1

I'm reasonably inexperienced with Linux/Ubuntu and struggling with what I thought would be a fairly simple permissions question. I'm running into problems where log files are being created as two different users, which can cause writing issues depending on which user wrote to it first, even though they are in the same group.

Users: server user belongs to the www-data group www-data user also belongs to the www-data group

When the log file is created, it has permissions of 644 (-rw-r--r--). So the user can write to it, but the group cannot.

So what happens is server will write to it first, but then www-data cannot, or vice versa.

In Ubuntu, is there any way to:

  • Give two users full write access to a folder overriding the file permissions?
  • Change the permissions when default files are created in a folder?

Details:

  • Ubuntu 16.04.2 LTS
  • It's a PHP/Laravel application running under Apache. But there are also command line tools, cron jobs, etc. that all end up writing to the log file once they call into the Laravel infrastructure. So it seems to be random chance on which one writes to the file first.
  • I did see this post (How can I set the default permissions for files uploaded by apache2?) about using umask, but I hope that isn't the only solution. I don't want to change how everything is created in Apache just for the log files. Feels like using a hammer to kill an ant.
Randar Puust
  • 123
  • 5

2 Answers2

0

One possible solution is:

  1. Create new group
  2. Add both users to the group and make it primary for those users
  3. Change umask to 002 so the file created will have permissions like 664
  4. Make permission of folder like 775 or 770
Romeo Ninov
  • 5,263
  • 4
  • 20
  • 26
  • Thanks for the help. - Both users (service and www-data) already have the same primary group of www-data - I did a umask in the log folder and got 0002 back - When I do a stat -c "%a %n" on the directory, I get 2775 back So as far as I can tell, this is already done. But, I'm still having the same problem. The second user fails to write to the log. – Randar Puust Mar 10 '17 at 15:53
  • Did you restart the web server to get new umask in charge? – Romeo Ninov Mar 11 '17 at 08:47
0

So my problem has been fixed...although I'm not completely sure what fixed it. Files are now being created with both the user and group having write permission which sounds like umask. I think the solution was to set the ACLs on the file using:

sudo setfacl -d -m group:www-data:rw /var/www/application/storage/logs
Randar Puust
  • 123
  • 5