5

I have a web server directory located at /var/www/web. Inside one of the files, let's say create_dir.php, I'm creating a directory with mkdir(). I'm getting the following message.

Warning: mkdir(): Permission denied in /var/www/web/create_dir.php on line 122

Now, I can run this file when I am the owner of the file, or directory. But, when I am not the owner, I cannot edit the files inside PhpStorm.

My user is called josh and the apache2 user is the default, www-data.

I essentially need to make a group, or a special/magic user that will allow me to run and edit the files whenever.

Note: I have looked at this superuser answer and it did not work for me. I ran this command to create the group: 

sudo groupadd website

I ran these commands to add the users:

sudo usermod -a -G website josh
sudo usermod -a -G website www-data

I ran this command to add it to the web folder:

sudo chgrp -R website /var/www/web

I ran this command and once I reloaded my website, I got a Forbidden error message.

sudo chmod -R 770 /var/www/web

So I ran this command to be able to view the webpage:

sudo chmod -R 775 /var/www/web

And now I'm back to square one.

Any help is appreciated.

terdon
  • 100,812
Josh Murray
  • 211
  • Thanks for the edit. We now also need to see the output of ls -ld /var/www/web to make sure the ownership is what you'd expect. Also, have you restarted apache2 since making the change? Changes to group permissions only take effect when a user logs in again. – terdon Nov 10 '17 at 14:32
  • @terdon: Restarting apache2 with systemctl restart apache2 works. Thank you. – Josh Murray Nov 10 '17 at 14:39
  • 1
    About your question; try not to make the XY mistake again: https://meta.stackexchange.com/questions/66377/what-is-the-xy-problem – Artyom Nov 10 '17 at 15:08
  • @JoshMurray you're welcome. Could you please post a quick answer with the command you used to restart and accept it, just so everything can be nice and orderly? – terdon Nov 10 '17 at 15:13
  • 1
    Always try the Ubuntu documentation first - https://askubuntu.com/questions/46331/how-to-avoid-using-sudo-when-working-in-var-www . There is no need to add a group "website", use the existing group , www-data . Make all users a member of www-data. Then set the gid on the /var/www/html - sudo chmod g+s /var/www/html . – Panther Nov 10 '17 at 15:21
  • See also https://www.tecmint.com/create-a-shared-directory-in-linux/ . If you need finer grained control, use ACL - https://help.ubuntu.com/community/FilePermissionsACLs – Panther Nov 10 '17 at 15:22

1 Answers1

5

Shared directories in Linux can be confusing due to ownership and permissions.

For this specific directory, /var/www/html/ there is already an answer here

How to avoid using sudo when working in /var/www?

So make both users a member of www-data. IMHO no need to make a new group.

To manage permissions and file ownership, set the group and setGID 

sudo chgrp -R www-data /var/www/html
sudo chmod 2770 /var/www/html

For details see https://www.gnu.org/software/coreutils/manual/html_node/Directory-Setuid-and-Setgid.html

... if a directory’s set-group-ID bit is set, newly created subfiles inherit the same group as the directory ...

Restart your shell or log out and back in for membership to take effect.

If you need finer grain of control you can use ACL, but that is probably overkill.

For additional information on ACL see https://help.ubuntu.com/community/FilePermissionsACLs and http://brunogirin.blogspot.com/2010/03/shared-folders-in-ubuntu-with-setgid.html

That second link specifically addresses this exact question, how to share /var/www/html, using setGID and ACL.

Panther
  • 102,067