88

I’m running a webserver and FTP server, wherein /var/www is bound to /home/user/www.

I set both directories to chmod 777 (which is fine since it’s for testing only).

I can upload files into /home/user/www, but whenever I create a new directory, I always have to run chmod 777 on that folder.

Otherwise, when I try to browse it, I get the error message

You don't have permission to access /test/ on this server.

Is there a way I could make all sub-folders inside /var/www be accessible by anyone? Or could their permissions be automatically set to 777? It’s annoying that I have to type chmod 777 every time.

jokerdino
  • 41,320
user1645034
  • 1,049
  • 2
  • 10
  • 11

6 Answers6

145

This is bad practice, but hopefully you are just using this for development, or you have another good reason. You can specify the permissions when you create a directory using the -m option:

mkdir -m 777 dirname

Or you can set the permissions recursively.

sudo chmod -R 777 /var/www

Before using either of these, really consider if you want your filesystem to be so accessible.

Edit: As mentioned by Rinzwind here is a better way of accomplishing what you want.

Check what group owns your /var/www directory and add your user to that group.

sudo adduser yourusername group

The group is probably www-data.

Then you will be OK with setting your permissions to 775.

jokerdino
  • 41,320
Dan
  • 6,753
  • 5
  • 26
  • 43
  • 4
    This does what you have asked for but please read this first Why should /var/www not have chmod 777. It is really not recommended practice. – Warren Hill Jun 03 '13 at 14:56
  • 11
    Please do not help people with a method that is bad practice. I would prefer if you explained how to do it: by adding his user to a group www-data or apache ;) – Rinzwind Jun 03 '13 at 15:03
  • 1
    This is a good answer. Even if you are right and people shouldn't give solutions that may be harmful, this answers perfectly what is asked in the question. We need to consider that the people want to do what they want to do. And in certain cases the people needs explicit and direct answers to their questions, not alternatives. I am for using safe procedures and not allowing 777 permissions on /var/www but it is not what is being asked here. – Geppettvs D'Constanzo Jun 03 '13 at 15:34
  • 5
    Education comes first. Helping people screw up their machine is not the Linux way. So I strongly disagree with you. – Rinzwind Jun 03 '13 at 15:39
  • Of course. The "Linux way" is to tell people "don't do what you wish". Thank you! :D – Geppettvs D'Constanzo Jun 03 '13 at 15:51
  • 4
    The asker did say this is only for testing. I can definitely understand wanting your development side to be easily accessible so you can work more quickly. I am going to give him the benefit of the doubt, that he is not foolish enough to do this with a production server. – Dan Jun 03 '13 at 16:18
  • 2
    @dan08 There are better ways to test, including using your home directory. See http://askubuntu.com/questions/46331/how-to-avoid-using-sudo-when-working-in-var-www/46371#46371 and http://kimbriggs.com/computers/computer-notes/linux-notes/apache2-public_html-virtual-directories.file . There are secure ways to accomplish these goals ;) – Panther Jun 03 '13 at 17:44
  • 2
    hi thanks for the concern. i do understand the risks involved in 777, it is a lab server where me and my buddy use it for alpha web devs, there will be no critical data. its just linux permissions are a pain at times. its just much easier to allow access to all, than create each group/user a permission when just the 2 of us uses it. anyway, thanks. – user1645034 Jun 04 '13 at 01:15
  • A guys dev server is his and his alone. It isn't anyone else's place to secure his stuff. Every comment and half the answer goes against the SO philosophy. – Matt Thompson Aug 04 '15 at 03:11
12

Files and directories in Unix may have three types of permissions: read (r), write (w), and execute (x). Each permission may be on or off for each of three categories of users: the file or directory owner; other people in the same group as the owner; and all others. To change the mode of a file, use the chmod command. The general form is chmod X@Y file1 file2 ...

chmod a-w file (removes all writing permissions)
chmod o+x file (sets execute permissions for other (public permissions))
chmod u=rx file        (Give the owner rx permissions, not w)
chmod go-rwx file      (Deny rwx permission for group, others)
chmod g+w file         (Give write permission to the group)
chmod a+x file1 file2  (Give execute permission to everybody)
chmod g+rx,o+x file    (OK to combine like this with a comma)

u = user that owns the file
g = group that owns the file
o = other (everyone else)
a = all (everybody)

r = read aces to the file
w = write access
x = execute (run) access
anonymous2
  • 4,298
Lokesh Kumar Bandi
  • 129
8
cd /var/www
find -type d ! -perm 777 -exec chmod 777 {} \;

for the ftp creating all files with different permissions, you might want to look for the umask of ftpd, how that daemon is started

Take a look to this site https://linuxaria.com/article/linux-shell-understanding-umask-with-examples

Jose Pla
  • 81
8

Public service announcement:

Don't ever use chmod 777 to fix problems

  • It's a security risk if you run any services available to the public, especially web applications (eg PHP).

    The OS's security model assumes that many services (such as your web server) run with reduced privileges, preventing them being able to modify files. Setting 777 on files breaks that secure design.

    A remote user could write to or upload files and then trick the server (or some other process on your system) into reading or executing them. Scripts or software may have flaws that allow this. It's very difficult to be sure you have locked down every single way this could happen if there are world-writable directories.

  • Used in certain system directories (/usr, /etc, /var, and so on), it can break your system in surprising ways.

    Some essential system files need special permissions such as setuid/setgid permissions in order to run. For example, sudo. Avoid changing any file permissions on directories and files set up by the system itself.

  • There's no way to undo it and get back all the old permissions.

    That is, if you had files and folders with various different permissions before, there's no way to go back to those specific permissions - only to change them all to the same thing, which may lose any specific permission settings that were needed on specific files.

  • There is always a more appropriate way of achieving what it is you want to achieve.

The default setup Ubuntu (and other OSes) use of running the web server as an unprivileged user and having the website files world-readable is a reasonable secure choice and in the interests of consistency, shouldn't be varied unless necessary. So, to ensure that the unprivileged server process can read your website files they will need to be world-readable.

Giving world-writable permission is way more than you need to do.

When tracking down why the web server process can't read your files, remember that not only do the files themselves need to be world-readable (eg, 644) their parent directories should be world-readable and traversable (eg, 755). Set your home directory to something like 755, or if you don't want your home directory world-readable, move your www dir outside your home into somewhere like /var/www or /srv).

Note about making files writable:

Occasionally, you need your web server to be able to write to certain files. To achieve this, make sure you only allow write permission on the specific files you want to give that permission for, and it's still better to use group ownership and group-write bit to give that permission that make them world-writable.

thomasrutter
  • 36,774
2

If you would like to copy permissions and or ownership from another file that you're satisfied with, you can do so using sudo chmod --reference=path/to/file/to/reference path/to/file/you/want/to/change/permission/to

And you can do the same thing for file ownership as well.

Amir Khalil
  • 81
1

This does not work to me.

sudo chmod -f 777 /path/to/your/file/or/directory

I have to use -f also.

sudo chmod -R -f 777 /path/to/your/file/or/directory
Janaka Pushpakumara
  • 201