For files created from the testuser account in the /var/www directory, I need they have g+rwx as permissions, and www-data as group.
How can I achieve this?
I'm creating the files via SSH.
3 Answers
To set the group, give /var/www the setgid bit:
chgrp www-data /var/www
chmod g+s /var/www
To also adjust subdirectories: find /var/www -type d -exec chmod g+s {} +
This will make all newly created files inherit the parent directory's group, instead of the user's.
To set the default group permissions, you will have to use ACLs. Set a "default" ACL:
setfacl -m "default:group::rwx" /var/www
To also adjust subdirectories: find /var/www -type d -exec setfacl -m d:g::rwx {} +
Note: The file system must have ACL support enabled. Sometimes it is on by default; on ext3 or ext4 you might get "Operation not supported", in which case it must be enabled manually:
For a currently mounted filesystem:
mount -o remount,acl /Permanently – one of the methods below:
at fstab level: edit
/etc/fstabto haveaclin the options fieldat filesystem level:
tune2fs -o acl /dev/diskname
answered Jan 23, 2012 at 17:59
-
can't you get the subdirectories with chmod -R g+s /var/www? Doesn't seem like you should need the find command.– bobpaulCommented Jan 14, 2014 at 0:56
-
6@bobpaul: No, because
chmodwould also get all files. Commented Jan 14, 2014 at 3:01 -
Note that some commands, in particular
install, somehow manage to bypass directory default ACLs. Commented Dec 12, 2018 at 6:41 -
@grawity This is a really great answer and I am sure that there is a solution in there for my problem, but I can't figure it out. I have a
/var/www/html/projectsfolder and when www-data creates a file it hasrw-rw-rpermissions but when I do something in console it creates a file withrw-r--r. How can I force new created files to always haverw-rw-rpermissions?– lewis4uCommented Jul 29, 2019 at 14:18 -
1I just played around a little bit more and it seems this does the trick for me:
find projects -type d -exec chgrp www-data {} +find projects -type d -exec chmod g+s {} +sudo setfacl -R -d -m u::rw projects– lewis4uCommented Jul 29, 2019 at 14:29
This might have gotten a few people stuck with 'grawity' answer on setgid, if the folder's group is different from your own you may need to run chmod as root but you won't get any error indicating you need to do this.
$ ls -ld dir
drwxrwxr-x 2 luke testgroup 4096 Mar 9 10:44 dir
$ chmod g+s dir #no errors
$ ls -ld dir
drwxrwxr-x 2 luke testgroup 4096 Mar 9 10:44 dir #but nothing changed
$ touch dir/nosudo && ls -l dir/
-rw-rw-r-- 1 luke luke 0 Mar 9 10:51 nosudo #and the group is still wrong
$ sudo chmod g+s dir
$ ls -ld dir
drwxrwsr-x 2 luke testgroup 4096 Mar 9 10:44 dir #the setgid bit is now on
$ touch dir/withsudo && ls -l dir/
-rw-rw-r-- 1 luke luke 0 Mar 9 10:51 nosudo
-rw-rw-r-- 1 luke testgroup 0 Mar 9 10:51 withsudo #and group is set
-
I was pulling my hair out before I ran across this. Thanks. Commented Jun 1, 2018 at 4:13
The group of the files being created by an user is the group of that user (in /etc/group). The permissions are controlled by the UMASK parameter see this
stor/appe? Via HTTPPUT? Through a shell account? These details are important, because they greatly affect the possible answers, and need to be in your question.