1

Hey everyone

As per previous post I’ve setup a cloud rackspace and got Unbuntu working which is great.

I’m storing http files under /home/user/www

I do this:

useradd -G www-data DazREIT

chown -R DazREIT:www-data /home/DazREIT/www

chmod -R 775 www

That way apache runs fine, and I can FTP in as myself and delete/create/edit files in my www directory

Can someone explain what the heck the second line is about and how does it work?!

Is there a better way of doing it, or am I doing it correctly?

Daz

5 Spice ups
2

Chown man page:

http://linux.die.net/man/1/chown

3

Thanks Jim, that’s where I was looking, I just need to ensure I’m doing it the correct way, and not taking the long road to the solution as there seem to be an awful lot of solutions out there using interesting methods!

Daz

4

Ah hit a wall, when I do:

chown -R www-data:www-data /home/DazREIT/www

I can’t delete files in FTP but apache works great

If I do:

chown -R DazREIT:www-data /home/DazREIT/www

Apache will load, but can’t edit/move files (i’m running joomla) but I can FTP in and delete etc

5

I’ve tried this:

chmod -R ugo+xwr /home/DazREIT/www/*

the www becomes 777 which is fine for the test, but any sub directories and files don’t?

6

I don’t know to much about ubuntu but did you check you selinux? Also you may want to look at the ACL’s on the directory.

7

God forbid, I may go back to windows server :wink:

8

DazREIT wrote:

God forbid, I may go back to windows server :wink:

It can be frustrating at times. But remember, its very different. Once you get used to it you’ll find its actually easier to work/run/manage/and fix Linux than windows.

9

think i’ve worked it out - it was still updating

10

Permissions are a tricky thing to get ones head around when ye first start, if you get webmin on your server you can easily see which users are in what group.

if dazreit is the user and www-data is the group, you probably want 755 or 750 permissions to let you modify the files and apache read and execute them.

If your website needs to upload things, it will most likely have to upload to a directory with 777 permissions so you have to make your upload script additionally secure.

I can’t remember where i learned about permissions…the main difference from windows is that (obviously) you can only set one user and one group as opposed to as many groups/users as you want.

11

Linux supports a lot more granularity than that, but almost no one turns that on because of the way that Linux is normally used. Windows is about end users and their files. Linux is about servers and files. So the complex needs of Windows are normally overkill on Linux.

12

DazREIT wrote:

I’ve tried this:

chmod -R ugo+xwr /home/DazREIT/www/*

Egads, don’t do this.

In the order you see them with ls -l, it’s User Group Other, having Read, Write, and eXecute permissions. 777 means “anyone, even if they are not the owner or even in the appropriate group, can modify or destroy these files.”

The numeric values are:

4 = read
2 = write
1 = execute

So 7 gives all permissions. 5 gives read and execute. 6 gives read and write. These are the most common combos.

Note that using the numbers absolutely sets permissions, no matter what they were before, while using the letters gives or takes them and will not affect anything that already has 'em.

Frex,

chmod -R o-w /path/to/dir

which will “remove write permissions from Others recursively” through the target directory, without killing website visitors’ ability to Read and Execute those files (directories must be Executable to the user in order to be traversed).

You can handle yours and Apache’s permissions using group membership.

For example… assuming you have an account with a strong password, why not secure the files via

chown -R www-data:www-data /home/user/www (giving Apache ownership and letting it run)

chmod -R 775 /home/user/www

This gives the www-data user full control, anyone in the www-data group full control, and read / execute permissions to everyone else, i.e. your website visitors.

All you have to do now is add your own user account to the www-data group.