CODEWITHSUNDEEP
phpapacheubuntuweb-deployment
D.J.
D.J.

Reputation: 1215

Owner of the uploaded files Apache web server

I'm having trouble handling the uploaded files on my web server.

First the file is uploaded to the temp server by user "daemon" then I copy the file to www/myapp/files folder by the "www-data" user. Everything works fine, I can read and write to the file, but when I try to delete the file I get an error. Because I'm trying to delete the file as www-data user (php script), but the owner of the file is daemon user.

My question is how can I fix this?

I'm not looking for any chmod or chown solutions, I prefer the solution to be through Apache or some other configuration files.

EDIT: As requested file permissions: -rw-r--r-- 1 daemon daemon 41638 Jan 19 08:59 FILE

The parent folder has 0777 permissions

Upvotes: 0

Views: 3708

Answers (2)

AD7six
AD7six

Reputation: 66170

Avoid assumptions

Everything works fine, I can read and write to the file

This indicates that the file permissions themselves, and ownership, permit current usage. If as you say apache is running as www-data, it directly contradicts this:

As requested file permissions: -rw-r--r-- 1 daemon daemon 41638 Jan 19 08:59 FILE

Which would mean the file is not writable to www-data.

Because I'm trying to delete the file as www-data user (php script), but the owner of the file is daemon user.

The above statement is not true - ownership of a file does not affect who can delete it.

I'm not looking for any chmod or chown solutions, I prefer the solution to be through Apache or some other configuration files.

How about not ruling out solutions until you have a choice =)?

Deleting a file uses directory permissions, not file permissions

This is easily verifiable:

-> pwd
/tmp/so
-> whoami
www-data
-> ls -la
total 8
dr-xr-xr-x 2 www-data www-data 4096 Feb 18 14:34 .
drwxrwxrwt 8 root     root     4096 Feb 18 14:36 ..
-rw-rw-r-- 1 www-data www-data    0 Feb 18 14:34 a-file
-> rm a-file 
rm: cannot remove `a-file': Permission denied

note there is no write permissions to the folder /tmp/so - it's the only permission that matters. Here's another existing answer as a supportive reference.

So given that, the only solution is to ensure that the user attempting to delete a-file has write permission to the containing folder, which means for example:

# assuming daemon is the owner
chmod 7x7 www/myapp/files 
        ^ www-data is not the owner or in the group daemon - so world perms apply

Or

chown www-data:www-data www/myapp/files
chmod 7x7 www/myapp/files 
        ^ daemon needs write permission to the folder too

Or

chown www-data:sharedgroup www/myapp/files
chmod 77x www/myapp/files 
       ^ daemon now reads the group perm, www-data is the owner

(With the upload process running as daemon:sharedgroup)

The above are one-time-only commands that need running; after which there is no need to modify the permissions for any file or folder to permit both www-data and daemon to manipulate files in www/myapp/files.

Upvotes: 1

Denis Shimanovich
Denis Shimanovich

Reputation: 11

You can add both users to one group like this:

usermod -a -G groupName userName

And then set up r\w permissions for that group

Upvotes: 1

Related Questions