1

I managed to change DocumentRoot directory form /var/www to /home/user/www and working fine except the problem that I can not copy/paste or even delete any file without root access.

Since I use SASS compiler software in which some files are compiled and outputted within the project directory. It is no more output any files and give permission denied.

I need help making all DocumentRoot sub folders and files have full permission without root access.

mikewhatever
  • 32,638
  • Just so you know ive updated my answer with umask info added and a little extra tip for the chmod command. Hope this helps as it might save you asking further questions when apache makes files. – CodingInTheUK Feb 15 '16 at 11:12

2 Answers2

0

You can change owners of folders and files with chown.

sudo chown $USER:$USER path/to/fileorfolder

After that make sure you don't create new files and folders as root in that folder, because then the new files and folders will be owned by root again.

mkdrive2
  • 206
  • 1
  • 8
  • There should be a way to auto apply chown to all newly created files or folders like the way used by cPanel ;) –  Feb 13 '16 at 15:44
  • @IhabAbdel-Rahim You mean, new files created in that folder are owned by root, even if you create them as a normal user? – mkdrive2 Feb 13 '16 at 15:48
  • Yeah, That what I meant to be. At least easily create, save files I code through IDE software. –  Feb 13 '16 at 15:51
  • @IhabAbdel-Rahim: What happens if you create files using the command line touch /home/user/www/somefile as a normal user? Is somefile owned by root then? Did you maybe start your IDE software with root rights? – mkdrive2 Feb 13 '16 at 15:59
  • Newly created files are Ok, Past files that had owners changed using chown is currently the ones having permission denied for any changes. –  Feb 13 '16 at 16:13
  • @IhabAbdel-Rahim: What happens if you do chmod 664 path/to/fileorfolder, too? (664 = rw for owner, rw for group, r for others) – mkdrive2 Feb 13 '16 at 16:33
  • Its a really bad idea to have regular users able to create a file that is owned by another. Consider the implications, a users account gets breached, they can't do much because that user has no administrative privileges. But, they can write to a folder and its automatically owned by root. Now that file is a bash script that grants them privileges, they now have full control of the server. – CodingInTheUK Aug 23 '21 at 18:32
0
sudo su

Assuming you have su permission, if not all the following commands should be prepended with sudo

add yourself to the server users group

adduser user:www-data (could be another user group)

Change ownership of all files in the document root to ensure server can manage them

chown www-data:www-data -R /path/to/directory

As a side note the chown can be run with your-user:www-data which would mean you own the files but the webserver can still access them. (you will definitely want umask if you do this, otherwise you may be changing ownership and permissions frequently as the web server will own the files it creates).

make all files read and write including the directory (possible security implications with chmod and -R recursive flag so use it cautiously)

chmod g+rw -R /path/to/directory

Now if the files are created by the webserver itself they usually only have write access to the owner and read to the group. To resolve that matter you will need to look into umask as mentioned above and get directions as to where to set the umask and the correct setting your for your specific application.

For apache 2 (ive used nano as i find it the easiest editor in terminal).

nano /etc/apache2/envvars

add to end of file: umask 002
save the file.

service apache2 restart

This was found here: https://stackoverflow.com/questions/428416/setting-the-umask-of-the-apache-user and should probably be the accepted answer submitted by patrick fisher

Community
  • 1
CodingInTheUK
  • 146