Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Linux user permissions
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Linux user permissions

shaanlshaanl Member
edited August 2011 in General

I need some advice/help with setting up a user in linux please.
What I have done so far is disabled the root account, changed the ssh port and created a new user to use (lets call the user shaanl). I've added shaanl to the www-data group and the admin group, by putting the user name after the : in /etc/group

I want shaanl to be able to add/delete/edit files in the /var/www folder. The user can do this at the moment, however the files are created using the user:group shaan:shaan. How can I get it so that the default group is always www-data?

Also, how can I get it to have rwx permissions by default for the group, user and other whenever I create new files and folders?

Thanks!

Comments

  • You must edit the /etc/passwd and give the user the group he should belong to.

    You should not make a directory writeable to others. But you can do that with mkdir -m 777 <name>.

    Thanked by 1shaanl
  • dannixdannix Member
    edited August 2011

    1) http://de.wikipedia.org/wiki/Setgid

    chmod g+s /var/www (as root)

    2) set proper umask before creating the files (default is usually 022, which gives u=rwx,g=rwx,o=. You would need 000)

    umask 000

    or

    umask u=rwx,g=rwx,o=rwx

    should help you.

    @skagerrak there is no groups info in /etc/passwd

  • The 4th column of /etc/passwd is the group.

  • dannixdannix Member
    edited August 2011

    This only defines the 1 main group for the user. However the user can belong to more than 1 group. I must admit though, that your solution will work for that what he wants.

  • skagerrakskagerrak Member
    edited August 2011

    That is correct.

  • @skagerrak the line in my /etc/passwd file is
    www-data:x:33:33:www-data:/var/www:/bin/sh
    do I change it to
    www-data:x:33:33:www-data,shaanl:/var/www:/bin/sh ?

    @dannix do I need to do the umask as well?

  • if you use the solution from skagerrak, you should find a line in /etc/passwd starting with shaanl
    and change the 4th column to 33 (GID of www-data group). After that the main group of user shaanl will be www-data and you will not need umask. However with that each and every file you create on the disk, will belong to shaanl:www-data (not only in the /var/www)

  • shaanlshaanl Member
    edited August 2011

    Ah I see. Is it possible to have multiple GID's?

  • Actually, do you guys reckon I should have two users on the VPS, one specifically for the /var/www folder (in the www-data group) and then another for everything else (in the root/admin group)?

  • see usermod and options -g -G. You have one main group, but you can belong to many supplementary groups. The files created by you will belong to the main group (that's why I proposed chmod g+s on particular directory where it should be different).

    Eventually instead of changing umask before creating the files, one could use inotifywait (need to configure it properly and make sure it is started on system startup)

    Thanked by 1shaanl
  • Do you think I should have a separate user specifically for the /var/www folder?

  • Yes I would recommend that.

    Thanked by 1shaanl
  • shaanl said: Do you think I should have a separate user specifically for the /var/www folder?

    Apache uses www-data I beleive, so you can just do

    chown -Rv www-data:www-data /var/www/

    I think that folder by default is owned by apache however.

    Thanked by 1shaanl
  • Ok, so I'm going to use the www-data user exclusively for the /var/www folder.
    I can assign a password to it right? It's not going to be a security issue?

  • Yes, as root you can assign a (new) password to every user with passwd <user>.

  • Use an SSH key, not a password. Disable password-based SSH logins completely.

  • NickM said: Use an SSH key, not a password. Disable password-based SSH logins completely.

    But don't forget to use passphrases then.

  • shaanlshaanl Member
    edited September 2011

    Wicked, thank you :)
    Last question :)
    I would like the default permissions on every file and folder to be rwxrwxr-x
    When I create a new file or folder, it gets given rwxr-xr-x
    How do I get it to make it rwxrwxr-x every time?

    Also, is there a way to automatically create specific separate permission for folders (say 775) and files (say 644)

Sign In or Register to comment.