7

I have a web server and I'm uploading files using an FTP client. Because of that the owner and the group of the file are taken from the user used during the upload.

Now I have to make this file writable by the web server (apache/apache).

One way would be to just change the owner and the group of the uploaded file to apache/apache, but that way I cannot modify the file using the FTP account. Another way would be to give the file 777 permissions.

Both approaches seem not very professional and a little bit risky. Are there any other options? In Windows I can just add another user to the file. Can something similar done with Linux?

Daniel Rikowski
  • 758
  • 4
  • 10
  • 19

3 Answers3

15

You can change the group of the files:

groupadd webusers
usermod -aG webusers the_user_name
chgrp -R webusers the_directory
chmod g+s the_directory

If this is a RedHat based distribution you can use setfacl to do this without a group and set it to happen by default:

setfacl -R -m user:the_username:rwx directory_name
setfacl -d -R -m user:the_username:rwx directory_name
recluze
  • 365
  • 8
  • 18
James L
  • 6,025
  • 1
  • 22
  • 26
2

Allowing a group of users to maintain a set of files is one thing: you just set add them to a common group and set the ownership of the existing files and directories to that group, then set the sticky group bit on any directories (subsequently files should be added as writeable by the group by default).

Now I have to make this file writable by the web server

You need to be very careful and very selective about what files you make writeable by the webserver to avoid code injection issues - do NOT add the webserver uid to the user group defined above - keep these files completely separate from the other content on the website (i.e. in a seperate directory with all cgi / php etc disabled), preferably outside the document root completely. Most FTP servers allow you to set the upload permissions (0666 for files, 0777 for directories) and/or set the other sticky bit on directories.

C.

symcbean
  • 21,009
  • 1
  • 31
  • 52
0

for setfacl to work, the partition has to be mounted with 'acl' option

Abhishek A
  • 429
  • 5
  • 12
  • This isn't an answer to DR's question, it's a comment to James Lawrie's answer. Please use comments in cases like these. – Patrick R Aug 09 '10 at 19:35
  • 2
    @Patrick R - yes that's true, but I didn't find any option to put comment since my reputation is less than 50. so I can put comment only on my questions and answers... – Abhishek A Aug 11 '10 at 14:12
  • okay, I helped you out a bit (ie you asked a good question so I gave you an up vote). But really, save your comments for when you can comment. The answers are, well, for answers. – Patrick R Aug 11 '10 at 17:48