1

I've got a Debian 8 server running where /var/www is owned by www-data and has the permissions drwxr-xr-x for both, files and subdirectories.

Since I need to upload files via SFTP (public/private key authentication; password and non-encrypted FTP is blocked) I thought it should be no problem to add my user account to the group www-data. Thus, I exectued:

sudo usermod --append --groups www-data my-user

I already logged out of the current SSH session in order to trigger a reload of the permissions. id my-user now shows:

uid=1000(my-user) gid=1000(my-user) groups=1000(my-user),33(www-data)

However, I am still unable to write data via SFTP in /var/www. Even a simple touch test.txt directly via SSH fails with Permission denied.

I thought rwx is read, write and execute. Obviously my understanding of the directory/file permissions is incomplete. Can someone help?

daniel451
  • 113
  • 1
  • 4
  • 1
    The first `rwx` on your current permissions, are the users own permissions, not the group. The group permissions are `r-x` (the next three characters). Your confusion lies in that the user and group have the same name. The user `www-data` and the group `www-data` are not the same thing. – Unbeliever Oct 14 '16 at 10:59

2 Answers2

2

You state the permissions for /var/www are drwxr-xr-x which is rwx for owner only. Group has r-x which means even though you added yourself to the www-data group, the directory does not allow the group write permission to /var/www.

chmod g+w /var/www to allow your account to be able to add files to /var/www.

If there are any subdirectories beneath /var/www, you will want to do the same chmod command if you need to be able to write to those directories ever.

Also consider setting the group sticky bit so all files created in /var/www will have www-data as the group.

chmod g+s /var/www

Again, for any subdirectories underneath /var/www, you will want to add this as well.

MikeA
  • 362
  • 2
  • 5
  • Ok. So is it safe to do `chmod -R g+s+w /var/www` to do it all in once? – daniel451 Oct 13 '16 at 20:10
  • Yes, but correct syntax is `chmod -R g+sw /var/www` – MikeA Oct 13 '16 at 20:10
  • 1
    Actually, the sticky bit really only applies to directories. Maybe `find /var/www -type d -exec chmod g+sw {} \;` That will find the directories and change the permissions. – MikeA Oct 13 '16 at 20:13
  • One more quick question: it is enough that any created file/directory in /var/www always has `www-data` as the group?! So, it is irrelevant that the user will be `my-user` when I create files there?! – daniel451 Oct 13 '16 at 20:21
  • Any files in /var/www need to be _readable_ by either the owner or group owner of your web server which seems to be `www-data` in your case. So yes, it will be irrelevant that `my-user` owns files you put in /var/www as long as the group is `www-data` or the files permissions include `o+r`. – MikeA Oct 13 '16 at 20:55
1

You said permissions is drwxr-xr-x, so 755, and you added yourself to www-data group, so you need, 775, that is drwxrwxr-x.

Daniel Ferradal
  • 2,415
  • 1
  • 8
  • 13
  • Thank you very much! Just read this http://www.computerhope.com/unix/uchmod.htm to understand what these numbers are. Really nice shortcut for setting permissions :) – daniel451 Oct 13 '16 at 20:23