Give permission to folder and subfolders to multiple users with ability to overwrite files

Question

I know the question is pretty common, but I not seems to find good answer.

Setup is following - there is webserver and there is a folder where Apache (user www-data) create directories and upload / delete files.

The webmaster may decide to add or delete some files.

Most hosting setups uses same user for both Apache and webmaster.

I was able to do it inside the folder itself by setting chmod 770 and making a group that include both users, but I was not able to do it for subfolders.

I also want to avoid using of umask.

As @MichaelHampton said, take a look at ACLs. For example, https://unix.stackexchange.com/questions/1314/how-to-set-default-file-permissions-for-all-folders-files-in-a-directory — JucaPirama, Apr 17 '19 at 15:34

score 0 · Answer 1 · answered Apr 17 '19 at 15:11

Try with this:

Enter into the root folder of the code

cd /var/www/html/

And try this for files:

sudo find -type f -exec chmod 664 {} \;

And for directories:

sudo find -type d -exec chmod 775 {} \;

And for the owner you can try a

sudo chown www-data:www-data -R /var/www/html

This find every folder and file and change the permissions for what you want, regards!

score 0 · Answer 2 · answered Apr 17 '19 at 15:12

I would use 664 (rw-rw-r--) instead of 770 (rwxrwx---) for files (default is (rw-r--r--), so files can be read by everyone and execution bit is not set.

For directories (where default is rwxr-xr-x) you need the execution bit to enter the directory and access files.

With setgid newly created files automatically belong to the group of the directory (and not to the default group of the user who created the file), so other users of the same group can modify them.

If your directory is /var/www/html and your group with write permission is www-data, this is all you need:

Change directories to 2775 (rwxrwsr-x) with setgid set.
```
find /var/www/html -type d -exec chmod 2775 {} +
```
Only set setgid on directories (if the other permissions are already correct)
```
find /var/www/html -type d -exec chmod g+s {} +
```

Change files to 664 (rw-rw-r--)

find /var/www/html -type f -exec chmod -v 664 {} +

Change group recursively to www-data
```
chgrp -R www-data /var/www/html
```
Or change user and group recursively to www-data
```
chown -R www-data:www-data /var/www/html
```

You can add the verbose -v option to the above commands to see what was changed.

Add user username to group www-data
```
usermod -a -G www-data username
```

Give permission to folder and subfolders to multiple users with ability to overwrite files

2 Answers2