1

I want anyone in group www-data to have write access to /var/www. For example, if 'a' and 'b' are in group www-data and 'a' creates a file in /var/www - then 'b' will be able to edit it.

The problem is that I create files that PHP and Apache can't edit - and they create files I can't edit without sudo. Both PHP and myself are in www-data group.

I changed the umask setting /etc/profile from umask 022 to umask 002. Is this a safe and proper way to handle this?

Update: Even after changing /etc/profile and restarting the computer PHP still creates files with permission -rw-r--r--.

Xeoncross
  • 4,449
  • 12
  • 43
  • 56

1 Answers1

2

The apache startup script resets everything when apache is started on Debian/Ubuntu. On a Debian/Ubuntu system you should update your umask by adding your umask command to /etc/apache2/envvars. You may also need to change the permissions on the directories under /var/www to 2775. This will force new files that are created to be owned by the group that owns the directory instead of the default group for that user.

Zoredache
  • 130,897
  • 41
  • 276
  • 420
  • So would the command be `chmod -R 2775 /var/www`? – Xeoncross Mar 21 '10 at 23:32
  • No: that would do the same to files as well as directories - a bad idea. Try: `find /var/www -type d -print0 | xargs -0 chmod 2775`; that only changes directories and deals with funny characters (blanks etc) in file names. – Jonathan Leffler Mar 22 '10 at 01:02
  • oops, I already ran it. xD – Xeoncross Mar 22 '10 at 02:10
  • @Xeoncross: then I recommend running something like: `find /var/www -type f -print0 | xargs chmod 664`. Most of the files under there should not be executable - possibly all (it depends where your cgi-bin directory is, for example). – Jonathan Leffler Mar 22 '10 at 02:52