0

As an extreme newbie, I am having difficulty managing ownership and permissions on my first box. What I can't figure out is how to deploy using one user, we will call him deploy and operate my php application with www-data user.

Currently as it stands, I know my server runs as www-data through this function <?php echo(exec("whoami")); ?> but I am having to chown between deploy and www-data every time I deploy. There has got to be an easier way to deploy with one user and still run as www-data.

EDIT: Here is the output from ls- l on the folder in question. You will see user deploy and group www-pub, the group is from an attempt to add the two different users to a new group and chown one of them in the hopes that they both would have the permissions (newb alert) 

drwxrwxr-x 4 deploy www-pub 4096 Mar  7 01:41 example.com

I am using capistrano for deployment under the user deploy then once its done i chown to www-data, otherwise I can't use php to manipulate files. I am also unsure how to even change which user apache is running.

kylemac
  • 101
  • 1
  • 1
    www-data, as a general rule, should not be the owner of files served by apache. Assuming I understand you correctly... You are uploading web content, and having to chown from deploy to www-data before apache will serve the data. A better solution is to change the permissions, world readable on files and world readable and executable on directories. I don't know how you're deploying or anything else, so I can't get more in detail, but I would be curious to have you confirm my guess and see the output of ls -l in the relevant directory. – Richard June Mar 07 '10 at 13:02
  • I've updated the original post with the info, hopefully this helps clarify my question – kylemac Mar 07 '10 at 16:42

2 Answers2

1

I read and re-read this a few times to see if I've got it right. It appears that ownership is broken down like this:

  • httpd process: www-data user
  • PHP scripts to serve: deploy user
  • Data written by PHP script: www-data user

My problem here, is I don't understand the dilemma. I think that this is just the way things should be.

If the web server could write to the directory where the PHP scripts are stored, you are just asking for someone to rewrite your application. The web server is traditionally only given read-execute permission to scripts.

Now, the last bullet is what I think is causing you pain. Do NOT try to write data files in and amongst program/application files. This is a bad programming practice. One time only, set up a directory that is writable by the www-data user. This too is fraught with peril as various sessions could overwrite one another, but you could create subdirectories with a cookie/tag and put your files there. Don't forget to clean up periodically if you choose the sub-directory method.

If I've missed the point, let me know. This seems to have sat in the Unanswered queue for a long time. If you've fixed it, "answer your own question" and close it. If this or another answer fixes it, mark it as solved.

zerolagtime
  • 1,428
  • 9
  • 10
0

It's rather normal to change permissions after a deployment. I write scripts for code deployment. What's your deployment method now?

Warner
  • 23,756
  • 2
  • 59
  • 69