I have a LAMP server where I've run the following commands to set permissions of files in /var/www:
groupadd web
usermod -a -G web my_user
chown -R root:web /var/www
chmod -R 775 /var/www
chmod -R g+s /var/www
My goal is to have all files writable by any member of the "web" group. Is there a secure way to allow file uploads (e.g. within Wordpress) without changing the file ownership? Note: this is a private server.
chmod -R g+s /var/www
command. For directories, the s
bit causes a change to the default group of files within the directory, but for executable regular files, it means something different. With this command, you will accidentally create setgid executables. You need to apply this command only to directories, not recursively to everything - Celada 2012-04-03 20:26
One way of applying permissions to just directories is to use the find
command. For example:
# Set the owner and group on everything.
chown -R root:web /var/www
# Make *directories* read/write/execute and set the `sgid` bit.
find /var/www -type d -print | xargs chmod g+rwxs
You don't want to run chmod -R 775 /var/www
because this will make all your files executable, which is probably not what you want.
775
, each digit corresponds to a set of three permission bits expressed in octal notation. So 7
means rwx
(all bits set). Static files should probably be owner- and group- writable, given your goals, and readable by everybody. That's mode 664
, or rw-rw-r
. CGI scripts and so forth will need to be executable - larsks 2012-04-04 20:02