Hi guys,

I'm totally new to this forum. I was told this is the best place to discuss Linux related topics. First of all, excuse me in advance if my questions are basic. I'm definitely not an advanced user. So I also hope I have posted in the right section. "Linux - Newbie" sounds about right to me!

Ok, here goes...

I have rented a VPS here in the UK which runs CentOS (6 I guess) and Plesk Panel. So far so good. I got my head around them a little bit, so I am able to set up subscriptions and, therefore, host the domains I want to point to this one.

The other day I wanted to try out Concrete5 because I was curious to check out some features and when I got to the installer, it complained that three folders were now writable by the server. Now, regardless of knowing Concrete5, I guess this raised an issue which could come up also with other modules, so I thought it would be good to post now, in advance, to understand what the best practice would be.

I uploaded the files via my FTP client (Transmit) and the owner was therefore my FTP user I created for that hosting (let's call it ftp_user). The group was assigned by the server and it was psacln (what kind of group is that anyway??). On my old server (FreeBSD with no panel) the user was always set to my FTP user (as I guess is normal) and the group is www, and the name makes much more sense to me (www, of course!).

So, what I did to solve the issue in this case, was to change the owner of the whole installation of Concrete5 to 'apache'. So the new user:group became apachesacln. All worked fine, BUT of course I was not able to upload files via my FTP client anymore... Surprise surprise! So I had to change the owner of some folders again to upload via Transmit. A messy way to handle it, to say the least.

I imagine there is a simpler way to solve this issue? I mean, what kind of genius came up with this system on these new VPS I have? Most modules will require the web server to be able to write inside some folders, right?? And, on the other hand, most people want to use an FTP client to manage files and folders??

I'm sure there is to play with groups, but I'm too ignorant to guess what to do. Can any expert please tell me what the best way to handle this, and similar future issues, would be?

Many thanks in advance.

Welcome to LQ!

You just need to thoroughly go through manuals of chmod (stands for change mode, see here), chown (stands for change owner, see here), file permissions, and ownership and group.

If problem isn't solved after this, please share the error message(s), if any.

Good luck!

Hello Shivaa,

Thanks for your answer.

I have to say that I have not understood it. Perhaps my first post was not very clear?

I know how to change permissions and owners. I just don't know what the best way to set up owner and group is, in order to make the files writable by the web server (as required by the CMS) and be able to handle files with my FTP client. Hope it makes sense?

Thanks.

@svedish:
If you know about permissions and chown, then there should be no issues. And as I already said, once go through owner/group concept, and problem will be solved, I hope!

As far as I am concerned, there should be some user (or admin) who manages web server. So in order to allow that user to read/write on your files, just add write permission on your files for group and add that user to mail group of your files.

Note: Here <group> is group associated with the file filename.

BTW, To be honest, I don't much know about web servers, so I or others could help you only if you provide adequate info. with error message, if any.

The problem is this:

when I upload files to the server, by default they belong to the user that has uploaded them, as follows:

files for website 1 belong to user1 (group psacln)
files for website 2 to user2 (group psacln)
files for website 3 to user3 (group psacln)

Some of these files need to be written by the web server (as it happens for most CMS systems). So there needs to be a set up which guarantees the web server to write them on one side and each of the users to manage files via ftp on the other side. On the other server this is solved by the www group, which I believe every hosting user gets added to when I create them, I think...

Do you see what I mean?

Thanks

A simple suggestion - who is gonna modify these files, uploaded by different users, on your webserver? Do you have any web server admin who will modify these file? If yes, then what's username of that webserver admin and what's his main group?

Just change group of all these uploaded file to main group of admin user (let's say, admin account is webadm and his group is webgroup) like this:

No, there is no webadmin user. I will be modifying all these websites, but I may give access to designers or developers to these websites at times, so it's good that each website belongs to a different user for FTP purposes.

So, given that I need to have files belonging to different users? I can solve all just with the group, right?

Thanks

Yes correct. Just create a group, add all your designers to that group and whenever a new file is uploaded, change it's group to that new group with R/W access to designers.

Sorry, but this means that I would need to *manually* change the group of *each* file that gets uploaded? That would be quite a hassle, don't you think? Shouldn't I work with the group that gets assigned to the files automatically by this VPS and add these users to this psacln group?

Also, what is this psacln group? I had a nice www group on my FreeBSD server and all users I created automatically got added to it! Intsead this new server, when I create a hosting user, doesn't add him / her to this default group? This is just non sense, isn't it? Is it Plesk that does it or CentOS?

Thanks

Well, in that case, SGID could be helpful, but it has a limitation that any new file created within a directory inherits main group of the directory. But already existing file will still have their old group.

Meanwhile, you need not to run chgrp for every individual file, but invoke it on whole directory, as:
In this way, work can be done in one shot.

Everything sounds a bit convoluted, I have to admit. but thanks.