You are not logged in.

#1 2021-01-11 18:53:29

wombatvvv
Member
Registered: 2016-07-29
Posts: 50

How do I set "default" permissons/ownership for new files?

My issue is that I have a website located at /srv/http/website, in order for apache to have to access to those files to read and serve them, I have made the users "http" and "ftp" part of a group called, "web development" and made every thing within the /srv/http folder recursively owned by that group. I'm sure you've figured out the problem already ... whenever I create a new file (or if a new file is generated by a php script or whatever), it no longer belongs to that group and I have to individually change the file permissions again.

Is there some way to say "every new file created within X directory will by default have X group ownership and X permissions"?

Offline

#2 2021-01-11 19:10:53

Head_on_a_Stick
Member
From: London
Registered: 2014-02-20
Posts: 5,733
Website

Re: How do I set "default" permissons/ownership for new files?

Offline

#3 2021-01-12 15:34:48

wombatvvv
Member
Registered: 2016-07-29
Posts: 50

Re: How do I set "default" permissons/ownership for new files?

Wow ... could they have possibly worded that more confusingly?

Anyway, I get it. But it's not explained that well, I can only infer from the examples that you simply prefix a 6 (why 6?) to the numeric permissions code to set the defaults?

Okay ... is there anyway to do the same with the default group? (as in, make any new file belong to a certain group, not set it's group permissions as described in the above link).

Thanks for your help, I appreciate the reply.

EDIT: nope, I've obviously completely misunderstood. I tried it by adding a 6 ... chmod -R 6775 * ... I dunno what's happened but the x has been replaced by an s in rwx and now I now longer have permissions to create new files, despite being the owner & part of the group of the directory... ??? Probably should have tested it on a dummy directory first ... :S

EDIT 2: managed to fix it by running "sudo chmod -R ug=rwx,o=rx,a-s *"

... but anyway ... that didn't do what I was hoping it would do, I'm confused. Do me a favour please and give me the "For Dummies" version....

Last edited by wombatvvv (2021-01-12 15:46:16)

Offline

#4 2021-01-12 15:58:41

seth
Member
Registered: 2012-09-03
Posts: 19,029

Re: How do I set "default" permissons/ownership for new files?

You mean like giving user joe permission to create a randomly root owned file?

Your use-case doesn't suggest you needed that ability anyway.
1.  "web development"  is not a legal group name - you did not create nor assign this group to anyone.
2. Why would you want to apply the different ownership to paths other than /srv/http and below?
3. If the ftp and http servers have "certainly_not_web development" as their primary group, they should™ create files w/ that group ownership, but you can configure the default group for most server implementations (ie. it then depends on the process, not the user that runs the process)
4. You're not running apache as root, are you?
5. You can change the primary group for every user (including your regular one),

usermod -g "certainly_not_web development that_doesnt_work"

6. If you go for that, don't forget also to "… -aG users"
7. To set the sticky group bit do "chmod g+s /path/to/some/directory" - every file you create inside that directory will inherit the directorys GID. Use with care.

Offline

#5 2021-01-19 19:52:01

wombatvvv
Member
Registered: 2016-07-29
Posts: 50

Re: How do I set "default" permissons/ownership for new files?

seth wrote:

You mean like giving user joe permission to create a randomly root owned file?

Your use-case doesn't suggest you needed that ability anyway.
1.  "web development"  is not a legal group name - you did not create nor assign this group to anyone.
2. Why would you want to apply the different ownership to paths other than /srv/http and below?
3. If the ftp and http servers have "certainly_not_web development" as their primary group, they should™ create files w/ that group ownership, but you can configure the default group for most server implementations (ie. it then depends on the process, not the user that runs the process)
4. You're not running apache as root, are you?
5. You can change the primary group for every user (including your regular one),

usermod -g "certainly_not_web development that_doesnt_work"

6. If you go for that, don't forget also to "… -aG users"
7. To set the sticky group bit do "chmod g+s /path/to/some/directory" - every file you create inside that directory will inherit the directorys GID. Use with care.

No, I am not running apache as root. I am using systemctl enable httpd.

Thanks for trying to help me out here, the tip you gave in #7 does indeed work and do what I want it to do, so thanks for that.

However, I must admit I don't understand the rest of it. What is "certainly_not_web development that doesn't work"? I don't get what you're trying to say. As I'm trying to learn how to use Linux properly, I would like to understand.

In case I wasn't clear, I'll try and rephrase the problem:

- "web-development" is a group that I made that includes my primary user account as well as the system http and ftp users.
- I set /srv/http/ to be owned by that group, otherwise apache (i.e. user http) doesn't have permission to access the folder and serve the files.
- I simply put myself into that group so I could edit the files in /srv/http without having to sudo or su.

The problem that I'm having is that every time I add a new file to /srv/http, I need to change it's group ownership to "web-development", otherwise apache does not have permission to serve the file.

I wanted to know how to set it up so that every new file and directory created under /src/http is automatically owned by group "web-development" instead of having to do it manually all the time.

Does that make sense? Is it a bad idea from a sysadmin perspective and if so, why? (this is my private local development playground fwiw, I'm not editing code "live in production").

Last edited by wombatvvv (2021-01-19 19:58:08)

Offline

#6 2021-01-19 19:59:38

qinohe
Member
From: Netherlands
Registered: 2012-06-20
Posts: 1,229

Re: How do I set "default" permissons/ownership for new files?

I think what you mean is '-R recursive' (see) man chown

chown -R web-development:web-development /srv/http

Last edited by qinohe (2021-01-19 19:59:57)

Offline

#7 2021-01-19 20:04:08

loqs
Member
Registered: 2014-03-06
Posts: 13,015

Re: How do I set "default" permissons/ownership for new files?

wombatvvv wrote:

However, I must admit I don't understand the rest of it. What is "certainly_not_web development that doesn't work"? I don't get what you're trying to say. As I'm trying to learn how to use Linux properly, I would like to understand.

In case I wasn't clear, I'll try and rephrase the problem:

- "web-development" is a group that I made that includes my primary user account as well as the system http and ftp users.

In your first post the group was "web development" with a space which is not allowed in group names.
Edit:

# chmod -R ug=rwx,o=rx,a-s *

It is potentially a bad idea to make all files user and group executable when the intent was to  set the sticky group bit for all directories

# find /srv/http -type d -execdir chmod g+s {} \;

The above needs checking

Last edited by loqs (2021-01-19 20:24:36)

Offline

Board footer

Powered by FluxBB