Question

86

Grant a user permissions on www-data owned /var/www

rated 0 times [ 86] [ 0] / answers: 1 / hits: 268167 / 2 Years ago, mon, march 28, 2022, 1:03:19

I have a simple web server setup for some websites, with a layout something like:

site1: /var/www/site1/public_html/

site2: /var/www/site2/public_html/

I have previously used the root user to manage files, and then given them back to www-data when I was done (WordPress sites, needed for WP Uploads to work). This probably isn't the best way.

I'm trying to find a way to create another user (lets call it user1) that has permission to edit files in site1, but not site2, and doesn't stop the files being 'owned' by www-data. Is there any way for me to do this?

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

chilgirlguid

Add To Favorites

Follow

Total Points: 123

Total Questions: 114

Total Answers: 121

Location: Macau

Member since Mon, Nov 16, 2020

4 Years ago

answered 2 Years ago gliroopy · Accepted Answer

If we check ownership of site1, we will find something like this,

ls -ld /var/www/site1/

drwxr-xr-x 2 root root 4096 Oct 24 21:06 site1/

This means that the directory is owned by user root, group root. While user root has write permission (plus read and execute permissions) to the directory, group root has only read and execute permissions.

We will want to change the group ownership to another (new) group and add user1 to that particular group. We will give write permission to that particular group as well.

Create a new group,

sudo addgroup site1

Add user1 to the newly created group,

sudo adduser user1 site1

Check that user1 is really in that group,

groups user1

The output should be a list something like,

user1 : <other-groups> site1

Now we can change the group ownership of your intended directory.

sudo chown -vR :site1 /var/www/site1/

changed ownership of `/var/www/site1/' from root:root to :site1

Grant write permission to this new group owner,

sudo chmod -vR g+w /var/www/site1/

mode of `/var/www/site1/' changed from 0755 (rwxr-xr-x) to 0775 (rwxrwxr-x)

Check that all the changes are indeed there,

ls -ld /var/www/site1/

drwxrwxr-x 2 root site1 4096 Oct 24 21:06 /var/www/site1/

So, the directory now is owned by user root, group site1. Both user root and group site1 have write permission (plus read and execute permissions) to the directory. Any user belonging to group site1 will enjoy all the privileges granted to that group.

Now login as user1, move to site1 directory and try to create a file in that directory,

echo "My User1 Site" > index.html 

bash: index.html: Permission denied

This failed since most likely the primary group of user1 is not site1. So, change to that group.

newgrp - site1

Try to recreate the file (beware that you have been moved to the home directory of user1 after changing group), this should work now.
Since the created files will have world read permission, apache (or your web server) should not face any problem accessing them.

EDIT

Also, as pointed out by dan08 in comment, you need to add www-data to site1 group.

sudo adduser www-data site1

On many (not all) distributions, www-data is the user under which the Apache web server runs. This also means that everything done by Apache (especially including PHP scripts) will be done with the permissions of user www-data (and also group www-data) by default. WordPress uses the user www-data to write files.

If you want to see how apache web server is running, issue the command,

ps aux | grep apache2 | less