_file.jpg” has failed to upload due to an error Unable to create
directory wp-content/uploads/2012/11. Is its parent directory writable
by the server?
Any ideas?
You need to set folder permissions for /uploads/ and possibly for /wp-content/ , too.
Typically, both folders should be 755. You may have to temporarily raise /uploads/ to 777 and upload an image (this will also force the server to change the folder permissions and user to the correct settings), but change it back to 755 right away.
It's easiest to set permissions with an FTP client. See Filezilla and FTP Clients « WordPress Codex.
And see Changing File Permissions « WordPress Codex for the correct Wordpress permission settings:
From the codex.wordpress: Typically, all files should be owned by your user (ftp) account on your web server, and should be writable by that account. On shared
hosts, files should never be owned by the webserver process itself
(sometimes this is www, or apache, or nobody user).
Any file that needs write access from WordPress should be owned or
group-owned by the user account used by the WordPress (which may be
different than the server account). For example, you may have a user
account that lets you FTP files back and forth to your server, but
your server itself may run using a separate user, in a separate
user group, such as dhapache or nobody. If WordPress is running as the
FTP account, that account needs to have write access, i.e., be the
owner of the files, or belong to a group that has write access. In the
latter case, that would mean permissions are set more permissively
than default (for example, 775 rather than 755 for folders, and 664
instead of 644).
ssh in and navigate to the wp-content folder and type in these 2 lines:
sudo chown -R www-data uploads/
sudo chmod -R 755 uploads/
or you can use the static and full path:
sudo chown -R www-data /var/www/wp-content/uploads/
sudo chmod -R 755 /var/www/wp-content/uploads/
Do not change it to permissions 777 because that is simply insecure
I had the same problems last week. After trying all proposed solutions with no success, it occurred to me that we had SElinux enabled on the server. In my case, and maybe for many other people, SElinux was responsible of the error message:
Unable to create directory wp-content/uploads/2013/04. Is its parent directory writable by the server?
My solution is based on the one proposed here: http://doc-ok.org/?tag=selinux which could be more suitable to other people's needs.
In my case, my wordpress directory resides in my home folder on the server, to which I have ssh access. Otherwise you will have to ask your administrator.
Anyway, this is my solution.
chgrp -R apache wordpress #change wordpress with your base directory for wp..
#alternatively, chown the whole directory to apache
chmod -R 774 wordpress/wp-content #if chown by apache, the permissions can be more restrictive
In my case not only the folder ownership / group ownership had to be changed to apache. Also the SElinux label of wp-content directory had to be changed to either httpd_sys_rw_content_t or httpd_sys_content_t:
chcon -Rv --type=httpd_sys_content_t wordpress/wp-content
This did the trick for me.
More information on SElinux can be found for example at:
wiki.centos.org/HowTos/SELinux
and
fedoraproject.org/wiki/SELinux
The /wp-content/uploads directory needs to be writeable by your webserver. Assuming that you are using Apache on Linux, and that it is running as user apache (change to your appropriate user) one quick fix for this would be to run the following command from your web root.
chown -R apache.apache wp-content/uploads
chmod -R 755 wp-content/uploads
I faced the same issue and I found a better solution:
go to cpanel > phpmyadmin
select database
open wp_options table
make sql query SELECT * FROM wp_options WHERE option_name LIKE '%upload_path%'
change the path
this should fix it.
sudo chown -R www-data:www-data wp-content/uploads
Do not change the permissions to 755 if it's not necessary.
If it still doesn't work try:
chmod -R 755 wp-content/uploads
this works for me, after many weeks headache
sudo chown -R apache uploads
sudo chmod -R 755 uploads
assuming you're in wp-content
for those who stumbled on selinux permission issue, here are the steps i made to fix them. We need to allow the following selinux boolean variables to allow installing of wordpress plugins from wordpress admin console using FTP. They are httpd_can_network_connect and ftpd_full_access. They can be activated by
setsebool ftpd_full_access on
setsebool httpd_can_network_connect on
also wp-content folder should be write permissible for the ftp user used for uploading.

Update wordpress theme on ec2

I'm hosting a wordpress site on ec2 and I'm trying to update my theme through the admin screen. Its asking me for Hostname and ftp username and password. Is ec2-xxx.compute-1.amazonaws.com:22 my hostname? I tried along with ec2user and root for my ftp username but no luck. What am I doing wrong?
Skip the FTP info altogether and just change the permission of the directory structure where Wordpress is installed.
VIA SSH
sudo chown -R apache:apache path/to/wordpress
sudo makes sure you execute as the root user
chown will change the owner of the directory
-R will make it recursive, so it changes all files and directories within
apache:apache is user:group
And then the path to wordpress. Could be /var/www/html/sitename.com or if you navigate to the folder where Wordpress is installed, you can use a period (.) to tell it to change the current directory.
This will make is so that you can't copy files via sftp though, so it is good to change at least the themes directory back to the ec2-user:ec2-user user and group.
So this changes back to your ssh/sftp user:
sudo chown -R ec2-user:ec2-user path/to/wordpress
You can assign the folders to the ftp user and the apache group and then make them group writable as well. This will allow you to ftp into the directory, and allow everything to be auto updated within Wordpress.
// Set the wp-contents into the apache group and then make files group writable
sudo chgrp -R apache wp-content
sudo chmod -R g+w wp-content
// This makes new files created in wp-content and all of its sub-directories group-writable.
sudo chmod g+s wp-content
Then add this to wp-config.php to force Wordpress to update when only applying this wp-content:
define('FS_METHOD', 'direct');
You can also apply to the whole Wordpress install to auto update Wordpress and not just plugins/themes. If you do this, I would recommend putting your wp-config.php file one directory above your Wordpress install though, so you can lock it down separately.
EDIT: Whenever I am having permission troubles on EC2, I go to site root directory, and paste these lines in. I apply it to the whole Wordpress install these days:
sudo find . -type d -exec chmod 0755 {} \;
sudo find . -type f -exec chmod 0644 {} \;
sudo chown -R ec2-user:apache .
sudo chmod -R g+w .
sudo chmod g+s .
I use something similar on my Mac as well.
In your wp-config.php under directives add this line:
define('FS_METHOD', 'direct');
You can simply solve this problem by doing this via ssh:
sudo chown -R apache path/to/wordpress
then
sudo chmod -R 755 path/to/wordpress
Your hostname would be ec2-107-20-192-98.compute-1.amazonaws.com.
Your username will be the username you use to SFTP to the instance normally - ec2user for some instance types, ubuntu for Ubuntu AMIs, etc. EC2 generally doesn't use passwords, preferring SSH keys, so you'll have to set a password for your account by doing passwd on the commandline.
Try adding FTP credentials to wp-config.php: http://codex.wordpress.org/Editing_wp-config.php and http://codex.wordpress.org/Editing_wp-config.php#WordPress_Upgrade_Constants
That should make WP admin stop asking for FTP details. But depending on how you've set up permissions via the command line, may have to go to the command line to edit files like wp-config.php . And you may not have sufficient permissions to upload and for WP to unzip a theme.
As per other answers, I use SFTP with a server of ec2-xx-xxx-xx-xx.compute-1.amazonaws.com username of ec2-user
ec2-107-20-192-98.compute-1.amazonaws.com:22 represents both the hostname and the ssh port. (SSH is normally on port 22, though it can run on any port.)
Try just ec2-107-20-192-98.compute-1.amazonaws.com in the hostname field.
I'm still skeptical of a webpage asking for a username and password. Seems a bit silly to me, since you should just use SFTP to directly upload whatever content you want using your SSH identity key instead of a password.
You could simply use 127.0.0.1 as hostname and check FTP in Wordpress ftp settings.
To resume what has been said:
user is the same you actually use to SSH/SFTP
password needs to be set/updated logging in via SSH and typing
sudo passwd your-user-name

How to resolve /var/www copy/write permission denied?

I am a newbie in php, mysql. I have written a hello.php script, which I am trying to copy into /var/www directory (and will later want to open it through web browser). The problem with the same is that I am not allowed to save/write any files in /var/www despite me being the root. I tried implementing steps in this question, but I get the following error when I process the third line
find /var/www/ -type f -exec chmod g+w '{}' ';'
chmod: changing permissions of `/var/www/index.html': Operation not permitted
I know symlink is also an option. I would want to be able to write/copy files directly to /var/www/ directory.
Any suggestions on what is going wrong?
it'matter of *unix permissions, gain root acces, for example by typing
sudo su
[then type your password]
and try to do what you have to do
Do you have a file in /var/www called hello.php already that has permissions on it? Maybe the system can't replace the file?
Although, root access should supersede any user on the system.
Have you tried applying permissions to the www folder?
If you can do this, try the following:
sudo chmod -R 777 /var/www
then do:
sudo cp hello.php /var/www
I only recommend doing this if you know 100% that it is ok to set permissions on the whole www folder. By the sounds of it, you are running on your own production server as most live/shared hosting servers are setup so that the www folder is not in the /var folder (instead it is in the home folder of the user).
Be VERY careful when doing anything with the sudo prefix though, you can seriously damage your system if you do it wrong.
Are you in a development environment ? If Yes, You can do
chown -R user:group /var/www
so you will be able to write with your user.
Execute the following command
sudo setfacl -R -m u:<user_name>:rwx /var/www
It will change the permissions of html directory so that you can upload, download and delete the files or directories
Encountered a similar problem today. Did not see my fix listed here, so I thought I'd share.
Root could not erase a file.
I did my research. Turns out there's something called an immutable bit.
# lsattr /path/file
----i-------- /path/file
#
This bit being configured prevents even root from modifying/removing it.
To remove this I did:
# chattr -i /path/file
After that I could rm the file.
In reverse, it's a neat trick to know if you have something you want to keep from being gone.
:)
sudo chown -R $USER:$USER /var/www
First off, this has nothing to do with php. This is a unix permission issue. You need to login as a superuser ( sudo/su ) and type your password, then try that command.
$ su
(type password )
\# your command
$ sudo command
$ (type password)
It might also help if you actually specified the operating system you use.
sudo cp hello.php /var/www/
What output do you get?
If none of the above works, you might be dealing with a vfat filesystem. Use "df" to check.
See http://www.charlesmerriam.com/blog/2009/12/operation-not-permitted-and-the-fat-32-system/ for more details.
First of all, you need to login as root and than go to /etc directory and execute some commands which are given below.
[root#localhost~]# cd /etc
[root#localhost /etc]# vi sudoers
and enter this line at the end
kundan ALL=NOPASSWD: ALL
where kundan is the username and than save it. and then try to transfer the file and add sudo as a prefix to the command you want to execute:
sudo cp hello.txt /home/rahul/program/
where rahul is the second user in the same server.
You just have to write sudo instead of su.
Then just copy the PHP file to the var/www/ directory.
Then go to the browser, and write local host/test.php or whatever the .php filename is.
Enter the following command in the directory you want to modify the right:
for example the directory: /var/www/html
sudo setfacl -m g:username:rwx . #-> for file
sudo setfacl -d -m g:username: rwx . #-> for directory
This will solve the problem.
Replace username with your username.
The problem is a privilege issue navigate to the var/www/
right-click in it and select open as admin
then continue your work

Resources