Mark
Mark

Reputation: 55

Linux permissions/owner for nginx's root folder with PHP-FPM

My nginx's root folder /usr/share/nginx/html is owned by root:root but I need to add/edit/delete files with my user mark. Also, I'm using PHP with fastcgi (php-fpm) and I need to upload file in a specific directory /usr/share/nginx/html/userfiles. My current configuration is like following:

sudo groupadd webdev;
sudo usermod -a -G webdev mark;
sudo chown root:webdev /usr/share/nginx/html;
sudo chmod 2775 /usr/share/nginx/html -R;
sudo chgrp -R www-data /usr/share/nginx/html/userfiles;

I found out some problems about uploaded files (they are created in /usr/share/nginx/html/userfiles correctly, but my user mark can't open/edit/delete these files). How can I solve it? Any suggestions for a better configuration?

Upvotes: 3

Views: 5202

Answers (1)

meuh
meuh

Reputation: 12255

You are right in sharing access to files by having a common group, but the files and directories you create must belong to the group and also be read/write to the group.

Files created by PHP I assume will be in group www-data, but will probably not have group write permission unless you change the umask in /etc/init/php-fpm.conf. Add a line:

umask 0002

If your id has www-data amongst its groups, you will be able to edit the file.

If you create a file, it will not be in group www-data, but probably your own group mark. So if you want PHP i.e. www-data to be able to edit that file you need, by symmetry, to usermod -a -G mark www-data, and ensure when you create files that they are read/write to the group (umask 2 and check or chmod g+w).

Ensure the directory userfiles is rwx to the group www-data, or chmod g+rwx it.

Upvotes: 2

Related Questions