Confusion on file and directory permissions
 

Hello.

I am running software on a server which states that the file permissions should be:

cd /var/www/example.com/domain
chown -R $USER:www-data .

However, my server has no www-data account. httpd in centos runs as nobody.

As well. $USER could be anything from root to any other logged in user depending on how they are accessing the server - for example, when I login into the server via ssh I'm root, so in that case the user would root. I can also login as a user with name this-is-my-name in which case the $USER would be this-is-my-name.

So what's the story?

www-data is not an account, but a group.
My guess is that the documentation of your software assumes you are logged into a certain account, but it's hard to guess the intentions of unknown software.

Interesting that you are using ssh to directly get on the server as root. Normally, I would expect the root user to be restricted to logging into the server at the console. I thought this would be the norm on Linux these days. (Check /etc/securetty for "pts" entries.) I can't recall if the distributions I've been using do it by default or whether I've just gotten used to locking things down as a habit---I've been restricting root's access to either the physical console ("Hey! Who let you into the data center?"), via a "regular" user who has to use "su" to become root (which gets logged), or temporarily becoming root via "sudo" (again, logged). Many (many) years ago, we got called out by the internal auditors for not being as attentive as we should have been about root access on some of the servers we inherited during a corporate acquisition/re-org and had to go about locking things down (after we wiped the egg off our faces). Not allowing root to login directly via the network was the first fix we instituted.

Cheers...

www-data is specific to Debian/Ubuntu and derivatives so I'm wondering what software you are running on CentOS and where the instructions come from. See post 3 & 4 at the thread linked below.

https://www.linuxquestions.org/quest...-a-4175646418/

The current (as of CentOS 7) default user for the web server is apache. It used to be nobody, and as I've upgraded over the years I've found it convenient to just keep it as nobody. The user is defined in the httpd.conf file with the User and Group directives.

In my experience, a directory should only be owned by the web user if there is an application which is creating or writing to files in that directory. Otherwise it is as you say, the content may be owned by any user as long as it's readable by the web user, which is accomplished by having directories permies set to 755 and file permies set to 644.

That said, the software is telling you to just change the group for all files in the directory, and the directory itself, to the user you're logged in as with the group set to your web server's group. See what's set on the Group directive in httpd.conf and replace www-data with that group name. It doesn't (probably) matter which user that is...the point is to change the group.

I too would question what software it is that's instructing that, however. I wonder what those instructions think changing the group will accomplish.