I can't believe I wrote a looong message and it logged me out when I tried to submit it.
So anyway, in short lines:
- I have a network of sites where all sites share same "images" folder
- I have created /home/_images/entities and symlinked it from all websites
- It works great with Apache, when I open /images/ on any of the sites I get list of images and can view them
The problem is suPHP which changes process ID of the PHP script to the file owner ID, so when I load site1.com
, all scripts are executed as user1
(and files/folders created with those scripts belong to user1:user1). When I load site2.com
, all scripts are executed as user2
(and files/folders created with those scripts belong to user2:user2). All these users do NOT belong to the same group, and I wouldn't like to change that as it is cPanel/WHM server so I'm afraid I'll screw something up if I change (primary?) group of all users.
Therefore I need to set it up in such way that all newly created folders and files under /home/_images/entities (owned by root) have read/write permissions for everyone.
Here's the command I used:
setfacl -Rdm o::rwx /home/_images/entities
To check it:
root@server1 [~]# getfacl /home/_images/entities/
getfacl: Removing leading '/' from absolute path names
# file: home/_images/entities/
# owner: root
# group: root
This looks fine, however when I try upload an image via site1.com it looks like this:
root@server1 [/home/_images/entities]# ls -l
drwxrwxrwx+ 5 root root 4096 Jan 14 06:25 ./
drwxrwxrwx 5 root root 4096 Jan 12 13:08 ../
drwxrwxr-x+ 3 user1 user1 4096 Jan 14 06:25 1/
And in folder "1" is the image (and thumbs folder):
root@server1 [/home/_images/entities/1]# ls -l
drwxrwxr-x+ 3 user1 user1 4096 Jan 14 06:25 ./
drwxrwxrwx+ 5 root root 4096 Jan 14 06:25 ../
-rw-rw-rw- 1 user1 user1 225569 Jan 14 06:25 689048f221ab7c556f4d482a9d92b2d6.jpg
drwxrwxr-x+ 2 user1 user1 4096 Jan 14 06:25 thumbs/
1) Why newly created folders do not have "write" permissions for everyone else [not user and/or group]? If I upload first image from site1.com, then I can't upload other images from any other site, while all sites can display them.
2) What is the + at the end of permissions list? (drwxrwxr-x+)
3) Why newly created files have only "rw" permissions for user, group AND everyone else, and not execute permissions? I don't actually need execute flag set here, but from my command you can see I've set "o::rwx" so it should be there (or not?)
Actually the real problem is #1 - other users can't write to this folder so users can't upload images from other sites nor other sites can create (missing) thumbnails.