Drace
Drace

Reputation: 699

Grant ubuntu access to www-data

I'm running Ubuntu and would like to be able to upload files using SSH to update the website code.

my ubuntu user ( id ubuntu )

root@****:/var/www# id ubuntu
uid=1000(ubuntu) gid=1000(ubuntu)     groups=1000(ubuntu),4(adm),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),33(www-data),44(video),46(plugdev),102(netdev)

My ubuntu groups (groups ubuntu)

root@****:/var/www# groups ubuntu
ubuntu : ubuntu adm dialout cdrom floppy sudo audio dip www-data video plugdev netdev

All the groups on my ubuntu server (more /etc/group)

    root@****:/var/www# more /etc/group
    root:x:0:
    daemon:x:1:
    bin:x:2:
    sys:x:3:
    adm:x:4:syslog,ubuntu
    tty:x:5:
    disk:x:6:
    lp:x:7:
    mail:x:8:
    news:x:9:
    uucp:x:10:
    man:x:12:
    proxy:x:13:
    kmem:x:15:
    dialout:x:20:ubuntu
    fax:x:21:
    voice:x:22:
    cdrom:x:24:ubuntu
    floppy:x:25:ubuntu
    tape:x:26:
    sudo:x:27:ubuntu
    audio:x:29:ubuntu
    dip:x:30:ubuntu
    www-data:x:33:ubuntu
    backup:x:34:
    operator:x:37:
    list:x:38:
    irc:x:39:
    src:x:40:
    gnats:x:41:
    shadow:x:42:
    utmp:x:43:
    video:x:44:ubuntu
    sasl:x:45:
    plugdev:x:46:ubuntu
    staff:x:50:
    games:x:60:
    users:x:100:
    nogroup:x:65534:
    libuuid:x:101:
    netdev:x:102:ubuntu
    crontab:x:103:
    syslog:x:104:
    fuse:x:105:
    messagebus:x:106:
    mlocate:x:107:
    ssh:x:108:
    landscape:x:109:
    admin:x:110:
    ubuntu:x:1000:
    mysql:x:111:
    ssl-cert:x:112:

Why am i unable to overwrite files in the /www/var/html folder as Ubuntu user?

EDIT

My Folder permissions for /var/www and /var/www/html are:

root@****:/var/www# ls -l
total 4
drwxrwxr-x 3 www-data www-data 4096 Oct 13 20:24 html
root@****:/var/www# cd html
root@****:/var/www/html# ls -l
total 4
drwxrwxr-x 9 www-data www-data 4096 Oct 13 20:24 somefolder

MOUNTED DRIVES (mount)

    root@****:/# mount
    /dev/xvda1 on / type ext4 (rw,discard)
    proc on /proc type proc (rw,noexec,nosuid,nodev)
    sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
    none on /sys/fs/cgroup type tmpfs (rw)
    none on /sys/fs/fuse/connections type fusectl (rw)
    none on /sys/kernel/debug type debugfs (rw)
    none on /sys/kernel/security type securityfs (rw)
    udev on /dev type devtmpfs (rw,mode=0755)
    devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
    tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
    none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
    none on /run/shm type tmpfs (rw,nosuid,nodev)
    none on /run/user type tmpfs (rw,noexec,nosuid,nodev,size=104857600,mode=0755)
    none on /sys/fs/pstore type pstore (rw)
    /dev/xvdb on /mnt type ext3 (rw)
    systemd on /sys/fs/cgroup/systemd type cgroup (rw,noexec,nosuid,nodev,none,name=systemd)

Upvotes: 3

Views: 3908

Answers (1)

kums
kums

Reputation: 2691

"Why am i unable to overwrite files in the /var/www/html folder as Ubuntu user?"

My understanding is that you are able to write files inside /var/www/html but you are unable to overwrite files written by other www-data group users (If you cannot overwrite the files/directories owned by you, that's a completely different problem).

You are allowed to write files inside /var/www/html for these reasons:

  • /var/www/html is owned by www-data user and is in the group www-data
  • You are a user of the www-data group
  • /var/www/html has write permissions for the group

By default, when you create a file/directory inside /var/www/html, you are the owner of the file and the group of the file is set to your primary group (ubuntu in your case). Others outside your primary group have no write permissions.

-rw-rw-r-- 1 ubuntu ubuntu 123 Oct 12 13:14 test.html

This policy is the same for all the users of www-data group and creates a problem of not allowing you to overwrite a file created by other members of www-data (unless they manually change the file group to www-data).

A solution to this problem, is to force every file/directory created inside /var/www/html to have www-data as the group. This is done using setgid

sudo chmod g+s /var/www/html

Make sure all the group users have write permissions for all the files/directories:

sudo chmod -R g+w /var/www/html

Setgid for already existing directories inside /var/www/html

sudo find /var/www/html -type d -exec chmod g+s {} +

Upvotes: 2

Related Questions