Hello, I have a perplexing permissions problem that i thought i had, but it's resurfaced. I'm running CentOS 5.3 and it runs an apache web server. The permissions on the web data directory in this case /var/www/secure/data are set to 4775 owner of apache group of webdev. All users that should be allowed to place content are in the webdev group. I was under the impression that any file then placed in that directory would have a owner of apache and a group of webdev permissions of 664. Whenever a locally logged on user adds content permissions are set to 664 but owner and group membership are that of the user who added the files not apache and webdev. The issue is further compounded when a user logs in via ftp and adds files or folders. They are owned by the ftp user and group. Any assistance appreciated. Thanks. Dave.
Dave wrote:> Hello, > I have a perplexing permissions problem that i thought i had, but > it's resurfaced. > I'm running CentOS 5.3 and it runs an apache web server. The > permissions on the web data directory in this case /var/www/secure/data are > set to 4775 owner of apache group of webdev. All users that should be > allowed to place content are in the webdev group. I was under the impression > that any file then placed in that directory would have a owner of apache and > a group of webdev permissions of 664. Whenever a locally logged on user adds > content permissions are set to 664 but owner and group membership are that > of the user who added the files not apache and webdev. The issue is further > compounded when a user logs in via ftp and adds files or folders. They are > owned by the ftp user and group. > Any assistance appreciated. > Thanks. > Dave. > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >Am assuming these users are in the webdev group, but 'webdev' is not their primary group. Can you try using the set-gid bit on the affected directory ( /var/www/secure/data/ ) to force the group ownership of objects created there to have same group ID as the directory, viz: chgrp webdev /var/www/secure/data/ chmod g+s /var/www/secure/data/>From your text, it appear you have objects getting created withappropriate group write permissions. -Alan
Hi, On Fri, Sep 4, 2009 at 11:03, Dave<dave.mehler at gmail.com> wrote:> ? ? ? ?I'm running CentOS 5.3 and it runs an apache web server. The > permissions on the web data directory in this case /var/www/secure/data are > set to 4775 owner of apache group of webdev.I believe what you want is 2775, the first "2" is the set-gid group, it will make files created in that directory inherit that group.> I was under the impression > that any file then placed in that directory would have a owner of apache and > a group of webdevNo, that's not how that works... You cannot force the user ownership of a file to change, only the group ownership. The set-uid bit on a directory doesn't do anything (AFAIK), only the set-gid bit has the effect of making files created in that directory inherit that group.> permissions of 664.That is actually controlled by the "umask", which is set by each user/program. In RHEL/CentOS, if your primary group matches your username, your umask will be set to 002, which is the one that will create files with 664 permissions, which is the one you want.> content permissions are set to 664 but owner and group membership are that > of the user who added the files not apache and webdev. The issue is further > compounded when a user logs in via ftp and adds files or folders. They are > owned by the ftp user and group.Fix the directory permissions from 4775 to 2775 and the group of files will be set to "webdev" as you want them to. Make sure the umask will be 002 (you might have to configure that on your FTP server too) and files will be writable by any member of group "webdev", so although the files won't all have the same owner, they will all be writable by any other members of that same group. HTH, Filipe