1

I have a directory of files and folders that are added and removed and the permissions that I had set keep changing. How can I permanently keep the permissions on a specific path so that no matter what happens in its folders all files and folders inside that folder will recursively follow the permissions set.

The permissions I had set is the following:

sudo chmod 755 -R /var/www/uploads
sudo chown www-data:www-data -R /var/www/uploads

I'm not sure what user group is used by php/apache when I write the code to delete the files and I'm guessing that would be why it cant do it.

Exploit
  • 165
  • 1
  • 5
  • I don't think Unix has a way to force recursive permission assignment like this. – Barmar Jun 26 '15 at 20:27
  • makes no sense though cause i can do this via terminal but when i try with phps exec function it wont work. – Exploit Jun 26 '15 at 20:44
  • I don't understand. These commands only change the permissions one time, they don't affect new files that you create. – Barmar Jun 26 '15 at 20:47
  • Does the `www-data` user have permission to use `sudo`? If not, it won't be able to execute those commands. – Barmar Jun 26 '15 at 20:48
  • what i did was set the permission then upload a few files via ftp to see if the unlink() function would work and it threw permission errors at me. – Exploit Jun 26 '15 at 20:48
  • What are the permissions changing to? – Barmar Jun 26 '15 at 20:49
  • the files are getting removed but not the directories. the directory permissions are being set to 755 (as i had set) and the user group being set to root. – Exploit Jun 26 '15 at 20:53
  • is that because i uploaded the files as the user root? – Exploit Jun 26 '15 at 20:53

3 Answers3

0

Have you looked into using the umask command to set the permissions mask on the directory? There is a great explanation of the umask and how it works on Linux. I believe that correctly using umask and chmod should resolve the issue.

Matt
  • 2,751
  • 1
  • 14
  • 20
0

You can try to use ACLs see here. Specially the Default ACL:

"Directories can be equipped with a special kind of ACL -- a default ACL. The default ACL defines the access permissions all objects under this directory inherit when they are created. A default ACL affects subdirectories as well as files."

Stone
  • 7,011
  • 1
  • 21
  • 33
0

You're fighting with the system here. You may find an obscure way to prevent permissions changes from working, but that will likely lead to errors of various sorts, some of which may be fatal. It may also lead apps intended security measures to be incorrectly set up.

You should switch focus to why the permissions are getting mucked up. The main tools you'll need to focus on are the umask settings of your web server processes and your users, and depending on the permissions schema you use, you might make use of the directory sticky bit (ie chmod g+s). The directory sticky bit causes new files and folders to inherit the group of the parent directory if the user creating the directory is in that group.

Without more details about your expected permissions schema, and the unexpected changes, it's hard to say much more.

Note though that you probably don't want to make your files chmod 755. They'll more likely want to be set to 644. e.g.

find /var/www/uploads -type d -print0 | xargs -0 chmod 2755
find /var/www/uploads -type f -print0 | xargs -0 chmod 644
mc0e
  • 5,866
  • 18
  • 31