Linux Permissions And PHP - Groups

Question

Here's an aspect of Linux/PHP permissions that always trips me up and I don't understand how to fix it.

I need to allow my PHP script to update 'phone-guide.json' which is owned by 'user1'.

PHP is running as www-data on my web server.

<?php exec('whoami'); ?> // outputs 'www-data'

In etc/group, 'user1' is part of the 'www-data' group and vice-versa.

If 'www-data' is in the same group as 'user1', a PHP script running as 'www-data' should be able to update/change/modify the phone-guide.json file because it is also part of the 'user1' group with (rwx) group permissions... correct?

However, my PHP script can't update the phone-guide.json file until I change the ownership and group of phone-guide.json to www-data:www-data ... then everything works.

I though the whole purpose of 775 (rwxrwxr-x) permissions was to let any user who is part of the same group to read/write/execute the file (rwx).

Answer 1

In Linux files belong to a user and a group. By default your files belong to your username and your username is also the group that it belongs to. Now, just because two users belong to the same group does not give user1 permission to read, write, or modify user2's files. Now if the file belongs to the group any member of the group can modify the files.

For example,

• foo.txt belongs to user user1 and group user1
• user1 belongs to group bar
• user2 belongs to group bar
• user2 does not have the appropriate group permisions to modify foo.txt

Now, another example:

• foo.txt belongs to user user1 and group bar
• user1 belongs to group bar
• user2 belongs to group bar
• both user1 and user2 can perform any action allowed by the group permissions

So for www-data to be able to update the phone-guide.json file, phone-guide.json must belong to the www-data group. To do this, do what @Marek suggested chgrp www-data phone-guide.json.

Answer 2

You need to change the group of phone-guide.json to www-data:

chgrp www-data phone-guide.json