Cloud server permissions: What is right?
I don't know much about this. I have a Ubuntu 20.04 Server for my little homework webpage.
I just made an upload form for students to send me files. I had public_html permissions set to 750. That didn't work. I tried 755, upload kind of worked, except the uploaded file could not be written to the target directory /public_html/uploads20BE/php/uploads/ PHP error was: permission denied Only after I set permissions in public_html to 777 could PHP send my file to the target directory. Do I need different permissions for every folder?? |
Quote:
But, more importantly, also consider file ownership, also group membership! It's usually (almost always) safer to adjust that, to make things work. chmod 777, otoh, is extremely unsafe and shoul really never be used, server or not. As which user does your server software and PHP run? While the master process is probably root, the workers usually run as www-data: Code:
$> ps aux | grep -E 'nginx|php' Code:
#> chown -R www-data:www-data /public_html |
Thanks for your reply.
I can imagine, 777 is maybe not so good (good thing it is only a homework page), but it was the only way I could get PHP to park the file where I wanted it! On my laptop, I have /var/www/html/ set to: owner: pedro, group www-data That works at home. I always try everything here first, then upload when I know it works. So I set the server the same: /var/www/mywebpage.com/public_html/ owner: pedro, group www-data (This is the first time I have a cloud server, before I only had shared hosting.) You seem to be saying, I should make the owner www-data? (and add myself to group www-data??) On the server, pedro is a sudoer. If I set everything to owner www-data, when it comes to editing files on the server, will I have problems?? Following advice from LQ, I often run these commands, because when I copy a file into /var/www/html/ at home, www-data can't touch it. Quote:
I also found these commands on the internet: Quote:
|
The directory to which the uploads are to be saved needs to be writable by the web user…the one that is running the PHP script. I usually do that by setting the owner of that directory to the web user. Permissions to 755. Just that one directory…not “everything”.
You (pedro) should still be able to read the files therein. DO NOT set permissions to 777! |
Aha!
And who is running the PHP script?? A student clicks a button on the webpage and the data are sent. PHP checks if the student number is in the database. PHP checks out the uploaded file. Bigger than 9MB will be rejected, smaller than 1MB will be rejected. The web user is www-data?? I am not clear on this point. |
Quote:
AFAIK, PHP is automatically started by your web server, so it runs as the same user. Web servers ususally run as www-data - look at its config file to make sure. |
Thank you very much!
I set: Quote:
To open a page for editing, I need to be sudo. I was worried, when I save it, sudo will be the owner, but the owner remains www-data. Lesson learned: on a server owner, group should be www-data! |
Quote:
Code:
sudo -u www-data ... |
Quote:
You can have files and directories shared by multiple accounts, but have to hop through several hoops with EXT4 to set up sharing. |
PROBLEM
The owner and group of public_html is www-data Now I can't upload! From Filezilla: Quote:
Can I login as www-data? Impersonate www-data?? |
Quote:
If two or more accounts are to share write access to part of the file system then you'll have to use the appropriate permissions. The chown, chgrp and chmod you showed in the first part of #3 were very close. Code:
sudo chown -R pedro:www-data /var/www/html/ |
Thanks! I'll try it right now!
Yes, thanks again, now I can upload! pedro@ebs-105224:/var/www/mywebpage.com/public_html/20BE1cw$ ls -al total 300 drwxrwsr-x 3 pedro www-data 4096 Nov 17 07:50 . drwxrwsr-x 21 pedro www-data 4096 Feb 12 12:12 .. -rw-rw-r-- 1 pedro www-data 2450 Oct 14 10:34 20BE1leitfile.html.php -rw-rw-r-- 1 pedro www-data 21053 Oct 14 10:34 20BE1wW1.html.php -rw-rw-r-- 1 pedro www-data 10985 Nov 17 12:12 20BE1wW11.html.php -rw-rw-r-- 1 pedro www-data 21300 Oct 14 10:34 20BE1wW2.html.php -rw-rw-r-- 1 pedro www-data 21350 Oct 14 10:34 20BE1wW3.html.php -rw-rw-r-- 1 pedro www-data 20342 Oct 14 10:34 20BE1wW3html.php -rw-rw-r-- 1 pedro www-data 18523 Oct 14 10:34 20BE1wW4.html.php -rw-rw-r-- 1 pedro www-data 26821 Oct 14 10:34 20BE1wW5.html.php -rw-rw-r-- 1 pedro www-data 22267 Oct 14 10:34 20BE1wW6.html.php -rw-rw-r-- 1 pedro www-data 16538 Oct 14 10:34 20BEsW1.html.php -rw-rw-r-- 1 pedro www-data 18854 Oct 14 10:34 20BEsW2.html.php -rw-rw-r-- 1 pedro www-data 2211 Oct 14 10:34 changePW.php -rw-rw-r-- 1 pedro www-data 2632 Oct 14 10:34 changePW_form.php -rw-rw-r-- 1 pedro www-data 1482 Oct 14 10:34 checkboxes_fieldset.html -rw-rw-r-- 1 pedro www-data 407 Oct 14 10:34 conn.php -rw-rw-r-- 1 pedro www-data 809 Oct 14 10:34 function.js -rw-rw-r-- 1 pedro www-data 1406 Oct 14 10:34 holiday_week_page.html -rw-rw-r-- 1 pedro www-data 3879 Nov 17 12:09 index.php -rw-rw-r-- 1 pedro www-data 1406 Oct 14 10:34 jsclock.html.php -rw-rw-r-- 1 pedro www-data 5863 Nov 17 09:38 login.php -rw-rw-r-- 1 pedro www-data 3566 Oct 14 10:34 login.php.backup -rw-rw-r-- 1 pedro www-data 3568 Oct 14 10:34 login.php.backup2 -rw-rw-r-- 1 pedro www-data 5636 Nov 17 07:36 login.php~ drwxrwsr-x 2 pedro www-data 4096 Nov 17 07:51 php -rw-rw-r-- 1 pedro www-data 2445 Oct 14 10:34 register.php -rw-rw-r-- 1 pedro www-data 3067 Oct 14 10:34 register_form.php -rw-rw-r-- 1 pedro www-data 1226 Oct 14 10:34 register_success.html.php pedro@ebs-105224:/var/www/mywebpage.com/public_html/20BE1cw$ |
All times are GMT -5. The time now is 08:37 PM. |