I
I
Ivan Antonov2019-02-09 17:48:55
linux
Ivan Antonov, 2019-02-09 17:48:55

How to properly set the rights to the site directory in order to conveniently work with it locally?

It's not the first week I've been suffering with the distribution of rights.
I use a bunch of nginx, php-fpm.
I would like to create a separate directory with a site in which I can work as a home user and view the result on a local machine. The problem is that if I create a file under my user, it gives out Permission deniedwhen viewed through the browser, if I transfer ownership to the nginx user, then I cannot edit this file. Assigning rights to 776 seems wild to me.
======== I will describe the structure ========
/etc/nginx/nginx.conf
Completely standard, the user is in it nginx.
/etc/nginx/conf.d/joomla.test.conf
Here I have a host for the local domain joomla.test.
/etc/php-fpm.d/www.conf
Everywhere (in 4 places) specified user and group nginx.
/etc/share/nginx/joomla.test
folder of my site
public_html- site root
error.log, access.log- nginx logs
======== End of structure ========
I can, specify user Antonov:nginx with rights 750, and everything seems to be working, but it's not convenient to control the rights and SELinux labels (which are set by chcon). And still, sometimes nginx swears because it cannot enter any of the folders and you have to do 755 for the folders, as if there is some third user involved (like root).
How can I set the rights so that working under my user Antonov:Antonov and not having to change the mode, owner and group of files every time? And how in general it is correct to distribute the rights? Whether it is possible to adjust so that everything worked at the rights in 700?

Answer the question

In order to leave comments, you need to log in

4 answer(s)
A
Alexey Sundukov, 2019-02-10
@antonowano

Correct option:
1) Disable SELinux altogether.
2) Create a dev group: sudo groupadd dev
2) Reduce the nginx and Antonov users (and generally everyone who needs access to this file subtree) to the dev group, as Yar Rick already mentioned , with the command:

sudo usermod -aG nginx dev
sudo usermod -aG Antonov dev

3) Recursively change the permissions on directories to 2775 and 664 for files with the commands:
sudo find /etc/share/nginx/joomla.test -type d -exec chmod 2775 {} \;
sudo find /etc/share/nginx/joomla.test -type f -exec chmod g+w {} \;

Why exactly 2775 can be seen in the video: https://www.youtube.com/watch?v=EAfcMMlcNgg&t=704s
4) Set umask=002 for nginx and php-fpm video: https://youtu.be/gLMUCEiMFYA?t=365 ).
Yes, it's possible. But you will have to run nginx from Antonov and run php-fpm from Antonov. But in general, 0700 does not make much sense (although it is possible to use 770 on the root folder).

V
Vitsliputsli, 2019-02-09
@Vitsliputsli

For local use (development/debugging), it's easiest to run Apache/nginx as the user you're running as.

A
Alexander Chernykh, 2019-02-09
@sashkets

I will add Vitsliputsli
on the sale, it is normal to have rights 755/644 or 750/640

Y
Yar Rick, 2019-02-09
@Yar_Rick

You can add the www-data user to the Antonov user group. Then the web server will be able to read files created by the user Antonov.
sudo usermod -a -G Antonov www-data
And give the folders where the web server can write permissions to 777.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question