unable to set constant permissions for web files

Question

I have set up 4 websites inside the /var/www/html/ folder.

hbf-server
hbf
tf
2e

The account I use to access the server is through my account harleyfrank.

Now the permissions are root:www-data with 755 and supposed to be recursive. However, when uploading data from my account harleyfrank, it just sets permits for me, and I get an apache error because of the permissions.

I followed these websites:

But the weird thing is that it is applying harleyfrank:www-data with read-write permissions only to harleyfrank. I am not sure how to get it fixed.

Update 1-15-2018

Following George's answer, I tried to do a global set sudo setfacl -d -R -m u:root:rwx,g:www-data:rw,o::r /var/www/html however, it's not applying the permissions. It is still only using my username when uploading files.

Here is what the permissions are set by the ACL:

getfacl: Removing leading '/' from absolute path names
# file: var/www/html
# owner: root
# group: www-data
user::rwx
group::rwx
other::r-x
default:user::rwx
default:user:root:rwx
default:group::r-x
default:group:www-data:rw-
default:mask::rwx
default:other::r--

In one of the web folders I did ls -la and here are the results.

drwxrwxr-x+ 3 root        www-data    4096 Jan 15 19:52 .
drwxrwxr-x+ 6 root        www-data    4096 Jan 12 21:35 ..
-rwxrwxr-x  1 root        www-data     169 Jan 12 22:05 index.html
drwxrwxr-x+ 9 root        www-data    4096 Jan 12 23:16 projects
-rw-rw-r--+ 1 harleyfrank harleyfrank  871 Jan 15 19:52 test_results.txt

I uploaded test_results.txt, and it is not reading within apache as it says I do not have permissions to view the file. However, it shows read permissions in the other's group. Maybe apache2 is running everything with www-data?

You will need to use setfacl to set the permission and ownership permanently — George Udosen, Jan 13 '18 at 23:32
I did this on every folder. For user group and other. sudo setfacl -d -m o::rwx -R /var/www/html/2e — Harley Frank, Jan 13 '18 at 23:39
Please see my updates to that command and be more explicit in your request. I have updated it so your the owner and the group is www-data. — George Udosen, Jan 16 '18 at 04:58

George Udosen · Accepted Answer · 2018-01-16T04:57:21.920

1

To fix it use the setfacl comamnd to set the permissions and default owners:

sudo setfacl -d -R -m u:harleyfrank:rwX,g:www-data:rwX,o::r /var/www/html

Info:

-d: set as default so new folders will inherit it automatically
-R: recursive
-m: modify existing permissions and ownerships
u:harleyfrank:rwX: give user root rwx on the folders and files
g:www-data:rwX: give user www-data rwX on the folders
o::r: give others read rights on folders

edited Jan 16 '18 at 04:57

answered Jan 13 '18 at 23:45

George Udosen

36,677

this will overwrite the chown command i did earlier right on all folders? – Harley Frank Jan 13 '18 at 23:48
Yes it will, so modify to get what you want! – George Udosen Jan 13 '18 at 23:48
Thanks for the assistance. How do I remove the setfacl's on the others because in 2e it's still assigning to me and only doing rw. I checked the others and its doing harleyfrank:harleyfrank with read only. Do I have to delete the others and start fresh? – Harley Frank Jan 14 '18 at 00:08
what do you want others to be like? – George Udosen Jan 14 '18 at 00:13
I don't mean others like the others group, I was talking about the other folders, if I needed to remove the setfacl I assigned to them in the beginning. I also re-applied that same command and now it is applying the rwx-rw-r but still only for harleyfrank:harleyfrank. Shouldn't it switch to root:www-data? – Harley Frank Jan 14 '18 at 00:15
do sudo setfacl -x u:root,g:www-data on other folders. Run getfacl on the other folders and you will see the default owner and group by which those will run – George Udosen Jan 14 '18 at 00:24
I have been uploading files and its not applying the permissions automatically. I have to chown and chmod in order to view them. Is there another way to effectively do this? – Harley Frank Jan 16 '18 at 00:55
Are you targetting the /var/www/html folder or another folder in there, and again what user and groups do you need to own those files? Once you set the default owners and permissions that will always be added. This is how I use it on my system the /var/www/html folders – George Udosen Jan 16 '18 at 04:26
Yes I have used this command sudo setfacl -d -R -m u:root:rwx,g:www-data:rw,o::r /var/www/html on the whole HTML folder. I have also used sudo chown -R root:www-data /var/www/html and sudo chmod 775 -R /var/www/html and every new file I upload is owned by me with permissions only to me. When I try to view it online I get a permissions error. It should be root:www-data and with read-write permissions. I always had a control panel do this for me, but I am trying to learn how to do this myself. – Harley Frank Jan 16 '18 at 04:42
I still don't understand you is root the intended owner, or your user? – George Udosen Jan 16 '18 at 04:44
The root account is disabled by default. I don't access the root by any means. I use my account harleyfrank to access the server. That's how I ssh and sftp in as well. Everything I do is that account. I am security paranoid so I try to lock down everything I can. I do apologize for the confusion. – Harley Frank Jan 16 '18 at 04:48
So simply change the command to sudo setfacl -d -R -m u:harleyfrank:rwX,g:www-data:rwX,o::r /var/www/html to get to do what you want and the other command I saw you use should be sudo chown -R harleyfrank:www-data /var/www/html. This sudo chmod 775 -R /var/www/html command contradicts what you set in the first command to get 775 in the first command do sudo setfacl -d -R -m u:harleyfrank:rwX,g:www-data:rwX,o::r /var/www/html. Please pay attention to the numbers. What I gave you is a template for how it might be you need to adjust it to what you want. I will update the answer now – George Udosen Jan 16 '18 at 04:54

unable to set constant permissions for web files

1 Answers1