Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I was expecting to see file "test" to have group "www-data". I see it doesn't have group write permission as well and think that is related.
How is this performed?
Code:
michael@pi2:~ $ mkdir /home/michael/www
michael@pi2:~ $ sudo chgrp www-data /home/michael/www
michael@pi2:~ $ chmod g+s /home/michael/www
michael@pi2:~ $ chmod g+w /home/michael/www
michael@pi2:~ $ touch /home/michael/www/test
michael@pi2:~ $ ls -l /home/michael/www/
total 0
-rw-r--r-- 1 michael michael 0 Jun 13 16:38 test
It's done in part by using a different group than www-data. What problem are you trying to solve? It's almost certain that another group should be used instead. The www-data group is there to provide an unpriviledged group for the web server.
Thanks Turbocapitalist and pan64, I had been using ls -l instead of ls -ld. Never knew there was a difference. So, I guess they are group www-data, but shown as group michael?
Thanks Turbocapitalist and pan64, I had been using ls -l instead of ls -ld. Never knew there was a difference. So, I guess they are group www-data, but shown as group michael?
Perhaps, but please quote the exact output so we can see what is the case. Unless you are using ACLs, only one group is allowed and the one that is showing is the one that will take effect.
Perhaps, but please quote the exact output so we can see what is the case. Unless you are using ACLs, only one group is allowed and the one that is showing is the one that will take effect.
Thanks
Code:
michael@pi2:~ $ ls -l
total 8
drwxr-xr-x 2 michael michael 4096 Jun 13 15:55 test
drwxrwxr-x 2 michael www-data 4096 Jun 13 17:45 www
michael@pi2:~ $ ls -ld
drwxr-xr-x 5 michael michael 4096 Jun 13 18:17 .
michael@pi2:~ $ cd www
michael@pi2:~/www $ ls -l
total 0
-rw-r--r-- 1 michael michael 0 Jun 13 17:45 test
michael@pi2:~/www $ ls -ld
drwxrwxr-x 2 michael www-data 4096 Jun 13 17:45 .
michael@pi2:~/www $
Ok. The group has been set. Now you need to set the set-group-ID bit:
Code:
chmod g=rwxs /home/michael/www/
Once that is set, new files will have the same group as the directory. However, that will bring up the question of choice of groups again and what your real goal is.
Ok. The group has been set. Now you need to set the set-group-ID bit:
Code:
chmod g=rwxs /home/michael/www/
Once that is set, new files will have the same group as the directory. However, that will bring up the question of choice of groups again and what your real goal is.
I was pretty much doing the same thing with chmod g+s and chmod g+w. But it doesn't make files have the same group as the directory! Not only does new file "test" not of group "www-data", it also isn't writable by group. And where is that setid flag shown??? Please look at my very first code listing as well as the following.
Code:
michael@pi2:~ $ mkdir /home/michael/www
michael@pi2:~ $ sudo chgrp www-data /home/michael/www
michael@pi2:~ $ chmod g=rwxs /home/michael/www/
michael@pi2:~ $ ls -l
total 8
drwxr-xr-x 2 michael michael 4096 Jun 13 15:55 test
drwxrwxr-x 2 michael www-data 4096 Jun 14 05:38 www
michael@pi2:~ $ ls -ld
drwxr-xr-x 5 michael michael 4096 Jun 14 05:38 .
michael@pi2:~ $ cd www
michael@pi2:~/www $ touch test
michael@pi2:~/www $ ls -l
total 0
-rw-r--r-- 1 michael michael 0 Jun 14 05:38 test
michael@pi2:~/www $ ls -ld
drwxrwxr-x 2 michael www-data 4096 Jun 14 05:38 .
michael@pi2:~/www $
Real goal... Well, other than educating myself, I wanted the files to be mine but to give nginx the ability to read and execute them and sometimes even write to them.
Last edited by NotionCommotion; 06-14-2017 at 12:44 AM.
Real goal... Well, other than educating myself, I wanted the files to be mine but to give nginx the ability to read and execute them and sometimes even write to them.
Thanks. I'd limit the ability to write anything to just the bare minimum needed for your scripts to operate. Keep the principle of least privilege in mind.
About the set-group-ID bit, it should show up about like this:
Code:
drwxrwsr-x 2 michael www-data 4096 Jun 14 05:38 www
In your ouptput, it is not set despite using chmod correctly in two different ways. So, which partition is that directory on and is nosuid one of the mount options? That would block using the set-group-ID bit.
Code:
mount
# or
mount | grep "^$(df -h /home/michael/www/ | awk 'NR >1 { print $1; exit; }')"
Well, at least it feels good that I was doing it right
Why don't I see /dev/root/ returned by mount? Is the following results expected?
Thanks!
Code:
michael@pi2:/dev $ df -h /home/michael/www/
Filesystem Size Used Avail Use% Mounted on
/dev/root 29G 1.8G 26G 7% /
michael@pi2:/dev $ mount | column -t
/dev/mmcblk0p2 on / type ext4 (rw,noatime,data=ordered)
devtmpfs on /dev type devtmpfs (rw,relatime,size=468152k,nr_inodes=117038,mode=755)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,nodev,mode=755)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=22,pgrp=1,timeout=300,minproto=5,maxproto=5,direct)
mqueue on /dev/mqueue type mqueue (rw,relatime)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
configfs on /sys/kernel/config type configfs (rw,relatime)
/dev/mmcblk0p1 on /boot type vfat (rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,errors=remount-ro)
michael@pi2:/dev $
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.