VPS under Ubuntu. Setting permissions?

V

Vladimir Kudinov2013-04-04 09:34:19

linux

Vladimir Kudinov, 2013-04-04 09:34:19

Please help me figure it out!
Launched VPS under Ubuntu. Standard set of software vsftpd+Apache2+MySQL+PHP. Everything is fine, everything is fine, there is only one problem - I can easily edit files via FTP, because everything is done on behalf of the user, and Apache does everything under the www-data user and any changes via HTTP (downloading or editing files) go through only if the value is 777.
I already tried adding the www-data user to the groups of all users and setting 775 for files, but the write is still not allowed.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

@

@sledopit, 2013-04-04
@frux

Install apache-mpm-itk and set the required user for the host via
AssignUserID user user

V

Vlad Zhivotnev, 2013-04-04
@inkvizitor68sl

Everything is a little more complicated. With mpm-itk, the web server is started as root, and all hosts for which AssignUserID is not specified also work as root. The master process running from root is normal, but if someone forgets to specify the UserID and this site is broken, there will be trouble.
Users appearing in mpm-itk can be properly restricted in the system (but in fact this is not necessary, www-data has no less rights - except that it has no password and /bin/sh instead of a shell).
In your case, the correct solution is to do chown -R user:www-data /path/to/files and put 775 on those directories that the web server needs to edit (and 755 on those that do not). At the same time, it would be nice to put 664/644 on all files after that.
In order not to do chmod every time, you can make the user the main group www-data (usermod -g www-data user, something like that, emnip). But this is only if you do everything alone on the server (all users will be able to go to each other and edit files if they have 664 files).

V

Vladimir Kudinov, 2013-04-04
@frux

uid=1004(geekstech.ru) gid=1004(geekstech.ru) groups=1004(geekstech.ru)
uid=33(www-data) gid=33(www-data) groups=33(www-data)

-rwxrwxr-x 1 qdinov.com root  1140 Apr  4 07:31 find_bom.php
-rwxrwxr-x 1 qdinov.com root   395 Apr  4 07:31 index.php
-rwxrwxr-x 1 qdinov.com root 19929 Apr  4 07:31 license.txt
-rwxrwxr-x 1 qdinov.com root 16501 Apr  4 07:31 readme.html
-rwxrwxr-x 1 qdinov.com root  4663 Apr  4 07:31 wp-activate.php
drwxrwxr-x 9 qdinov.com root  4096 Dec 12 20:47 wp-admin
-rwxrwxr-x 1 qdinov.com root   271 Apr  4 07:31 wp-blog-header.php
-rwxrwxr-x 1 qdinov.com root  3522 Apr  4 07:31 wp-comments-post.php
-rwxrwxr-x 1 qdinov.com root  5285 Apr  4 07:31 wp-config-sample.php
-rwxrwxr-x 1 qdinov.com root  5564 Apr  4 07:10 wp-config.php
drwxrwxr-x 7 qdinov.com root  4096 Apr  4 11:21 wp-content
-rwxrwxr-x 1 qdinov.com root  2718 Apr  4 07:31 wp-cron.php
drwxrwxr-x 9 qdinov.com root  4096 Dec 12 20:47 wp-includes
-rwxrwxr-x 1 qdinov.com root  1997 Apr  4 07:32 wp-links-opml.php
-rwxrwxr-x 1 qdinov.com root  2408 Apr  4 07:32 wp-load.php
-rwxrwxr-x 1 qdinov.com root 29310 Apr  4 07:32 wp-login.php
-rwxrwxr-x 1 qdinov.com root  7723 Apr  4 07:32 wp-mail.php
-rwxrwxr-x 1 qdinov.com root  9899 Apr  4 07:32 wp-settings.php
-rwxrwxr-x 1 qdinov.com root 18219 Apr  4 07:32 wp-signup.php
-rwxrwxr-x 1 qdinov.com root  3700 Apr  4 07:32 wp-trackback.php
-rwxrwxr-x 1 qdinov.com root  2719 Apr  4 07:32 xmlrpc.php